Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Security Exeception during upgrade

Reply
Thread Tools

Security Exeception during upgrade

 
 
SteveWestling
Guest
Posts: n/a
 
      11-19-2005
I'm upgrading from a Framework 1.0.3705 app to a Framework 1.1.4322 app. When
I try to make my first call, where the system registers my components in
component services. But now I get the following message:

Server Error in '/theSolver' Application.
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.

Source Error:

Line 42: UDL = "PS.UDL";
Line 43: }
Line 44: doc.LoadXml(user.VerifyLogin(EmailID, Password, RequesterId,
UDL));
Line 45: node = doc.SelectSingleNode("//system_user");
Line 46: RequesterId =
System.Convert.ToInt32(node.Attributes.GetNamedIte m("requester_id").Value);


Source File: D:\theSolver\PSLogin.aspx Line: 44

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +473
System.Diagnostics.EventLog.CreateEventSource(Stri ng source, String
logName, String machineName, Boolean useMutex) +443
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type, Int32 eventID, Int16 category, Byte[] rawData) +347
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type, Int32 eventID, Int16 category) +21
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type, Int32 eventID) +15
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type) +11

PositiveSolutions.SystemUser.PositiveSolutions.ISy stemUser.VerifyLogin(String
EmailId, String Password, Int32 RequesterId, String UDL) +955
ASP.PSLogin_aspx.__Render__control1(HtmlTextWriter __output, Control
parameterContainer) in D:\theSolver\PSLogin.aspx:44
System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87


Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET
Version:1.1.4322.2032

So I used the configuration utility and here's what my security.config looks
like:
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="PBSGroup"
Description="PBS Code group">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"

PublicKeyBlob="00240000048000009400000006020000002 400005253413100040000010001002D1F61710370C98619304 34A1516A75F4485DFFF77AC5BD414241318DAD0E1686219397 B3D1AD5C272D37DF52BE785FFD56281C800636E21FB47093A6 E0FB793901EBBB7884609E5BE659FB27B9BEEA45F195F99C52 2A892691935C1DB01FE0F4499E75BFD98EC1FE979319BE55DF ADBCB8D582E96A67325D9E22EAF1D1C49EA"/>
</CodeGroup>

and I manually editted my machine.config as follows:

<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium"
policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal"
policyFile="web_minimaltrust.config" />
</securityPolicy>

<!-- level="[Full|High|Medium|Low|Minimal]" -->
<trust level="Full" originUrl="http://127.0.0.1/*" />

</system.web>
</location>

Any thoughts on what I'm overlooking?

Thanks in advance
 
Reply With Quote
 
 
 
 
Nicole Calinoiu
Guest
Posts: n/a
 
      11-20-2005
This particular SecurityException can occur due to a lack of user
permissions, not just a lack of CAS permissions. What happens if you
attempt to run the first call (which is presumably registering the event
source) under an admin account rather than from within your application?
Also, what is the name of the event log (not the source, but the log) to
which your code is attempting to write?


