Security Exception - File Upload

Question

User-1720999202 posted

Hello,

I have migrated an ASP+ASP.NET project (having a common web.config, with code in separate subfolders.) to BigRock.

There is a file upload module in the ASP.NET component. I'm getting Security Exception when trying to upload file to server.

After referring to FAQ, I have set the CAS level to full in Bigrock Plesk Panel

and have also added <trust level = full> as mentioned in FAQ https://forums.asp.net/t/1544792.aspx#_How_do_I7

However, <trust level = full> causes following error on all pages.

Following is the web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <appSettings>    
      <add key="ConnectionString" value="server=**.**.**.**;database=dbname;user id=********;password=********" />
      <add key="ConfirmationEmailId" value="*****@*****.com" />
    <add key="fromEmail" value="admin@*******.com" /> 
    <add key="keyname1" value="http://subdomain.domain.com/subfolder" />
  </appSettings>  
  <system.web>    
    <!--OLD <compilation defaultLanguage="vb" debug="false" /> -->
    <compilation debug="true" />
  
    <customErrors mode="Off" />    
    <authentication mode="None" /> 
    <authorization>
        <allow users="*" /> <!-- Allow all users -->
    </authorization>
    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
    <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=intranetserver;user id=****;password=*******" cookieless="false" timeout="20" />
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

    <!-- Trust level FULL as Issue uploading file -->
    <!-- <securityPolicy>
      <trustLevel name="Full"/>
    </securityPolicy> -->
    <!-- <trust level="Full"/> -->   
  </system.web>
    <system.webServer>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="ASP" areas="" verbosity="Verbose" />
                        <add provider="ASPNET" areas="AppServices,Infrastructure,Module,Page" verbosity="Verbose" />
                        <add provider="ISAPI Extension" areas="" verbosity="Verbose" />
                        <add provider="WWW Server" areas="Authentication,Cache,CGI,Compression,FastCGI,Filter,Module,RequestNotifications,RequestRouting,Rewrite,Security,StaticFile,WebSocket" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions statusCodes="500" />
                </add>
            </traceFailedRequests>
        </tracing>
        <!-- 20180803 -->
        <httpErrors errorMode="Detailed" />
    </system.webServer>

<!-- <location path="***.*****.com" allowOverride="true">
  <system.web>
    <trust level="Full" originUrl=""/>
  </system.web>
</location> -->

</configuration>

Answer 1

User-821857111 posted

File Uploading should work in medium trust. However, you might be trying to write/save the file to a location that doesn't have the correct permissions (WRITE) allocated to it. Otherwise you need to take the issue up with the hosting company as it is clearly environment-specific.

Answer 2

User-1720999202 posted

Thank-you, Sir.

The Hosting provided (Bigrock) had restricted the trust level settings. They have set it to Full and now file uploading is working.