ASP.net Medium Trust Issue

[marvinq]

I have been searching for a blog application that runs on ASP.net and I finally found one that I really want to use. But in testing it an error ensued because of the medium trust issue. The error occurred on this line:

context.Response.OutputStream.Write(buffer, 0, count)

Apparently I need full trust to run this line of code. I have to find an equivalent command that will work. Can anyone here help me find an alternative that will work?

Marvin

 

[Stephen]

may I ask which software this is? I have tested a few asp.net 2 blog tools and they work properly, but by no means have I tested all

 

[marvinq]

may I ask which software this is? I have tested a few asp.net 2 blog tools and they work properly, but by no means have I tested all

Hi Stephen,
Thanks for replying. I am using Jeremy Wadsworth's Blog that he wrote himself. His site is www.jeremywadsworth.com. you can dl his blog tool for free. Or I can send you all the files if you want.
What few asp.net 2 blog tools did you test out? I'd really be interested in knowing, I really need to get an ASP.net Blog tool on my site. Does it have all the bells and whistles? Such as, the ability to create an RSS feed for the blog and a ping service for notifying sites like Technorati or a category count for the Blog Categories list on the blog home page.

Marvin

 

[SubSpace]

I doubt the problem is that particular line of code. It runs fine even with Minimal trust set over here.

There could be another trust issue that is causing that line to fail because it doesn't have the required data. Perhaps it's trying to read a file it's not allowed to access? That would be my best guess, as the line you posted is normally used to output binary data directly (such as an image or offered download).
I normally develop for full trust environments so I don't have to worry much about things like this, but I believe that it's impossible to open files outside of the application root at Medium trust.

I must say that particular limitation is kind of annoying and I don't really see the point to it. In other languages we're allowed to access all files owned by that user, why not in ASP.NET?

 

[marvinq]

I doubt the problem is that particular line of code. It runs fine even with Minimal trust set over here.

There could be another trust issue that is causing that line to fail because it doesn't have the required data. Perhaps it's trying to read a file it's not allowed to access? That would be my best guess, as the line you posted is normally used to output binary data directly (such as an image or offered download).
I normally develop for full trust environments so I don't have to worry much about things like this, but I believe that it's impossible to open files outside of the application root at Medium trust.

I must say that particular limitation is kind of annoying and I don't really see the point to it. In other languages we're allowed to access all files owned by that user, why not in ASP.NET?

I set my own environment to Medium and my application is tripping on that line. So it's running on my machine.

I'm a developer myself, but I am very new to asp.net 2.0. . Is there anything I can do to get around this problem?

Thanks
Marvin

 

[SubSpace]

With what kind of Exception though, and where is that code being run from? By itself it's fine..
There aren't really any ways around actual trust problems (or they'd be pointless). If you really need full trust, a Windows VPS account might be an option.

 

[marvinq]

may I ask which software this is? I have tested a few asp.net 2 blog tools and they work properly, but by no means have I tested all

Stephen,
Can you tell me what asp.net 2 blog tools you've used. Is there any you can recommend?

Thanks
Marvin

 

[Stephen]

Simple Blog .NET was my favorite
http://www.infinityball.net/

 

[marvinq]

With what kind of Exception though, and where is that code being run from? By itself it's fine..
There aren't really any ways around actual trust problems (or they'd be pointless). If you really need full trust, a Windows VPS account might be an option.

The error is coming from the Handler.ashx file. The code is listed below:

<%@ WebHandler Language="VB" Class="Handler" %>

Imports System.IO
Imports System.Drawing
Imports System.Drawing.Image
Imports System.Drawing.Imaging

Public Class Handler
Implements IHttpHandler

'the max size of the thumbnail
Dim PhotoDim As Integer = 192
Dim imagedirectory As String = ""
Dim imagename as String = ""

ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
Get
Return True
End Get
End Property


Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
' Set up the response settings
context.Response.ContentType = "image/jpeg"
context.Response.Cache.SetCacheability(HttpCacheability.Public)
context.Response.BufferOutput = False
' Setup the Size Parameter
Dim size As PhotoSize = PhotoSize.Original
Select Case context.Request.QueryString("Size")
Case "S"
size = PhotoSize.Small
Case "M"
size = PhotoSize.Medium
Case "L"
size = PhotoSize.Large
Case Else
size = PhotoSize.Original
End Select
' Setup the PhotoID Parameter
Dim id As Int32 = 1
Dim stream As IO.Stream = Nothing

If ((Not (context.Request.QueryString("PhotoLocation")) Is Nothing) AndAlso (context.Request.QueryString("PhotoLocation") <> "")) Then
Dim path As String = CStr(context.Request.QueryString("PhotoLocation"))
stream = New FileStream(HttpContext.Current.Server.MapPath(path), FileMode.Open, FileAccess.Read, FileShare.Read)
stream = PhotoManager.ResizeImageFile(stream, size)
Else
If ((Not (context.Request.QueryString("PhotoID")) Is Nothing) _
AndAlso (context.Request.QueryString("PhotoID") <> "")) Then
id = [Convert].ToInt32(context.Request.QueryString("PhotoID"))
stream = PhotoManager.GetPhoto(id, size)
Else
id = [Convert].ToInt32(context.Request.QueryString("AlbumID"))
stream = PhotoManager.GetFirstPhoto(id, size)
End If
' Get the photo from the database, if nothing is returned, get the default "placeholder" photo
If (stream Is Nothing) Then
stream = PhotoManager.GetPhoto(size)
End If
End If


' Write image stream to the response stream
Dim buffersize As Integer = (1024 * 16)
Dim buffer() As Byte = New Byte((buffersize) - 1) {}
Dim count As Integer = stream.Read(buffer, 0, buffersize)

Do While (count > 0)
context.Response.OutputStream.Write(buffer, 0, count) <---the error occurs here
count = stream.Read(buffer, 0, buffersize)
Loop
End Sub

End Class





The exception details are below.

System.Security.SecurityException was unhandled by user code
Message="Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."
Source="mscorlib"
StackTrace:
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Web.HttpWorkerRequest.SendResponseFromMemory(IntPtr data, Int32 length)
at System.Web.HttpWorkerRequest.SendResponseFromMemory(IntPtr data, Int32 length, Boolean isBufferFromUnmanagedPool)
at System.Web.HttpResponseUnmanagedBufferElement.System.Web.IHttpResponseElement.Send(HttpWorkerRequest wr)
at System.Web.HttpWriter.Send(HttpWorkerRequest wr)
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.Web.HttpWriter.WriteFromStream(Byte[] data, Int32 offset, Int32 size)
at System.Web.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 count)
at Handler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


troubleshooting tips

use equivalent managed lbraries

when deploying an office solution, check to make sure you have fulfilled all necessary security requirements.

use a certificate to obtain the required permission(s).

If an assembly implementing the custom security object references other assembles, add the referenced assemblies to the full trust assembly list.



Everything seems to indicate it is a security issue. any suggestions?

Thanks Marvin

 

[SubSpace]

Hmm, not quite sure why it's jumping into unmanaged code because of this. I'll have to do some testing later, but right now I need to get ready for work.. mendokusai

 

[marvinq]

Hmm, not quite sure why it's jumping into unmanaged code because of this. I'll have to do some testing later, but right now I need to get ready for work.. mendokusai

SubSpace,
Any help you can give me would be greatly appreciated!

Marvin