Bug #22523 | ASP.NET 2 Security Exception | ||
---|---|---|---|
Submitted: | 20 Sep 2006 15:21 | Modified: | 21 Jan 2014 23:02 |
Reporter: | Emanuele Scozzafava | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / NET | Severity: | S1 (Critical) |
Version: | 1.0.7 & 5.0.0 | OS: | Any (All) |
Assigned to: | CPU Architecture: | Any | |
Tags: | AllowPartiallyTrustedCallers, ASP.NET security |
[20 Sep 2006 15:21]
Emanuele Scozzafava
[25 Sep 2006 6:58]
Emanuele Scozzafava
I've changed the state to S1 critical. In a sitution like this, the Connector is completely unusable.
[22 Oct 2006 11:06]
Valeriy Kravchuk
Thank you for a problem report. Please, try to repeat with a newer version, Connector/Net 1.0.8 RC, and inform about the results.
[23 Oct 2006 9:17]
Emanuele Scozzafava
I used the 1.0.8 RC connector but the result doesn't change. This is some info about error: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers. Stack Trace: [SecurityException: That assembly does not allow partially trusted callers.] _Default.TestMySQLConnector() in d:\inetpub\webs\***********\Default.aspx.cs:32 _Default.Page_Load(Object sender, EventArgs e) in d:\inetpub\webs\***********\Default.aspx.cs:15 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +34 System.Web.UI.Control.OnLoad(EventArgs e) +99 System.Web.UI.Control.LoadRecursive() +47 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154 System.Web.UI.Page.ProcessRequest() +86 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18 System.Web.UI.Page.ProcessRequest(HttpContext context) +49 ASP.default_aspx.ProcessRequest(HttpContext context) in d:\temp\root\657331cc\d254342c\App_Web_lx8k21zz.2.cs:0 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
[2 Nov 2006 15:47]
Tonci Grgin
Hi Emanuele and thanks for your report. I will have to consult on this since it may have larger impact than what I see right now. In any case, this should be S4 - feature request not S1 since it is not our fault, in my opinion, you do not have privileges on remote server.
[2 Nov 2006 16:15]
Emanuele Scozzafava
Hi Tonci, consider that MySQL is unusable on a remote server! I'm not sure that this should be a feature request. The classes of SqlClient namespace haven't this problem.
[3 Nov 2006 7:00]
Tonci Grgin
Hi Emanuele. I agree with you but we have to test this thoroughly to make sure all parts of the provider will work correctly in partially trusted scenarios. Just adding that attribute doesn't make them work. Adding that attribute tells the system that you have verified that all parts of connector/NET will work under partially trusted scenarios, which we have yet to confirm. Taken in account testing needed this change won't make it into 5.0.2 as it's been tested for release right now but it's *very high* on our TO-DO list.
[28 Nov 2006 21:11]
John Ritter
Emanuele is right, the Connector is unusable. Tonci's reply is very frustrating.
[4 Jan 2007 2:37]
Chris Nucci
Tonci is right. This is much more likely a feature request. If you believe this is a bug then you should brush up on Code Access Security. Your web site is simply not trusted by your web host.
[27 Dec 2008 19:23]
Kreso Bernardic
Hi all, do you have any new info about resolving this issue?
[17 Apr 2009 21:12]
Julian Beckensall
This seems to be have been resolved with the latest connector - version 5.2.5. At least it worked for me...