none
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data

    Question

  • I have created a windows library control that accesses a local sql database

    I tried the following strings for connecting

    Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Trusted_Connection = true"

    Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Integrated Security=SSPI"

     

    I am not running the webpage in a virtual directory but in

    C:\Inetpub\wwwroot\usercontrol

    and I have a simple index.html that tries to read from an sql db but throws

    the error

    System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
       at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
       at System.Security.PermissionSet.Demand()
       at System.Data.Common.DbConnectionOptions.DemandPermission()
       at System.Data.SqlClient.SqlConnection.PermissionDemand()
       at System.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnection outerConnection)
       at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection,

    etc etc

     The action that failed was:
    Demand
    The type of the first permission that failed was:
    System.Data.SqlClient.SqlClientPermission
    The Zone of the assembly that failed was:
    Trusted


    I looked into the .net config utility but it says unrestricted and I tried adding it to the trusted internet zones in ie options security

    I think that a windows form connecting to a sql database running in a webpage should be simple

    to configure what am I missing?

    Monday, August 21, 2006 11:35 PM

Answers

  • Thank you so very much for your help, I have finally gotten the windows control library to run on my localhost by using the page
    http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx
    and follwing these instructions

    To modify the policy to allow full trust for all Intranet assemblies:

    1. Expand the All_Code code group
    2. Right click the LocalIntranet_Zone code group, and select properties
    3. Switch to the Permission Set tab, and select FullTrust
    And then restarting

    This may be another thread but its the same error
    When I try to access the web via another computer on the network like this
    http://192.168.0.102/myweb/index.html
    I get the same security error as before
    I tried modifying the security policy as above on the client machine
    as well adding it as a trusted site etc etc

    Also, although I dont know if this is the correct approach,
    I got my dll to be strong named after
    needing to reset the strong key name thing when I got the error KeySet not defined
    sn -c
    and then sn -k keyfile.snk worked
    only after restarting VS
    and then I followed these instructions

    The easiest way to modify your security policy is by using the Microsoft .NET Framework Configuration utility from the control panel. You can also run this tool from the command line by running mscorcfg.msc.

    1. Expand the Runtime Security Policy folder
    2. Expand the Machine policy level
    3. Expand the Code Groups folder

    To modify the polcy to trust a specific strong name:

    1. Right click on All_Code, and select New
    2. Create a new code group for your strong name, and hit next
    3. Select a strong name membership condition from the drop down box
    4. Hit the import button, and select your assembly. The configuration tool will import your public key. If you want to trust everything you sign with this key, leave the name and version boxes unchecked
    5. Select the FullTrust permission set


    and it showed up in the assembly but still did nothing from the webpage so I had
    to unsign the dll to get it to work again.
    So if the webpage is in trusted internet zones and I set all of the zones to full trust from
    mscorcfg.msc how could it still throw that security error in a webpage on the intranet?

    I suppose I should add that all I am trying to do is

      ps = New PermissionSet(PermissionState.None)
            ps.AddPermission(New SocketPermission(PermissionState.Unrestricted))
            ps.AddPermission(New SecurityPermission(PermissionState.Unrestricted))
            ps.Assert()
    which is throwing the security error

    So I found the problem which is that more then 1 version of .net is running on the machine
    after uninstalling the extra version it works
    Thank you ever so much!!!! :)
    Thanks again
    Tuesday, August 29, 2006 11:29 PM

All replies

  • See http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx for an explanation of why your IE-hosted control may not be running with the permission grant that you expect and some workarounds to avoid the problem.  In your case, one other option might be to broker your db calls via a web service running from the server hosting your control, which could allow you to run within the default CAS permission grant for the intranet zone.
    Wednesday, August 23, 2006 6:49 PM
  • Thank you for the link,
    I dont understand how to do this