"SteveWestling" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm upgrading from a Framework 1.0.3705 app to a Framework 1.1.4322 app.
> When
> I try to make my first call, where the system registers my components in
> component services. But now I get the following message:
>
> Server Error in '/theSolver' Application.
> Security Exception
> Description: The application attempted to perform an operation not allowed
> by the security policy. To grant this application the required permission
> please contact your system administrator or change the application's trust
> level in the configuration file.
>
> Exception Details: System.Security.SecurityException: Requested registry
> access is not allowed.
>
> Source Error:
>
> Line 42: UDL = "PS.UDL";
> Line 43: }
> Line 44: doc.LoadXml(user.VerifyLogin(EmailID, Password, RequesterId,
> UDL));
> Line 45: node = doc.SelectSingleNode("//system_user");
> Line 46: RequesterId =
> System.Convert.ToInt32(node.Attributes.GetNamedIte m("requester_id").Value);
>
>
> Source File: D:\theSolver\PSLogin.aspx Line: 44
>
> Stack Trace:
>
> [SecurityException: Requested registry access is not allowed.]
> Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
> +473
> System.Diagnostics.EventLog.CreateEventSource(Stri ng source, String
> logName, String machineName, Boolean useMutex) +443
> System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> type, Int32 eventID, Int16 category, Byte[] rawData) +347
> System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> type, Int32 eventID, Int16 category) +21
> System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> type, Int32 eventID) +15
> System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> type) +11
>
> PositiveSolutions.SystemUser.PositiveSolutions.ISy stemUser.VerifyLogin(String
> EmailId, String Password, Int32 RequesterId, String UDL) +955
> ASP.PSLogin_aspx.__Render__control1(HtmlTextWriter __output, Control
> parameterContainer) in D:\theSolver\PSLogin.aspx:44
> System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
> System.Web.UI.Control.Render(HtmlTextWriter writer) +7
> System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
> System.Web.UI.Page.ProcessRequestMain() +2112
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>
> System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
> +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously) +87
>
>
> Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
> ASP.NET
> Version:1.1.4322.2032
>
> So I used the configuration utility and here's what my security.config
> looks
> like:
> <CodeGroup class="UnionCodeGroup"
> version="1"
> PermissionSetName="FullTrust"
> Name="PBSGroup"
> Description="PBS Code group">
> <IMembershipCondition
> class="StrongNameMembershipCondition"
> version="1"
>
> PublicKeyBlob="00240000048000009400000006020000002 400005253413100040000010001002D1F61710370C98619304 34A1516A75F4485DFFF77AC5BD414241318DAD0E1686219397 B3D1AD5C272D37DF52BE785FFD56281C800636E21FB47093A6 E0FB793901EBBB7884609E5BE659FB27B9BEEA45F195F99C52 2A892691935C1DB01FE0F4499E75BFD98EC1FE979319BE55DF ADBCB8D582E96A67325D9E22EAF1D1C49EA"/>
> </CodeGroup>
>
> and I manually editted my machine.config as follows:
>
> <location allowOverride="true">
> <system.web>
> <securityPolicy>
> <trustLevel name="Full" policyFile="internal" />
> <trustLevel name="High" policyFile="web_hightrust.config"
> />
> <trustLevel name="Medium"
> policyFile="web_mediumtrust.config" />
> <trustLevel name="Low" policyFile="web_lowtrust.config" />
> <trustLevel name="Minimal"
> policyFile="web_minimaltrust.config" />
> </securityPolicy>
>
> <!-- level="[Full|High|Medium|Low|Minimal]" -->
> <trust level="Full" originUrl="http://127.0.0.1/*" />
>
> </system.web>
> </location>
>
> Any thoughts on what I'm overlooking?
>
> Thanks in advance



 
Reply With Quote
 
 
 
 
SteveWestling
Guest
Posts: n/a
 
      11-20-2005
Thanks for your reply, but I figured it out after doing extensive searches on
the web.

FYI. You are absolutely right, it was user permissions. My web application
writes errors to the event log and the first time I opened it an error
occured (invalid login). In order for the app to use the event log, I had to
open the registry with regedit, find the key for Event log and modify the
permissions. Specifically, I granted the group users Full Control of that
key. I believe I only need to give Full Control to the user "NETWORK LOGIN"
but I was so busy trying to complete the rest of the process, I haven't yet
gone back to revise the setting.

Thanks again for your help.

"Nicole Calinoiu" wrote:

