System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.


My customer tried to run a pre compiled web application and he gets the following exception

 

Security Exception

 

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

 

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.

 

Source Error:

 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

 

Stack Trace:

  

[SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.]

   System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0

   System.Reflection.Assembly.GetType(String name, Boolean throwOnError) +36

   System.Web.Compilation.BuildResultCompiledType.GetPreservedAttributes(PreservationFileReader pfr) +54

   System.Web.Compilation.PreservationFileReader.ReadFileInternal(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +496

   System.Web.Compilation.PreservationFileReader.ReadBuildResultFromFile(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +91

   System.Web.Compilation.DiskBuildResultCache.GetBuildResult(String cacheKey, VirtualPath virtualPath, Int64 hashCode) +66

   System.Web.Compilation.BuildManager.GetBuildResultFromCacheInternal(String cacheKey, Boolean keyFromVPP, VirtualPath virtualPath, Int64 hashCode) +176

   System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp) +65

   System.Web.Compilation.BuildManager.CompileGlobalAsax() +51

   System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +337

 

Environment: Windows server 2008 R2, ASP.net 3.5 

 

This is the most common error you would get when you host your content on a UNC share. http://support.microsoft.com/?id=320268 describes the problem, resolution. However in this specific case content is not hosted on UNC share. 

 

Cause

 

This issue would happen when you download a file from Internet or Network Location, etc. Windows now preserves the zone information for file(s). This identifies where the file came from and displays appropriate warning messages, indicating you to be careful.

 

Note: Also when you copy the zip file from network location /Internet and extract the same, all the files contained in the zip file also will get this attribute set.

 

Resolution

You can resolve this issue by following any of the following methods.

Method#1 Go to the properties of precompiled dll’s, check to see if it has following security message (at the bottom of the window): “This file came from another computer and might be blocked to help protect this computer.” If present, click “Unblock”, “Apply” and “OK”.

If you have multiple dlls in your application, you would need to perform this step to all dlls one by one.

Method#2 Run the below caspol command to resolve the issue Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url “file:////c:\mysitecontent\*” FullTrust -exclusive on

Note: Please substitute “c:\mysitecontent\*” with actual path where ASP.net pre compiled dlls are located.

Alternatively, you can use below methods to get around the issue.

To avoid the “This file came from another computer and might be blocked to help protect this computer.” You can use one of the following methods depending on your scenario.

1) Move all the files to non NTFS partition i.e. FAT and move them back to NTFS partition. When you move the files to non NTFS partition, it will not maintain zone information.

2) Use the “Strems v 1.56” tool to remove streams

a. Download “Streams v1.56” from http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

b. Execute the following command from command line:

“streams -s -d directory”

3) If you have copied a zip file to your machine that has the above attribute, before you extract, just unblock the zip file( as mentioned in resolution section) and then proceed with extraction.

4) There is a Group Policy, that you can Enable to make sure zone information is not preserved.

a. Run gpedit.msc ( From Run Prompt or CMD prompt)

b. Navigate to Local Security Policy ==> User Configuration ==> Administrative Templates ==>Windows Components ==>Attachment Manager

c. Enable “Do not preserve zone information in file attachments” setting.

This will only make sure that zone information is not present for the files that you copy after the policy is enabled. For Existing files, you would still need to use one of the above methods. Also, please consult with your Administrator, Team before you enable this setting, as this might be needed for other applications and might break those, if you enable it without taking consent from Administrator(s)/your team.

 


Comments (13)

  1. sb says:

    thanks it did the trick when i was struggling with the security exception. streams.exe is a cool too.

    i need to restart the application pool for this to take effect.

  2. js says:

    Thanks. Method #2 worked perfectly.

  3. Lokesh says:

    It worked for me.

    Thank you

  4. R says:

    Thanks. It worked for me too… I had to recylce the app. pool.

  5. dbr says:

    #4 worked for me; I also had to recycle the app pool.

  6. Newbie says:

    Thanks, Method 2 worked for me

  7. Chris says:

    Thanks! I unzipped my code files over the network and every file was marked as unsure (method1).

  8. Shashi Pandey says:

    – In my case the files are stored on remote mapped drive and I was getting this error whicle compile.

    – I performed all method but still I was getting same error.

    – Solution : I changed the Target framework from 3.5 to 4.0 and it starts working.

  9. Adam D. says:

    Thanks. This outlined the issue perfectly and the suggested resolutions worked!

    I "unblocked" each of the DLLs and that worked.

    Also, unzipped the code from a windows 2003 system which didn't tag the files under a "zone"

  10. Narazana says:

    It worked for me.. one of my DLLS file was having this problem. I Just moved  the file to non NTFS partition ( FAT) and move it back.  Thanks.

  11. Shahab says:

    Thanks! It worked for me too!

    My project was on a shared folder in Parallels VM on my MacBook Pro and only caspol.exe worked for me 🙂

  12. OraDotNetDev says:

    If you need to fix and existing site you can run the Powershell script below:

    foreach ($file in (Get-ChildItem "\ServerShare" -Recurse -EA 0).FullName)

    {

        if (Get-Item $file -Stream Zone.Identifier -EA 0 | select Stream)

        {

           Unblock-File -Path $file

           # In Powershell 2.0 comment line above and uncomment line below

           #Remove-Item $file -Stream Zone.Identifier -Verbose -EA 0

           if ( Get-Item $file -Stream Zone.Identifier -EA 0 | select Stream)

              {

                 "Could not unblock! $file"

              }

           else

              { "$file un-blocked" }

        }

    }

  13. Basel Alkaddoumi says:

    Found the solution by setting the application pool attribute

           Load UserProfile = TRUE