    "The first way is to create a code group that matches the evidence that the AppDomain is getting, using a SiteMembershipCondition or a ZoneMembershipCondition, and trust that. The other is to Assert() all the permissions that your assembly needs at its entry points.
    "

    And I would just like to say, I am trying to do perhaps one of the easiest and common scenarios imaginable and having enormous trouble, it cant possibly be this complicated!
    I tried with no success
    caspol -m -ag 1.2 -url http://YourSite.com/* FullTrust
    Anyway, Thanks again I will continue to try to figure out what its talking about :)
    Wednesday, August 23, 2006 11:22 PM
  • Are you trying to add an internet site (YourSite.com) under the intranet zone code group?  This won't work since your assembly won't be able to meet the membership criteria for both code groups.  If the control is hosted on an internet site, add your URL membership code group under the code group for the internet zone.
    Thursday, August 24, 2006 12:04 PM
  • Hi Philip!

    You are likely using SAFE assembly. An assembly should be at least EXTERNAL_ACCESS to be able to connect using network protocols.

    Thank you,

    Vadim

    Thursday, August 24, 2006 4:57 PM
  • I just want to be extremely clear about what I am doing.
    Straight out of the box I make a windows library control
    that runs in a webpage and accesses SQL.
    Very simple and straightforward
    and I just need some very clear steps to follow
    I am running a webserver IIS with microsoft SQL and have a windows control library that
    wants to access the SQL DataBase
    I cannot find any clear instructions on how to make this happen.
    That being said

    I found
    the following post
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=108305&SiteID=1
    based on your suggestion to create an external_key
    and the link on that page no longer works and the first link on the page didnt work for me
    and the other suggestion on the page had some errors

    USE [master]  CREATE ASYMMETRIC KEY HelloWorldKey FROM EXECUTABLE FILE = 'C:\HelloWorld.dll' CREATE LOGIN HelloWorldLogin FROM ASYMMETRIC KEY HelloWorldKey GRANT EXTERNAL ACCESS ASSEMBLY TO HelloWorldLogin

    Msg 15208, Level 16, State 1, Line 1
    The certificate, asymmetric key, or private key file does not exist or has invalid format.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the asymmetric key 'myKey', because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the login 'myLogin', because it does not exist or you do not have permission.

    Sunday, August 27, 2006 8:30 PM
  • Changing unrelated assembly permissions within SQL Server will have no effect on the client-side SecurityException you are encountering.  (You're getting advice to try this because you posted your question to a forum dedicated to SQLCLR, which doesn't seem to be in related to your actual problem.)

    In order to address the client-side problem, you will need to adjust the CAS policy on each client machine.  Running a caspol script under an admin account is one way to do this--have you tried any variations on you caspol script since attempting to add what appears to be an internet site under the intranet code group?

    Monday, August 28, 2006 4:59 PM
  • ok so I tried to do this
    caspol -machine -addfulltrust  c:\inetpub\wwwroot\myweb\myweb.dll
    and got an ERROR: This assembly is not strong name signed

    so then I signed the assembly in the project properties sign section
    and then ran caspol again and the assembly became full trust

    and now when I put the dll in the webpage nothing happens at all
    and if I unsign the application I get the security permission error
    note I tried sticking the mysignstring.snk
    in every directory I could think of
    and the website has the  trusted sites check
    I really appreciate your help, this is so frustrating because it seems so simple
    make a windows control library that access sql and run it in a webpage
    what do you need to do to set it up correctly?

    ps
    a moderator moved my question into this forum.

    Monday, August 28, 2006 7:17 PM
  •  Philip Tolk wrote:
    so then I signed the assembly in the project properties sign section
    and then ran caspol again and the assembly became full trust

    and now when I put the dll in the webpage nothing happens at all

    When IE hosts a Windows Forms control, permissions based on strong name evidence are ignored.  For more details and workarounds, see http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx.  (If you want to use strong name evidence, you'll need to add assertions to your code for high privilege permissions that you wish to exploit.)