> This particular SecurityException can occur due to a lack of user
> permissions, not just a lack of CAS permissions. What happens if you
> attempt to run the first call (which is presumably registering the event
> source) under an admin account rather than from within your application?
> Also, what is the name of the event log (not the source, but the log) to
> which your code is attempting to write?
>
>
> "SteveWestling" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I'm upgrading from a Framework 1.0.3705 app to a Framework 1.1.4322 app.
> > When
> > I try to make my first call, where the system registers my components in
> > component services. But now I get the following message:
> >
> > Server Error in '/theSolver' Application.
> > Security Exception
> > Description: The application attempted to perform an operation not allowed
> > by the security policy. To grant this application the required permission
> > please contact your system administrator or change the application's trust
> > level in the configuration file.
> >
> > Exception Details: System.Security.SecurityException: Requested registry
> > access is not allowed.
> >
> > Source Error:
> >
> > Line 42: UDL = "PS.UDL";
> > Line 43: }
> > Line 44: doc.LoadXml(user.VerifyLogin(EmailID, Password, RequesterId,
> > UDL));
> > Line 45: node = doc.SelectSingleNode("//system_user");
> > Line 46: RequesterId =
> > System.Convert.ToInt32(node.Attributes.GetNamedIte m("requester_id").Value);
> >
> >
> > Source File: D:\theSolver\PSLogin.aspx Line: 44
> >
> > Stack Trace:
> >
> > [SecurityException: Requested registry access is not allowed.]
> > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
> > +473
> > System.Diagnostics.EventLog.CreateEventSource(Stri ng source, String
> > logName, String machineName, Boolean useMutex) +443
> > System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> > type, Int32 eventID, Int16 category, Byte[] rawData) +347
> > System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> > type, Int32 eventID, Int16 category) +21
> > System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> > type, Int32 eventID) +15
> > System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
> > type) +11
> >
> > PositiveSolutions.SystemUser.PositiveSolutions.ISy stemUser.VerifyLogin(String
> > EmailId, String Password, Int32 RequesterId, String UDL) +955
> > ASP.PSLogin_aspx.__Render__control1(HtmlTextWriter __output, Control
> > parameterContainer) in D:\theSolver\PSLogin.aspx:44
> > System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
> > System.Web.UI.Control.Render(HtmlTextWriter writer) +7
> > System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
> > System.Web.UI.Page.ProcessRequestMain() +2112
> > System.Web.UI.Page.ProcessRequest() +218
> > System.Web.UI.Page.ProcessRequest(HttpContext context) +18
> >
> > System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
> > +179
> > System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> > completedSynchronously) +87
> >
> >
> > Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
> > ASP.NET
> > Version:1.1.4322.2032
> >
> > So I used the configuration utility and here's what my security.config
> > looks
> > like:
> > <CodeGroup class="UnionCodeGroup"
> > version="1"
> > PermissionSetName="FullTrust"
> > Name="PBSGroup"
> > Description="PBS Code group">
> > <IMembershipCondition
> > class="StrongNameMembershipCondition"
> > version="1"
> >
> > PublicKeyBlob="00240000048000009400000006020000002 400005253413100040000010001002D1F61710370C98619304 34A1516A75F4485DFFF77AC5BD414241318DAD0E1686219397 B3D1AD5C272D37DF52BE785FFD56281C800636E21FB47093A6 E0FB793901EBBB7884609E5BE659FB27B9BEEA45F195F99C52 2A892691935C1DB01FE0F4499E75BFD98EC1FE979319BE55DF ADBCB8D582E96A67325D9E22EAF1D1C49EA"/>
> > </CodeGroup>
> >
> > and I manually editted my machine.config as follows:
> >
> > <location allowOverride="true">
> > <system.web>
> > <securityPolicy>
> > <trustLevel name="Full" policyFile="internal" />
> > <trustLevel name="High" policyFile="web_hightrust.config"
> > />
> > <trustLevel name="Medium"
> > policyFile="web_mediumtrust.config" />
> > <trustLevel name="Low" policyFile="web_lowtrust.config" />
> > <trustLevel name="Minimal"
> > policyFile="web_minimaltrust.config" />
> > </securityPolicy>
> >
> > <!-- level="[Full|High|Medium|Low|Minimal]" -->
> > <trust level="Full" originUrl="http://127.0.0.1/*" />
> >
> > </system.web>
> > </location>
> >
> > Any thoughts on what I'm overlooking?
> >
> > Thanks in advance

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Warning during generating classes through WSIMPORT & Error during xmlvalidation traveller Java 0 01-08-2008 07:00 AM
Response.Redirect causes an exeception Waldy ASP .Net 6 11-15-2007 02:53 PM
7905 die during CCM upgrade castleford@gmail.com Cisco 1 08-14-2006 07:26 PM
Datagrid not updated during delete, but updated during insert and update Dmitry Korolyov ASP .Net Datagrid Control 0 09-22-2003 10:57 AM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments