System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data

Question

I have created a windows library control that accesses a local sql database

I tried the following strings for connecting

Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Trusted_Connection = true"

Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Integrated Security=SSPI"

 

I am not running the webpage in a virtual directory but in

C:\Inetpub\wwwroot\usercontrol

and I have a simple index.html that tries to read from an sql db but throws

the error

System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.PermissionSet.Demand()
   at System.Data.Common.DbConnectionOptions.DemandPermission()
   at System.Data.SqlClient.SqlConnection.PermissionDemand()
   at System.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnection outerConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection,

etc etc

 The action that failed was:
Demand
The type of the first permission that failed was:
System.Data.SqlClient.SqlClientPermission
The Zone of the assembly that failed was:
Trusted

I looked into the .net config utility but it says unrestricted and I tried adding it to the trusted internet zones in ie options security

I think that a windows form connecting to a sql database running in a webpage should be simple

to configure what am I missing?

Answer 1

See http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx for an explanation of why your IE-hosted control may not be running with the permission grant that you expect and some workarounds to avoid the problem.  In your case, one other option might be to broker your db calls via a web service running from the server hosting your control, which could allow you to run within the default CAS permission grant for the intranet zone.

Answer 2

Thank you for the link,
I dont understand how to do this

"The first way is to create a code group that matches the evidence that the AppDomain is getting, using a SiteMembershipCondition or a ZoneMembershipCondition, and trust that. The other is to Assert() all the permissions that your assembly needs at its entry points.
"

And I would just like to say, I am trying to do perhaps one of the easiest and common scenarios imaginable and having enormous trouble, it cant possibly be this complicated!
I tried with no success
caspol -m -ag 1.2 -url http://YourSite.com/* FullTrust
Anyway, Thanks again I will continue to try to figure out what its talking about :)

Answer 3

Are you trying to add an internet site (YourSite.com) under the intranet zone code group?  This won't work since your assembly won't be able to meet the membership criteria for both code groups.  If the control is hosted on an internet site, add your URL membership code group under the code group for the internet zone.

Answer 4

Hi Philip!

You are likely using SAFE assembly. An assembly should be at least EXTERNAL_ACCESS to be able to connect using network protocols.

Thank you,

Vadim

Answer 5

I just want to be extremely clear about what I am doing.
Straight out of the box I make a windows library control
that runs in a webpage and accesses SQL.
Very simple and straightforward
and I just need some very clear steps to follow
I am running a webserver IIS with microsoft SQL and have a windows control library that
wants to access the SQL DataBase
I cannot find any clear instructions on how to make this happen.
That being said

I found
the following post
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=108305&SiteID=1
based on your suggestion to create an external_key
and the link on that page no longer works and the first link on the page didnt work for me
and the other suggestion on the page had some errors

USE [master]  CREATE ASYMMETRIC KEY HelloWorldKey FROM EXECUTABLE FILE = 'C:\HelloWorld.dll' CREATE LOGIN HelloWorldLogin FROM ASYMMETRIC KEY HelloWorldKey GRANT EXTERNAL ACCESS ASSEMBLY TO HelloWorldLogin

Msg 15208, Level 16, State 1, Line 1
The certificate, asymmetric key, or private key file does not exist or has invalid format.
Msg 15151, Level 16, State 1, Line 1
Cannot find the asymmetric key 'myKey', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 1
Cannot find the login 'myLogin', because it does not exist or you do not have permission.

Answer 6

Changing unrelated assembly permissions within SQL Server will have no effect on the client-side SecurityException you are encountering.  (You're getting advice to try this because you posted your question to a forum dedicated to SQLCLR, which doesn't seem to be in related to your actual problem.)

In order to address the client-side problem, you will need to adjust the CAS policy on each client machine.  Running a caspol script under an admin account is one way to do this--have you tried any variations on you caspol script since attempting to add what appears to be an internet site under the intranet code group?

Answer 7

ok so I tried to do this
caspol -machine -addfulltrust  c:\inetpub\wwwroot\myweb\myweb.dll
and got an ERROR: This assembly is not strong name signed

so then I signed the assembly in the project properties sign section
and then ran caspol again and the assembly became full trust

and now when I put the dll in the webpage nothing happens at all
and if I unsign the application I get the security permission error
note I tried sticking the mysignstring.snk
in every directory I could think of
and the website has the  trusted sites check
I really appreciate your help, this is so frustrating because it seems so simple
make a windows control library that access sql and run it in a webpage
what do you need to do to set it up correctly?

ps
a moderator moved my question into this forum.

Answer 8

Philip Tolk wrote:

so then I signed the assembly in the project properties sign section and then ran caspol again and the assembly became full trust and now when I put the dll in the webpage nothing happens at all

When IE hosts a Windows Forms control, permissions based on strong name evidence are ignored.  For more details and workarounds, see http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx.  (If you want to use strong name evidence, you'll need to add assertions to your code for high privilege permissions that you wish to exploit.)

