In the web.config of webforms .net 4.5 application I set the following:
<trust legacyCasModel="true" level="Full" />
because this is a Microsoft work around to overcome an bug in the asp.net Report Viewer which causes large reports to take much longer to generate than in previous .net versions (3.5 and older). Unfortunately, enabling the legacy CasModel has caused the error below. As the error suggests I have attempted many times to apply an exception in my site's web.config such as:
<system.web>
<partialTrustVisibleAssemblies>
<add assemblyName="System.Web.Extensions" version="4.0.0" publicKey="0024000004800000940000000602000000240000525341310004000001000100B5FC90E7027F67871E773A8FDE8938C81DD402BA65B9201D60593E96C492651E889CC13F1415EBB53FAC1131AE0BD333C5EE6021672D9718EA31A8AEBD0DA0072F25D87DBA6FC90FFD598ED4DA35E44C398C454307E8E33B8426143DAEC9F596836F97C8F74750E5975C64E2189F45DEF46B2A2B1247ADC3652BF5C308055DA9" />
</partialTrustVisibleAssemblies>
</system.web>
But the error still occurs. I also attempted to apply this setting to the .net 4 web.config and specify this assembly to have full trust but it still won't work. I've read a ton of documentation pertaining to this issue and I cannot locate any other way this issue maybe resolved (except to remove this assembly in my project or make other major changes to my web application). Any suggestions of how I can fix or address this issue would be greatly appreciated, Thanks.
Server Error in '/' Application.
Attempt by security transparent method 'Microsoft.ScriptManager.MSAjaxv45.PreApplicationStartCode.Start()' to access security critical method 'System.Web.UI.ScriptManager.get_ScriptResourceMapping()' failed.
Assembly 'System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' is a conditionally APTCA assembly which is not enabled in the current AppDomain. To enable this assembly to be used by partial trust or security transparent code, please add assembly name 'System.Web.Extensions, PublicKey=0024000004800000940000000602000000240000525341310004000001000100B5FC90E7027F67871E773A8FDE8938C81DD402BA65B9201D60593E96C492651E889CC13F1415EBB53FAC1131AE0BD333C5EE6021672D9718EA31A8AEBD0DA0072F25D87DBA6FC90FFD598ED4DA35E44C398C454307E8E33B8426143DAEC9F596836F97C8F74750E5975C64E2189F45DEF46B2A2B1247ADC3652BF5C308055DA9' to the the PartialTrustVisibleAssemblies list when creating the AppDomain.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.MethodAccessException: Attempt by security transparent method 'Microsoft.ScriptManager.MSAjaxv45.PreApplicationStartCode.Start()' to access security critical method 'System.Web.UI.ScriptManager.get_ScriptResourceMapping()' failed.
Assembly 'System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' is a conditionally APTCA assembly which is not enabled in the current AppDomain. To enable this assembly to be used by partial trust or security transparent code, please add assembly name 'System.Web.Extensions, PublicKey=0024000004800000940000000602000000240000525341310004000001000100B5FC90E7027F67871E773A8FDE8938C81DD402BA65B9201D60593E96C492651E889CC13F1415EBB53FAC1131AE0BD333C5EE6021672D9718EA31A8AEBD0DA0072F25D87DBA6FC90FFD598ED4DA35E44C398C454307E8E33B8426143DAEC9F596836F97C8F74750E5975C64E2189F45DEF46B2A2B1247ADC3652BF5C308055DA9' to the the PartialTrustVisibleAssemblies list when creating the AppDomain.
Try removing "Microsoft.ScriptManager.MSAjax.dll" and "Microsoft.ScriptManager.WebForms.dll" from references(if not used).
#Sachin, thank you for your answer however I need those assemblies for this project so that would not resolve this issue. I resolved this issue a while ago. I think this error was occurring when attempting some authentication functions in the application. I resolved the issue by setting the report function to open in a new application pool, so that the enabling of the legacy CAS model only effects the new application pool and therefore not effecting other authentication functions in the application.
Related
Suddenly I got the following error when publishing to Azure Mobile Services.
"Error Found conflicts between different versions of the same dependent assembly 'System.Web.Http.Cors': 5.1.0.0, 5.2.2.0. Please change your project to use only one version. App.Hosting 2014-09-20 23:40:26"
I use Microsoft.AspNet.WebApi.Cors and WindowsAzure.MobileServices.Backend (1.0.348).
I have tried going through all references and I cant find any pointing at 5.2.2.0.
I have also tried upgrading to 5.2.2.0 however when doing so I get:
"Error Boot strapping failed: executing 'WebApiConfig.Register' caused an exception: 'Could not load file or assembly 'System.Web.Http.Cors, Version=5.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.'. App.Hosting 2014-09-20 23:06:20"
I can not understand why I get this error and it seem to have start to occur with no apparent reason.
Any pointer is appreciated.
We are in the process of updating to the newly released ASP.NET Web API 5.2 and it looks like we missed an assembly redirect for the CORS assembly.
In a couple of days you will be able to use the full ASP.NET Web API 5.2 but the upgrade has to complete first. To fix your problem now, you should be able to just remove your own CORS assembly (assuming you are only setting the origins) and then set them using the MS_CrossDomainOrigins app setting in your local web.config as described in this blog [1], for example:
<add key="MS_CrossDomainOrigins" value="http://testhost, http://sample" />
Sorry for the inconvenience!
Henrik
[1] http://azure.microsoft.com/blog/2014/07/28/azure-mobile-services-net-updates/
Attempt by security transparent method 'PayPal.UserAgentHeader.get_OperatingSystemFriendlyName()' to access security critical method 'System.Management.ManagementObjectSearcher..ctor(System.String)' failed.
Assembly 'PayPalCoreSDK, Version=1.4.1.0, Culture=neutral, PublicKeyToken=null' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.MethodAccessException: Attempt by security transparent method 'PayPal.UserAgentHeader.get_OperatingSystemFriendlyName()' to access security critical method 'System.Management.ManagementObjectSearcher..ctor(System.String)' failed.
Assembly 'PayPalCoreSDK, Version=1.4.1.0, Culture=neutral, PublicKeyToken=null' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.
This stackoverflow answer mentions adding the [SecuritySafeCritical] attribute to the class, but in this case the class at play is in a DLL loaded through NuGet.
Are there any global settings I can use to bypass this exception?
Add the following tag to your web.config:
<configuration>
<system.web>
<trust level="Full" />
</system.web>
</configuration>
The servers on your hosting service is probably setup with a medium trust level. The 'PayPalCoreSDK' is requires your application to run with a full trust level.
adding this to assemblyinfo.cs
// added because of security transparency change in framework 4.0
[assembly: SecurityRules(SecurityRuleSet.Level1)]
this did the job for me ....
After upgrading wpftoolkit 3.5 framework to 4.6.1 framework, the below Security rules in assemblyinfo.cs resolve the issue:
// added because of security transparency change in framework 4.0
[assembly: SecurityRules(SecurityRuleSet.Level1)]
In my case it was an issue when I managed a NuGet packages in the solution some package overrides System.Web.Mvc assembly version binding in main web site project. Set back to 4.0.0.0 (I had 5.0 installed). I didn't change notice the change because Mvc v4.0 was installed and accessible via GAC. Set back
I was working on a brownfield application with a lot of referenced projects in the solution. One project was set to .NET 4.0 instead of 4.6.1 and I thought that might be it, but that wasn't the issue. I had to add:
[assembly:AllowPartiallyTrustedCallers]
to the assembly.cs file in the project containing the "security critical" method, and it wasn't happy with me until I also added
using System.Security;
That did the trick.
Joey
Recently I've had a lot of trouble with a solution I've been working on so I decided to redo it from scratch. Basically, it's an ASP.NET application and a Web Service. I got everything to where it should be working. It's deployed to IIS, and when I try to debug I get: "Unable to start debugging on the web server. The web server is not configured correctly."
So I tried running without debugging and I get this error:
Configuration Error
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify yourconfiguration file appropriately.
Parser Error Message: Could not load file or assembly 'BrowserInfoApp'
or one of its dependencies. This assembly is built by a runtime newer
than the currently loaded runtime and cannot be loaded.