     

     Philip Tolk wrote:
    note I tried sticking the mysignstring.snk
    in every directory I could think of
    and the website has the  trusted sites check

    The SNK file is irrelevant at runtime.  Its sole purpose is to provide the key for strong name signing of your assembly.  At runtime, the strong name signature is read from the assembly only, not the SNK file.  (By the way, it's a very bad idea to publish a SNK file that contains a private signing key.)

    • Proposed as answer by Sk0rpy0 Friday, June 22, 2012 3:21 PM
    Tuesday, August 29, 2006 1:34 PM
  • Thank you so very much for your help, I have finally gotten the windows control library to run on my localhost by using the page
    http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx
    and follwing these instructions

    To modify the policy to allow full trust for all Intranet assemblies:

    1. Expand the All_Code code group
    2. Right click the LocalIntranet_Zone code group, and select properties
    3. Switch to the Permission Set tab, and select FullTrust
    And then restarting

    This may be another thread but its the same error
    When I try to access the web via another computer on the network like this
    http://192.168.0.102/myweb/index.html
    I get the same security error as before
    I tried modifying the security policy as above on the client machine
    as well adding it as a trusted site etc etc

    Also, although I dont know if this is the correct approach,
    I got my dll to be strong named after
    needing to reset the strong key name thing when I got the error KeySet not defined
    sn -c
    and then sn -k keyfile.snk worked
    only after restarting VS
    and then I followed these instructions

    The easiest way to modify your security policy is by using the Microsoft .NET Framework Configuration utility from the control panel. You can also run this tool from the command line by running mscorcfg.msc.

    1. Expand the Runtime Security Policy folder
    2. Expand the Machine policy level
    3. Expand the Code Groups folder

    To modify the polcy to trust a specific strong name:

    1. Right click on All_Code, and select New
    2. Create a new code group for your strong name, and hit next
    3. Select a strong name membership condition from the drop down box
    4. Hit the import button, and select your assembly. The configuration tool will import your public key. If you want to trust everything you sign with this key, leave the name and version boxes unchecked
    5. Select the FullTrust permission set


    and it showed up in the assembly but still did nothing from the webpage so I had
    to unsign the dll to get it to work again.
    So if the webpage is in trusted internet zones and I set all of the zones to full trust from
    mscorcfg.msc how could it still throw that security error in a webpage on the intranet?

    I suppose I should add that all I am trying to do is

      ps = New PermissionSet(PermissionState.None)
            ps.AddPermission(New SocketPermission(PermissionState.Unrestricted))
            ps.AddPermission(New SecurityPermission(PermissionState.Unrestricted))
            ps.Assert()
    which is throwing the security error

    So I found the problem which is that more then 1 version of .net is running on the machine
    after uninstalling the extra version it works
    Thank you ever so much!!!! :)
    Thanks again
    Tuesday, August 29, 2006 11:29 PM
  •  Philip Tolk wrote:
    When I try to access the web via another computer on the network like this
    http://192.168.0.102/myweb/index.html
    I get the same security error as before

    Web site addresses that contain dots are assessed as belonging to the internet zone, even when using an IP address for a machine on the local network.  To avoid this problem, use the machine name rather than its IP address in the URL.


     Philip Tolk wrote:
    So I found the problem which is that more then 1 version of .net is running on the machine
    after uninstalling the extra version it works

    IE-hosted controls will always be run under the most recent version of the .NET framework installed on a machine.  You can leave multiple versions of the .NET framework on client machines, but you should ensure that your CAS policy modifications target at least the most recent version of the framework installed on any given machine.

    Wednesday, August 30, 2006 1:09 PM
  • Thats an interesting discussion on "SecurityException"....

    This thread is helpful for me in sorting out what my issue is all about though scenario is different. Please do let me know the reason for same error in my scenario.

