Redirecting from HttpModule/Global.asax in Medium Trust RRS feed

  • Question

  • User1794697167 posted

    I am attempting to do a redirect from an Application_Error handler. Nothing fancy at all.


    private void Application_Error(object sender, EventArgs e)
    // ...snip...
    Server.Transfer(somePath, false);
    // ...snip...

    This works great under Full trust, but I need to get it to work under Medium trust. The code I'm working on here needs to function properly in a shared hosting environment (Unfortunately, I have no control over this requirement).

    However, when I configure the site as follows in our dev environment (XP Pro / IIS 5.1) for testing purposes:


    <trust level="Medium"/>

    It fails with the following error:


    Request for the permission of type
    'System.Security.Permissions.SecurityPermission, mscorlib,
    Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'

    at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
    at System.Security.CodeAccessPermission.Demand()
    at System.Web.HttpWorkerRequest.SendResponseFromMemory(IntPtr data, Int32 length)
    at System.Web.HttpWorkerRequest.SendResponseFromMemory(IntPtr data, Int32 length, Boolean isBufferFromUnmanagedPool)
    at System.Web.HttpResponseUnmanagedBufferElement.
    System.Web.IHttpResponseElement.Send(HttpWorkerRequest wr)
    at System.Web.HttpWriter.Send(HttpWorkerRequest wr)
    at System.Web.HttpResponse.Flush(Boolean finalFlush)
    at System.Web.HttpResponse.Flush()
    at System.Web.HttpResponse.End()
    at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)

    A couple of other things of note:

    • This happens whether from Global.asax or from an HttpModule.
    • This also happens with Response.Redirect(somePath).


    So, why can't I do a simple redirect from a module in medium trust?

    Appreciate any insight you can provide. I have Googled my a$$ off over this, and no joy.


    Sunday, March 8, 2009 11:31 AM

All replies

  • User1747761241 posted

    With out seeing your other snips and becaue it also happens with response.redirect I'm guessing is something more in your proprietary code.

    I've been successful using response.redirect from error.aspx in a bunch of shared hosting environments.  Here's the retry code I put into my website to handle session timeout.  Its in the error.aspx that is defined as default error page in web.config.

    /*as is no warranty or support on this code*/

    1     Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    2            'check for a retry in the session variable
    3            'nothing found then redirect back.
    4            Try
    5                If Session("retry") Is Nothing Then
    6                    Session.Add("retry", 0)
    7                End If
    8                Dim x As Integer = Session("retry")
    9                x += 1
    10               Session("retry") = x
    11               If x &lt; 8 Then
    12                   Response.Redirect("~" + Request.QueryString("aspxerrorpath"))
    13               End If
    14           Catch ex As Exception
    15           End Try
    16       End Sub
    Monday, March 9, 2009 7:44 AM
  • User1794697167 posted

    It appears what you're doing here is a redirect from a page.

    That's not my issue. My issue is happening on redirect/transfer in an HttpModule, not a page.

    Monday, March 9, 2009 11:56 AM
  • User793131039 posted

    Hi Lee,

    Wanted to know if you've been able to solve this issue, or have been able find a resolution to it. I have the exact same problem.



    Monday, May 18, 2009 3:11 PM
  • User1794697167 posted

    Yes, I did. It was really complex and obscure, but I eventually did figure it out on my own.

    I am planning to blog the answer on this, as I have heard from others who have the issue, and there's no way to do it justice in a quick forum answer. Subscribe to my blog so you won't miss it.


    I should be able to get this posted in the next week or so.

    Tuesday, June 2, 2009 4:03 PM