Request for principal permission failed

Question

User-626088549 posted

I just upgraded our solution to .NET 4.0 from 3.5. Now, when I run on my local machine I get the error in the subject with the follow stack trace:

[SecurityException: Request for principal permission failed.] System.Security.Permissions.PrincipalPermission.ThrowSecurityException() +3063281 System.Security.Permissions.PrincipalPermission.Demand() +419 System.Security.PermissionSet.DemandNonCAS() +117 Default..ctor() +46 ASP.default_aspx..ctor() in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\portal2\cd038864\2f003115\App_Web_nnaicimo.1.cs:0 __ASP.FastObjectFactory_app_web_nnaicimo.Create_ASP_default_aspx() in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\portal2\cd038864\2f003115\App_Web_nnaicimo.7.cs:0 System.Web.Compilation.BuildResultCompiledType.CreateInstance() +30 System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) +100 System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +31 System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +64 System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig) +191 System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +145 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Any idea why this problem arises after the conversion?

Thanks,

Answer 1

User-484054684 posted

You might need to cross check the following:

1. AppPool user is correct and has right permissions.

2. marking Trust level to full in web.config to see if this is causing the issue. <trust level="Full" />

3. Verify the <authentication tags to get the clue of which user is running the piece.

Reference: http://stackoverflow.com/questions/8812926/system-security-securityexception-request-for-principal-permission-failed

Answer 2

User-626088549 posted

1. This is running on localhost Cassini web server.

2. Just tried that, didn't help.

3. authentcation is set to none as we use a custom HttpModule. Though, it seems the modules are not executing.

Answer 3

User-484054684 posted

Are you using ASP.NET Membership?

Answer 4

User-626088549 posted

We are not. It's a custom authentication mechanism that builds a cookie like this:

                FormsAuthenticationTicket ticket =
                    MyAuthenticationFilter.CreateFormsAuthenticationTicketFromPrincipal(authenticatedPrincipal);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(MyAuthenticationFilter.My_AUTH_PRINCIPAL_COOKIE_NAME, encryptedTicket);
                app.Context.Response.Cookies.Add(cookie);

                app.Context.User = authenticatedPrincipal;

Answer 5

User-484054684 posted

Ok, I don't see any other clues at the moment other than the ones I mentioned.

I would let the other experts in this forum to share any other clues.

Answer 6

User465171450 posted

Make sure you have an appropriate <authentication> element to your web.config. Even if you are rolling your own it should require this for the forms authentication ticket.

Answer 7

User-626088549 posted

Make sure you have an appropriate <authentication> element to your web.config. Even if you are rolling your own it should require this for the forms authentication ticket.

There is one:

<authentication mode="None" />

It's been that way for years and has worked fine. It's only when I updated to 4.0 that I've had this problem, which is why I'm so boggled.

Answer 8

User-484054684 posted

Pleaes check if there are any assemblies that were signed before and forgot to sign during the upgradation?

Reference: http://stackoverflow.com/a/12784796

Also came across this thread, if impersonalization accounts are creating the problem for you.

http://forums.asp.net/t/1486937.aspx?Security+Exception+Handling+in+Global+asax+does+not+work+on+IIS

Answer 9

User-626088549 posted

I was able to figure this out. It had to do with the built-in web server in Visual Studio requiring the older web.config entries for httpModules instead of the modules entries under the system.webServer section.