     

    Scenario: I am working on integrating an infopath form onto windows forms. Succeeded. I am trying to get data inside infopath form (not binded to windows form in this case) from SQL Express. I could able to access the static values of controls in infopath form using xml namespace. but couldnot bind the controls to database.

     

    Error: The error occurs while opening a SQL connecition after defining it. It says "Request for permission of type System.Data.SqlClient.SqlClientPermission, System.Data, version=2.0.0.0, culture=neutral, public Token =... failed"

     

    The following are troubleshooting tips:

    1. Retrieve data from a webservice located on the same webservice from which it was deployed.

    2. When deploying an office solution,check to make sure you have fullfield necessary security requirements.

    3. Use a cretificate to obtain required permissions.

    4. If an assembly implementing the custom security object references other assemblies to full trust assembly list.

     

     

     

     

    do let me know how actually should I go about the scenario.. I have followed the links that were referred and also article on adding dll to code group http://msdn2.microsoft.com/en-us/library/w0fa60b5(vs.80,d=printer).aspx but i am not able to decide how to troubleshoot the issue...

     

    Thanlks in advance..

    Thursday, July 05, 2007 5:18 AM
  •  

    Hi,

     

    I have created a web part in ASP.Net. this web part is extracting data from the sql server database and displaying it on the web part page.

    This web part is working fine with asp.net application, but when i deploy it with MOSS. it is reaising security exception error like.

     

    Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

     

    I have made the entry under the safe control list of web.config file. but still i am getting error any suggestion wud be highly appreciable..

     

    thanks you so much.

     

    Regards,

    Sanjiv Singh

    Thursday, December 06, 2007 10:19 AM
  •  

    Hi Philip,

     

    I have created a web part in ASP.Net. this web part is extracting data from the sql server database and displaying it on the web part page.

    This web part is working fine with asp.net application, but when i deploy it with MOSS. it is raising security exception error like.

     

    Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

     

    I have made the entry under the safe control list of web.config file. but still i am getting error any suggestion wud be highly appreciable..

     

    thanks you so much.

     

    Regards,

    Sanjiv Singh

    Thursday, December 06, 2007 10:24 AM
  •  

    Hi Sanjiv ,

    I am facing same problem.Do u got the solution for it?

    Please reply.

    You can reach me  on bshekhar007@gmail.com

     

    Thanks.

     

    Friday, February 01, 2008 10:24 AM
  • Hey

    I Got the solution  .U jus need to add below code in ur class file..Here is the code

     

    [AspNetHostingPermission(SecurityAction.Demand,
    Level = AspNetHostingPermissionLevel.Unrestricted)]
    [AspNetHostingPermission(SecurityAction.InheritanceDemand,
    Level = AspNetHostingPermissionLevel.Unrestricted)]

     

    Njoy..........

     

    Friday, February 01, 2008 11:43 AM


  • This worked for me (demand setting probably too, but only tried this one)

    <AspNetHostingPermission(SecurityAction.InheritanceDemand)>


    Also this worked
    Setting the CAS | Machine | AllCode | LocalIntranet_Zone | Permission Set = "Full Trust"

    (as noted previously, you have to watch out if you're running both Net 1.1 + 2.0, so configure the most recent)

    Although the hosting permission solution much sweeter..

    Saturday, June 21, 2008 11:05 PM
  • hi,

    Go to the property page of your project,

    in the security tab check the box: this is a full trust application

    Wednesday, July 16, 2008 11:00 AM
  • Hi,

     

    I'm having the same problem. I creatd a webpart that access data from SQLExpress. I tried your solution but now Sharepoint is saying "Cannot import this Web Part" instead of "Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data..." error.