 

Philip Tolk wrote:

note I tried sticking the mysignstring.snk in every directory I could think of and the website has the  trusted sites check

The SNK file is irrelevant at runtime.  Its sole purpose is to provide the key for strong name signing of your assembly.  At runtime, the strong name signature is read from the assembly only, not the SNK file.  (By the way, it's a very bad idea to publish a SNK file that contains a private signing key.)

Answer 9

Thank you so very much for your help, I have finally gotten the windows control library to run on my localhost by using the page
http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx
and follwing these instructions

To modify the policy to allow full trust for all Intranet assemblies:

1. Expand the All_Code code group
2. Right click the LocalIntranet_Zone code group, and select properties
3. Switch to the Permission Set tab, and select FullTrust

And then restarting

This may be another thread but its the same error
When I try to access the web via another computer on the network like this
http://192.168.0.102/myweb/index.html
I get the same security error as before
I tried modifying the security policy as above on the client machine
as well adding it as a trusted site etc etc

Also, although I dont know if this is the correct approach,
I got my dll to be strong named after
needing to reset the strong key name thing when I got the error KeySet not defined
sn -c
and then sn -k keyfile.snk worked
only after restarting VS
and then I followed these instructions

The easiest way to modify your security policy is by using the Microsoft .NET Framework Configuration utility from the control panel. You can also run this tool from the command line by running mscorcfg.msc.

1. Expand the Runtime Security Policy folder
2. Expand the Machine policy level
3. Expand the Code Groups folder

To modify the polcy to trust a specific strong name:

1. Right click on All_Code, and select New
2. Create a new code group for your strong name, and hit next
3. Select a strong name membership condition from the drop down box
4. Hit the import button, and select your assembly. The configuration tool will import your public key. If you want to trust everything you sign with this key, leave the name and version boxes unchecked
5. Select the FullTrust permission set

and it showed up in the assembly but still did nothing from the webpage so I had
to unsign the dll to get it to work again.
So if the webpage is in trusted internet zones and I set all of the zones to full trust from
mscorcfg.msc how could it still throw that security error in a webpage on the intranet?

I suppose I should add that all I am trying to do is

  ps = New PermissionSet(PermissionState.None)
        ps.AddPermission(New SocketPermission(PermissionState.Unrestricted))
        ps.AddPermission(New SecurityPermission(PermissionState.Unrestricted))
        ps.Assert()
which is throwing the security error

So I found the problem which is that more then 1 version of .net is running on the machine
after uninstalling the extra version it works
Thank you ever so much!!!! :)
Thanks again

Answer 10

Philip Tolk wrote:

When I try to access the web via another computer on the network like this http://192.168.0.102/myweb/index.html I get the same security error as before

Web site addresses that contain dots are assessed as belonging to the internet zone, even when using an IP address for a machine on the local network.  To avoid this problem, use the machine name rather than its IP address in the URL.

Philip Tolk wrote:

So I found the problem which is that more then 1 version of .net is running on the machine after uninstalling the extra version it works

IE-hosted controls will always be run under the most recent version of the .NET framework installed on a machine.  You can leave multiple versions of the .NET framework on client machines, but you should ensure that your CAS policy modifications target at least the most recent version of the framework installed on any given machine.

Answer 11

Thats an interesting discussion on "SecurityException"....

This thread is helpful for me in sorting out what my issue is all about though scenario is different. Please do let me know the reason for same error in my scenario.

 

Scenario: I am working on integrating an infopath form onto windows forms. Succeeded. I am trying to get data inside infopath form (not binded to windows form in this case) from SQL Express. I could able to access the static values of controls in infopath form using xml namespace. but couldnot bind the controls to database.

 

Error: The error occurs while opening a SQL connecition after defining it. It says "Request for permission of type System.Data.SqlClient.SqlClientPermission, System.Data, version=2.0.0.0, culture=neutral, public Token =... failed"

 

The following are troubleshooting tips:

1. Retrieve data from a webservice located on the same webservice from which it was deployed.

2. When deploying an office solution,check to make sure you have fullfield necessary security requirements.

3. Use a cretificate to obtain required permissions.

4. If an assembly implementing the custom security object references other assemblies to full trust assembly list.

 

 

 

 

do let me know how actually should I go about the scenario.. I have followed the links that were referred and also article on adding dll to code group http://msdn2.microsoft.com/en-us/library/w0fa60b5(vs.80,d=printer).aspx but i am not able to decide how to troubleshoot the issue...

 

Thanlks in advance..

Answer 12

 

Hi,

 

I have created a web part in ASP.Net. this web part is extracting data from the sql server database and displaying it on the web part page.

This web part is working fine with asp.net application, but when i deploy it with MOSS. it is reaising security exception error like.

 

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

 

I have made the entry under the safe control list of web.config file. but still i am getting error any suggestion wud be highly appreciable..

 

thanks you so much.

 

Regards,

Sanjiv Singh

Answer 13

 

Hi Philip,

 

I have created a web part in ASP.Net. this web part is extracting data from the sql server database and displaying it on the web part page.