Source Error:
Line 57: <add assembly="System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Line 58: <add assembly="System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Line 59: <add assembly="*" />
Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\web.config Line: 59
Unsure of what this line did, I tried commenting it out. It still wouldn't let me debug on the server and this was the result of running without debugging again:
Parser Error
Description: An error occurred during the parsing of a resource required
to service this request. Please review the following specific parse error
details and modify your source file appropriately.
Parser Error Message: Could not load type 'BrowserInfoApp.Global'.
Source Error:
Line 1: <%# Application Codebehind="Global.asax.cs" Inherits="BrowserInfoApp.Global" Language="C#" %>
Source File: /global.asax Line: 1
What is strange about this, is that BrowserInfoApp is completely unrelated. It is something that I made for testing, but the solution I am using now has never referenced it or been related to it. I started the solution I'm using now fresh, under an hour ago, so it's not a forgotten reference or anything like that.
I'm running everything on Windows XP with IIS 5.1.
So far I've tried removing the BrowserInfoApp virtual directory from IIS. If need be, I will try deleting the entire app, but I feel as if that's unecessary.
I really don't know where to go with this. If there is more information that I could provide, please let me know and I would be glad to do so.
Edit: I've tried deleting all of BrowserInfoApp and I get the same error.
Maybe you copy and pasted the reference to the BrowserInfoApp class when you rebuilt from scratch. Delete the Global.asax file and then re-add it, making sure it doesn't reference that assembly, which was built in a newer version.
Web.config files are hierarchical. Perhaps there's a web.config at a higher level of the virtual hierarchy which is referencing this other assembly.
In that case, you'll have to upgrade the applications in the higher levels of the hierarchy.
I solved the issue by removing "Inherits="BrowserInfoApp.Global"" from the Global.asax file. I also uncommented "add assembly="*" /" in my web.config file. I think I may have also had an issue with publishing to IIS (I named the site something different than the project name).
Not too sure what went wrong or why it works now, but it does.
I had the same issue. My setup: all my web apps were created as applications in the Default Web Site in IIS. I somehow managed to let one of my web projects in an unrelated solution create itself in the Default Web Site. So all my other solutions inherited the config settings, but they didn't have the required DLLs.
I am having trouble with security while migrating an application from .NET 3.5 to 4.0.
I have an application that starts successfully from a network share I've mapped to z: - Z:\MyApp\App.exe.
This application makes use of add-ins, and is sometimes asked to load assemblies from a seperate location on the Intranet - y:\MyLib\Lib.dll
In .NET 4.0, I get a System.Security.Security exception then this happens:
System.IO.FileLoadException: Could not load file or assembly 'XXXX' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A) ---> System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
However, if I launch my application locally from C:\MyApp\App.exe, it is able to successfully load with Assembly.LoadFrom() the addin at y:\MyLib\Lib.dll.
What do I need to do to 'bless' the y:\MyLib location so that apps running from network shares are allowed to execute code from there?
Thanks,
Dave
I had a similar problem, I was able to solve it as is described in my question
Structuremap does not load registries when started from Network drive.
I hope this solves your problem also.
I'm attempting to dynamically load some (purchased) assemblies from resource streams in a C# program during an MSI installation routine, but I'm getting "Unverifiable code failed policy check".
I read some tips online about compiling the embedded assembly with /clr:safe, but I don't have that option. Is there a way to work around this policy check?
Thanks.
The only way to load unverifiable code is from a full trust process (or maybe app domain) with verification disabled.
EDIT: I'm not making this up, one of the C# language designers said "Unverifiable code requires full trust and is generally to be avoided"
Its already too late, but it may help someone.
I've used Sqlite DLL in my project and when I deployed the code on sandbox environment, I was getting exception (see below)
[FileLoadException: Unverifiable code failed policy check. (Exception from HRESULT: 0x80131402)]
[FileLoadException: Could not load file or assembly 'System.Data.SQLite, Version=1.0.79.0, Culture=neutral, PublicKeyToken=db937bc2d44ff139' or one of its dependencies. Unverifiable code failed policy check. (Exception from HRESULT: 0x80131402)]
I added trust level within system.web in the web.config file and its working fine.
<trust level="Full|High|Medium|Low|Minimal" originUrl="url"/>
This may not be relevant any longer, but I encountered the same issue recently. If you take the stream and stick it in a temp file, you can then use Assembly.LoadFrom to load the assembly.