     

    I have this code:

     

    using System;

    using System.Runtime.InteropServices;

    using System.Xml.Serialization;

    using System.Data;

    using System.Data.SqlClient;

    using System.Web;

    using System.Web.UI;

    using System.Web.UI.WebControls;

    using System.Web.UI.WebControls.WebParts;

    using System.Security.Permissions;

    using Microsoft.SharePoint;

    using Microsoft.SharePoint.WebControls;

    using Microsoft.SharePoint.WebPartPages;

     

    namespace TestWebParts

    {

    [XmlRoot(Namespace = "TestWebParts")]

    [AspNetHostingPermission(SecurityAction.Demand,Level = AspNetHostingPermissionLevel.Unrestricted)]

    [AspNetHostingPermission(SecurityAction.InheritanceDemand,Level = AspNetHostingPermissionLevel.Unrestricted)]

    public class MyWebPart : System.Web.UI.WebControls.WebParts.WebPart

    {

    ...

    }

    }

     

    Thanks for your help in advance.

     

    Sunday, July 20, 2008 12:17 PM
  • Finally! A solution that makes sense.  You the man Philip Tolk!

     

    Wednesday, July 30, 2008 2:42 AM
  •  

    how we can handle this exception.

    This exception is come in some database in local interanet

    Language is C#.net & SQL Server 2005

     

    please give me solution.

     

     

    Monday, October 27, 2008 4:57 AM
  • what i do???

    Monday, October 27, 2008 5:00 AM
  • Hi guys,

    • This was my problem: I wanted to use an assembly from an .aspx page deployed under sharepoint (i mean in the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS. The problem is that i can't put the assembly in the gac cos security reason and other motivations.
    • Solution

                I first added these attributes the to the class:

            [AspNetHostingPermission(SecurityAction.Demand, Level = AspNetHostingPermissionLevel.Unrestricted)]
            [
    AspNetHostingPermission(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Unrestricted)]
            [
    AspNetHostingPermission(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Unrestricted)]

            The error changed but became this: 

                System.Web.AspNetHostingPermission....

            Then I modified the web.config: 

                <trust level="Full" />


    Hope this help,
    Ale


    AG
    Thursday, March 26, 2009 10:34 AM
  • For VB.NET:

    <AspNetHostingPermission(SecurityAction.Demand, Level:=AspNetHostingPermissionLevel.Unrestricted)> _
    <AspNetHostingPermission(SecurityAction.InheritanceDemand, Level:=AspNetHostingPermissionLevel.Unrestricted)> _

    Thursday, January 28, 2010 8:44 PM
  • Alessandro Gambaro , you know your stuff broer. I can't thank you enough. I spent the whole day trying to figure this one out, and you hit the nail in the head. Thank you!!!
    Thursday, April 08, 2010 3:03 PM
  • Hi, I had the same problem,  trying to add a web part under sharepoint which have need in a sql connction. After searching a day I found a good article on msdn that explains the "Code Access Security with ASP.Net" http://msdn.microsoft.com/en-us/library/aa302425.aspx

    Because in the sharepoint web.config trust level was set to minimal, my attempts to change the .Net configuration to set full trust to intranet assemblies or using SqlPClientermission attribute din't helped at all.  

    There was 2 solution: Customizing policy or Sandboxing.  

    Hopefully sharepoint already have 2 custom policy "WSS_Medium", "WSS_Minimal" (i din't had to add my own) and for me all ended just setting the trust level from <trust level="WSS_Minimal"> to <trust level="WSS_Medium" />

    I won't recommend to give assemblies more permission than they need so before setting in web.config <trust level="Full" /> find out if  other permission like "hight", "medium","low" are enough for you, or make a custom policy just for your case. 

    Wednesday, August 04, 2010 8:56 AM
  • Where exactly do you add this code? I have a class for db access... Should I Add this at the top of that class??
    Sunday, May 22, 2011 11:56 AM
  • The easiest way to solev this problem

    1. Go to Solution Explorer

    2. Right click on the project name

    3. Select Properties

    4. Click on the Security Tab

    5. Check the Enable ClickOne Security Settings

    6. Click This is a full trust application

    Thursday, October 13, 2011 1:03 PM