test your medium trust config

Discussion in 'Knowledge Base' started by Stephen, Jul 31, 2006.

  1. geezer

    geezer Guppy

    need some help with a .net 2 secure email script that i've got. i get this message

    Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.KeyContainerPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.


    here is the code i'm running.

    Code:
    private void SendSecureEmailTest(string senderEmail, string senderName, string recipientEmail, string recipientName, string subject, string body, string host)
        {
            //get cert
                    X509Certificate2 cert = new X509Certificate2("D:\\hshome\\munch\\tigerfish.com.au\\ssl\\tigerderx509.cer");
                   CmsRecipient cmsRecipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert);
    
            //get bytes
            UTF8Encoding encoding = new UTF8Encoding();
            byte[] msgBytes = encoding.GetBytes(body);
    
            //encrpyte
            ContentInfo contentInfo = new ContentInfo(msgBytes);
            EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo);
            envelopedCms.Encrypt(cmsRecipient);
            byte[] encodedMsgBytes = envelopedCms.Encode();
    
            //send 
            using (MemoryStream contentStream = new MemoryStream(encodedMsgBytes))
            {
                AlternateView encryptedBody = new AlternateView(contentStream, "application/x-pkcs7-mime;smime-type=enveloped-data;name=smime.p7m;");
                encryptedBody.TransferEncoding = TransferEncoding.Base64;
    
                using (MailMessage message = new MailMessage(new MailAddress(senderEmail, senderName, Encoding.UTF8), new MailAddress(recipientEmail, recipientName, Encoding.UTF8)))
                {
                    message.Subject = subject;
                    message.BodyEncoding = Encoding.UTF8;
                    message.SubjectEncoding = Encoding.UTF8;
                    message.AlternateViews.Add(encryptedBody);
                    message.Headers.Add("content-disposition", "attachment;filename=\"smime.p7m\"");
    
                    SmtpClient client = new SmtpClient(host);
                    client.Send(message);
    
                   
                }
            }
    
        }

    please help
  2. SubSpace

    SubSpace Bass

    If you want the ability to develop both full trust and medium (JodoHost compatible) applications, you could do the following:

    Machine level web.config:
    Code:
    <location allowOverride="true">
        <system.web>
            <securityPolicy>
                <trustLevel name="Full" policyFile="internal" />
                <trustLevel name="High" policyFile="web_hightrust.config" />
                <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
                <trustLevel name="Low"  policyFile="web_lowtrust.config" />
                <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
                <trustLevel name="JodoHost" policyFile="jodohost.config" />
            </securityPolicy>
            <trust level="Full" originUrl="" />
        </system.web>
    </location>
    Instead of overriding the current Medium trust I define a new one. I leave standard trust on full and still allow override.

    In my JodoHost targeted App's Web.config I do the following:
    Code:
    <configuration>
    	<system.web>
    		<trust level="JodoHost" originUrl=""/>
    	</system.web>
    </configuration>
    If you really don't want to edit the machine level config you could do it all at the application level, but jodohost.config would have to be in the same directory:
    Code:
    <configuration>
    	<system.web>
    		<securityPolicy>
    			<trustLevel name="JodoHost" policyFile="jodohost.config" />
    		</securityPolicy>
    		<trust level="JodoHost" originUrl=""/>
    	</system.web>
    </configuration>
    [​IMG] jodohost.zip
  3. Penhall

    Penhall Perch

    Think the zip file is el corrupto... can't DL or Open
  4. Stephen

    Stephen US Operations Staff Member

    yes it is :( vB and its magic corruption. happened on new and old server.
  5. SubSpace

    SubSpace Bass

    Meh... fixed :p
  6. 4u2ges

    4u2ges Perch

    I assume using System.Security.Cryptography.X509Certificate2 is out of the question at shared servers. It does require a patch http://support.microsoft.com/kb/915980/en-us or a FullTrust.

    That’s unfortunate. I was hopping to integrate an encrypted forms generator for PayPal shopping cart but could not make it work here. :( Wonder if anyone tried that at all at Jodo shared servers…
  7. Stephen

    Stephen US Operations Staff Member

    I will try to give a call to MS by monday to get this hotfix.
  8. 4u2ges

    4u2ges Perch

    That'd be great. Thanks! :))

    While we are at it.. could you also see if win23 has OpenSSL support for PHP.. just in case .NET hotfix would not work out so I may try to settle with PHP based solution.
  9. broadwaywin

    broadwaywin Guppy

    I have a requiremnt of the cleint to use ABCPDF.Net in the application. And I assume this requires Full Trust and also ASPNET /IUSER Permissions on the two DLL's and also the folder where it will convert it to PDF.

    However when I hot it on this server I get the below error :

    [PolicyException: Required permissions cannot be acquired.]

    System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +2770052

    System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission) +57

    CAn anyone help me regarding this OR I cannot use ABCPDF.NET on LiteHost..

    Atul
  10. mvelasquez

    mvelasquez Guppy

    Hello, i just configure my machine just like the jodo host support team told me, and now I am getting this error.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    please help, I am developing in ASP.NET using C#
    If I put the original configuration it works fine, th scenario is as follow:

    System.Drawing.Image img = System.Drawing.Image.FromFile(path);
    :( thank for any help
  11. Stephen

    Stephen US Operations Staff Member

    this error normally comes when you use a path like d:\hshome in the physical way instead of using the virtual path like /upload/file.jpg (for example)
  12. dsessions

    dsessions Guppy

    using this basic code im getting permission errors described above:

    private string txtFile = "/includes/text.txt";

    TextWriter tw = new StreamWriter(Server.MapPath(txtFile), false);
    tw.WriteLine(this.editor.Value);
    tw.Close();


    What am i doing wrong here?
  13. mvidao

    mvidao Guppy

    Hi Stephen, hope you're fine!
    I'm writing you because I was reading your post
    about trust level and I follow all steps you said
    but web I put this
    ----------------------------------
    <location allowOverride="false">
    <system.web>
    <securityPolicy>
    <trustLevel name="Full" policyFile="internal" />
    <trustLevel name="High" policyFile="web_hightrust.config" />
    <trustLevel name="Medium" policyFile="mediumtrust.config" />
    <trustLevel name="Low" policyFile="web_lowtrust.config" />
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
    </securityPolicy>
    </system.web>
    </location>

    <location allowOverride="false">
    <system.web>
    <trust level="Medium" originUrl="" />
    </system.web>
    </location>
    ----------------------------------------

    on the web.config and then compile I get this error:

    The entry 'Medium' has already been added :( ?(

    Please, could you help me? It's very important to me
    solve this problem ASAP
    Thank you very much!
    Mónica


    ====================================================





  14. mvidao

    mvidao Guppy

    Now it show this error

    Error 1 Unable to read the security policy file for trust level 'Medium'.

    :(

    Is anybody there?;(
    help please
  15. jetx86

    jetx86 Perch

    ok i got the jodomediumtrust in iis on local...

    there's a control that doesn't work here, but does on the jodo hosted site?

    asp::image i belive... will only work under full trust, here locally.

    how to troubleshoot this?

    edit
    actually it's this:
    Code:
    				<div class="buttonbar buttonbar-top">
    					<a href="Portfolio.aspx"><asp:image ID="Image1" runat="Server"	 skinid="gallery" /></a>
    					&nbsp;&nbsp;&nbsp;&nbsp;
    					<asp:ImageButton ID="ImageButton9" Runat="server" CommandName="Page" CommandArgument="First" skinid="first"/>
    					<asp:ImageButton ID="ImageButton10"	Runat="server" CommandName="Page" CommandArgument="Prev" skinid="prev"/>
    					<asp:ImageButton ID="ImageButton11"	Runat="server" CommandName="Page" CommandArgument="Next" skinid="next"/>
    					<asp:ImageButton ID="ImageButton12"	Runat="server" CommandName="Page" CommandArgument="Last" skinid="last"/>
    				</div>
    
    /edit
  16. jetx86

    jetx86 Perch

    is 'AllowPartiallyTrustedCallersAttribute' enabled on jodo sites? is that why my local copy is failing and not the remote site hosted on jodo?

    edit
    mmmph nvm think i found it
    /edit
  17. Stephen

    Stephen US Operations Staff Member

    AllowPartiallyTrustedCallersAttribute this is a setting that needs to be made on a per DLL level, it is the complied DLLs that sometimes do not allow such.
  18. jetx86

    jetx86 Perch

    thank you

    yes i figured that out (eventually :/ )

    but i don't have any .dll's :/

    anyway, it works just fine on jodohost, at worst i can just do it in full trust locally and see if anything breaks when i upload it...

    i wanted to duplicate the production env though :/

    well good thing i don't make my living coding :)

    thanks again
  19. sgana

    sgana Guppy

    Hi Stephen

    This same file web.config also works for ASP.net 4 in JodoHost?
  20. Stephen

    Stephen US Operations Staff Member

    no, this is 2.0/3.5 only, I will work to post the asp.net 4.0 trust sample as well.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services