locked
Application attempted to perform an operation not allowed by the security policy

    Question

  • When I try to load a Web app in IE on Windows 7 (via remote connection), I get the following error message:

    Application attempted to perform an operation not allowed by the security policy. To grant this application the required permission, contact your system administrator, or use the Microsoft .NET Framework Configuration tool.


    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.

    ************** Exception Text **************
    System.Security.SecurityException: That assembly does not allow partially trusted callers.
       at ProductExplorer.PEControl.cmdProduct_Click(Object sender, EventArgs e)
       at System.Windows.Forms.Control.OnClick(EventArgs e)
       at System.Windows.Forms.Button.OnClick(EventArgs e)
       at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
       at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ButtonBase.WndProc(Message& m)
       at System.Windows.Forms.Button.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    The action that failed was:
    LinkDemand
    The Zone of the assembly that failed was:
    Intranet
    .
    .
    .
    .

    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.

    For example:

    <configuration>
        <system.windows.forms jitDebugging="true" />
    </configuration>

    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.

    Monday, February 21, 2011 2:30 PM

All replies

  • This is ASP.NET??  (The forums at forums.asp.net as generally better for its questions).

    Anyway the error messages is there "That assembly does not allow partially trusted callers."  Your ASP.NET server is configured to run your app as partial-trust (medium-trust?) and your app uses some other (third-party?) assembly which doesn't support running in partial-trust...  hat's the assembly?  In house or not?


    http://www.alanjmcf.me.uk/ Please follow-up in the newsgroup. If I help, mark the question answered
    Monday, February 21, 2011 7:52 PM
  • The assembly is in house. 

    Tuesday, February 22, 2011 4:20 PM
  • So you need to find if the operations that the are used from that assembly are permitted in the trust zone.  For instance things like reading environment variables and some network operations etc aren't allowed in all zones.  If not then you'll have to rethink things or get the hosting/platform changed.

    If they can be used then you need to mark the assembly with AllowPartiallyTrustedCallersAttribute which is a step needing due consideration; from the blog below:

    • When would you want to use apply APTCA?  Only if the following conditions all apply:
      1. Your code has been thoroughly audited for security vulnerabilities (perhaps using the MSDN Security Review Checklist)
      2. The code is in compliance with the Secure Coding Guidelines
      3. You specifically want partially trusted callers to use the library.  There's no sense opening up an attack surface if you only care if fully trusted callers can use your code.

    This can be made easier by applying the SecurityTransparent attribute[2].  As well as the post there, there is info in MSDN too.

    There have been changes to the CAS/Security in .NET 4 however...

     

    [1] e.g. http://blogs.msdn.com/b/shawnfa/archive/2005/02/04/367390.aspx
    [2] e.g. http://blogs.msdn.com/b/shawnfa/archive/2005/08/31/when-the-opposite-of-transparent-isn-t-opaque.aspx


    http://www.alanjmcf.me.uk/ Please follow-up in the newsgroup. If I help, mark the question answered
    Tuesday, February 22, 2011 10:20 PM