This web part is working fine with asp.net application, but when i deploy it with MOSS. it is raising security exception error like.

 

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

 

I have made the entry under the safe control list of web.config file. but still i am getting error any suggestion wud be highly appreciable..

 

thanks you so much.

 

Regards,

Sanjiv Singh

Answer 14

 

Hi Sanjiv ,

I am facing same problem.Do u got the solution for it?

Please reply.

You can reach me  on bshekhar007@gmail.com

 

Thanks.

 

Answer 15

Hey

I Got the solution  .U jus need to add below code in ur class file..Here is the code

 

[AspNetHostingPermission(SecurityAction.Demand,
Level = AspNetHostingPermissionLevel.Unrestricted)]
[AspNetHostingPermission(SecurityAction.InheritanceDemand,
Level = AspNetHostingPermissionLevel.Unrestricted)]

 

Njoy..........

 

Answer 16

This worked for me (demand setting probably too, but only tried this one)

<AspNetHostingPermission(SecurityAction.InheritanceDemand)>


Also this worked

Setting the CAS | Machine | AllCode | LocalIntranet_Zone | Permission Set = "Full Trust"

(as noted previously, you have to watch out if you're running both Net 1.1 + 2.0, so configure the most recent)

Although the hosting permission solution much sweeter..

Answer 17

hi,

Go to the property page of your project,

in the security tab check the box: this is a full trust application

Answer 18

Hi,

 

I'm having the same problem. I creatd a webpart that access data from SQLExpress. I tried your solution but now Sharepoint is saying "Cannot import this Web Part" instead of "Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data..." error.

 

I have this code:

 

using System;

using System.Runtime.InteropServices;

using System.Xml.Serialization;

using System.Data;

using System.Data.SqlClient;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Security.Permissions;

using Microsoft.SharePoint;

using Microsoft.SharePoint.WebControls;

using Microsoft.SharePoint.WebPartPages;

 

namespace TestWebParts

{

[XmlRoot(Namespace = "TestWebParts")]

[AspNetHostingPermission(SecurityAction.Demand,Level = AspNetHostingPermissionLevel.Unrestricted)]

[AspNetHostingPermission(SecurityAction.InheritanceDemand,Level = AspNetHostingPermissionLevel.Unrestricted)]

public class MyWebPart : System.Web.UI.WebControls.WebParts.WebPart

{

...

}

}

 

Thanks for your help in advance.

 

Answer 19

Finally! A solution that makes sense.  You the man Philip Tolk!

 

Answer 20

 

how we can handle this exception.

This exception is come in some database in local interanet

Language is C#.net & SQL Server 2005

 

please give me solution.

 

 

Answer 21

what i do???

Answer 22

Hi guys,

• This was my problem: I wanted to use an assembly from an .aspx page deployed under sharepoint (i mean in the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS. The problem is that i can't put the assembly in the gac cos security reason and other motivations.

• Solution

            I first added these attributes the to the class:

        [AspNetHostingPermission(SecurityAction.Demand, Level = AspNetHostingPermissionLevel.Unrestricted)]
        [AspNetHostingPermission(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Unrestricted)]
        [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Unrestricted)]

        The error changed but became this: 

            System.Web.AspNetHostingPermission....

        Then I modified the web.config: 

            <trust level="Full" />


Hope this help,
Ale

---

AG

Answer 23

For VB.NET:

<AspNetHostingPermission(SecurityAction.Demand, Level:=AspNetHostingPermissionLevel.Unrestricted)> _
<AspNetHostingPermission(SecurityAction.InheritanceDemand, Level:=AspNetHostingPermissionLevel.Unrestricted)> _

Answer 24

Alessandro Gambaro , you know your stuff broer. I can't thank you enough. I spent the whole day trying to figure this one out, and you hit the nail in the head. Thank you!!!

Answer 25

Hi, I had the same problem,  trying to add a web part under sharepoint which have need in a sql connction. After searching a day I found a good article on msdn that explains the "Code Access Security with ASP.Net" http://msdn.microsoft.com/en-us/library/aa302425.aspx

Because in the sharepoint web.config trust level was set to minimal, my attempts to change the .Net configuration to set full trust to intranet assemblies or using SqlPClientermission attribute din't helped at all.  

There was 2 solution: Customizing policy or Sandboxing.  

Hopefully sharepoint already have 2 custom policy "WSS_Medium", "WSS_Minimal" (i din't had to add my own) and for me all ended just setting the trust level from <trust level="WSS_Minimal"> to <trust level="WSS_Medium" />

I won't recommend to give assemblies more permission than they need so before setting in web.config <trust level="Full" /> find out if  other permission like "hight", "medium","low" are enough for you, or make a custom policy just for your case. 

Answer 26

Where exactly do you add this code? I have a class for db access... Should I Add this at the top of that class??

Answer 27

The easiest way to solev this problem

1. Go to Solution Explorer

2. Right click on the project name

3. Select Properties

4. Click on the Security Tab

5. Check the Enable ClickOne Security Settings

6. Click This is a full trust application