locked
Problem with the Security RRS feed

  • Question

  • User1856013306 posted

    Hello together,

     
    i get a problem in case of deploying my web application on the 1&1 server (web hosting). My webapp works perfect local, but at the server i get a security exception:
     

    Server Error in '/' Application.


    Security Exception

    Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Source Error: 

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace: 

    [SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
       System.Delegate.DelegateConstruct(Object target, IntPtr slot) +0
       Owin.Loader.DefaultLoader..ctor(Func`3 next, Func`2 activator, IEnumerable`1 referencedAssemblies) +69
       Microsoft.Owin.Host.SystemWeb.OwinBuilder.GetAppStartup() +65
       Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +28
       System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) +115
       Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106
       System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +418
       System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172
       System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +336
       System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +296
    with debug:
    <fieldset>

    HTTP Error 500.19 - Internal Server Error

    The requested page cannot be accessed because the related configuration data for the page is invalid.

    </fieldset>
    <fieldset><legend>Detailed Error Information</legend>
    Module ConfigurationValidationModule
    Notification BeginRequest
    Handler ExtensionlessUrlHandler-Integrated-4.0
    Error Code 0x80070021
    Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
    Config File \\?\E:\kunden\homepages\1\d517996025\www\asphomepage_notfall\web.config
    Requested URL http://notfall.jl-holz.de:80/
    Physical Path E:\kunden\homepages\1\d517996025\www\asphomepage_notfall
    Logon Method Not yet determined
    Logon User Not yet determined
    Failed Request Tracing Log Directory faultRequestLogPath
    </fieldset>
    <fieldset><legend>Config Source</legend>
       16:     <customErrors mode="Off"/>
       17:     <identity impersonate="true"/>
       18:     <authentication mode="None" />
    
    </fieldset>
    <fieldset><legend>Links and More Information</legend>This error occurs when there is a problem reading the configuration file for the Web server or Web application. In some cases, the event logs may contain more information about what caused this error.

    View more information »

    </fieldset>
    I know, that 1&1 only allow a medium trust level, but i don't find the component of my webapp, which throws a security exception. Does somebody knows a solution? :)
     
     
     
    P.S: This is my web.config:
     
    <?xml version="1.0" encoding="utf-8"?>
    <!--
      Weitere Informationen zum Konfigurieren der ASP.NET-Anwendung finden Sie unter
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    <configuration>
      <configSections>
        <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
        <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
      </configSections>
      <connectionStrings>
        <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-jl-holz-23102014-20141023095200.mdf;Initial Catalog=aspnet-jl-holz-23102014-20141023095200;Integrated Security=True"
          providerName="System.Data.SqlClient" />
      </connectionStrings>
      <system.web>
        <customErrors mode="Off"/>
        <authentication mode="None" />
        <compilation debug="true" targetFramework="4.5" />
        <httpRuntime targetFramework="4.5" />
        <pages>
          <namespaces>
            <add namespace="System.Web.Optimization" />
            <add namespace="Microsoft.AspNet.Identity" />
          </namespaces>
          <controls>
            <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
          </controls>
        </pages>
        <membership>
          <providers>
            <!--
          Die ASP.NET-Mitgliedschaft ist in dieser Vorlage deaktiviert. Besuchen Sie den folgenden Link http://go.microsoft.com/fwlink/?LinkId=301889, um Informationen zur Mitgliedschaftsunterstützung von ASP.NET in dieser Vorlage zu erhalten.
            -->
            <clear />
          </providers>
        </membership>
        <profile>
          <providers>
            <!--
          Das ASP.NET-Mitgliedschaftsprofil ist in dieser Vorlage deaktiviert. Besuchen Sie den folgenden Link http://go.microsoft.com/fwlink/?LinkId=301889, um Informationen zur Mitgliedschaftsunterstützung von ASP.NET in dieser Vorlage zu erhalten.
            -->
            <clear />
          </providers>
        </profile>
        <roleManager>
          <!--
            Die ASP.NET-Mitgliedschaftsrolle ist in dieser Vorlage deaktiviert. Besuchen Sie den folgenden Link http://go.microsoft.com/fwlink/?LinkId=301889, um Informationen zur Mitgliedschaftsunterstützung von ASP.NET in dieser Vorlage zu erhalten.
            -->
          <providers>
            <clear />
          </providers>
        </roleManager>
        <!--
                Wenn die Bereitstellung in einer Cloud-Umgebung erfolgt, die über mehrere Webserverinstanzen verfügt,
                sollten Sie den Sitzungsstatusmodus aus "InProc" in "Custom" ändern. Ändern Sie
                außerdem die Verbindungszeichenfolge namens "DefaultConnection" so, dass eine Verbindung mit einer Instanz
                von SQL Server (einschließlich SQL Azure und SQL  Compact) anstatt mit SQL Server Express hergestellt wird.
          -->
        <sessionState mode="InProc" customProvider="DefaultSessionProvider">
          <providers>
            <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
          </providers>
        </sessionState>
      </system.web>
      <system.webServer>
        <modules>
          <remove name="FormsAuthenticationModule" />
        </modules>
      </system.webServer>
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <dependentAssembly>
            <assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
      <entityFramework>
        <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
          <parameters>
            <parameter value="v11.0" />
          </parameters>
        </defaultConnectionFactory>
        <providers>
          <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
        </providers>
      </entityFramework>
    </configuration>
    Thursday, October 23, 2014 5:56 PM

Answers

  • User311508580 posted

    Hey dotnetnerd,

    the Problem is, that my hoster dont allow full permission. Does somebody know a possibility to get my webapp working without full permission? What should i do?

    P.S: sorry for my bad english

    Hi Sinatic,

    From the above error message it is clearly show that your web app requires full trust permission. Without full permission, your web app wont work. You need to find hosting provider that offer full trust hosting

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 27, 2014 11:11 AM

All replies

  • User311508580 posted

    Hi sinatic,

    From the error message it is because the permission issue. Please just give full permission and it will fix your issue. Or you can contact your hosting provider to give the permission for you

    Thursday, October 23, 2014 10:45 PM
  • User1856013306 posted

    Hey dotnetnerd,

    the Problem is, that my hoster dont allow full permission. Does somebody know a possibility to get my webapp working without full permission? What should i do?

    P.S: sorry for my bad english

    Friday, October 24, 2014 1:35 AM
  • User311508580 posted

    Hey dotnetnerd,

    the Problem is, that my hoster dont allow full permission. Does somebody know a possibility to get my webapp working without full permission? What should i do?

    P.S: sorry for my bad english

    Hi Sinatic,

    From the above error message it is clearly show that your web app requires full trust permission. Without full permission, your web app wont work. You need to find hosting provider that offer full trust hosting

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 27, 2014 11:11 AM