Security Permissions - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Security Permissions

Message

From

10/09/2016 13:33:17

Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidad

10/09/2016 12:41:02

Viv Phillips
Hay-On-Wye, United Kingdom

General information

Forum:

ASP.NET

Category:

Other

Title:

Re: Security Permissions

Environment versions

Environment:

ASP.NET

Miscellaneous

Thread ID:

01640612

Message ID:

01640679

Views:

>>>>>>>>I'm hoping someone may be able to help me with this.
>>>>>>>>
>>>>>>>>I have a C# ASP.NET web application being hosted on GoDaddy. I made a minor update to the working application and this somehow broke the site. I started getting an error when I tried to access the site:
>>>>>>>>
>>>>>>>>

Configuration Error
>>>>>>>>
>>>>>>>>Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. 
>>>>>>>>
>>>>>>>>Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.
>>>>>>>>
>>>>>>>>Source Error: 
>>>>>>>>
>>>>>>>>
>>>>>>>>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
>>>>>>>>
>>>>>>>>Source File: G:\PleskVhosts\lallcus.com\SISTracking\web.config    Line: 112 
>>>>>>>>
>>>>>>>>Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1
>>>>>>>>

>>>>>>>>
>>>>>>>>Line 112 is the trust level="Full" line in this section:
>>>>>>>>
>>>>>>>>

>>>>>>>>  <location path="Default.aspx" allowOverride="false">
>>>>>>>>    <system.web>
>>>>>>>>      <authorization>
>>>>>>>>        <allow users="*" />
>>>>>>>>      </authorization>
>>>>>>>>      <trust level="Full" />
>>>>>>>>    </system.web>
>>>>>>>>  </location>
>>>>>>>>

>>>>>>>>
>>>>>>>>
>>>>>>>>By deleting that line in the web.config, the site works again, partially. When trying to add new records or save existing ones I get a window displayed in the browser stating "System.Security.Permissions.SecurityPermission".
>>>>>>>>
>>>>>>>>So, any idea how to trouble shoot this (as it only happens on the hosted site, not locally) or what I need to do to get this working again?
>>>>>>>
>>>>>>>What version of ASP.NET ?
>>>>>>>This implies that only 4.0/4.5 can use full trust : https://uk.godaddy.com/help/what-trust-level-can-i-use-when-running-aspnet-2531
>>>>>>
>>>>>>ASP.NET Version:4.6.1069.1
>>>>>>
>>>>>>I am using the Windows Plesk hosting and can set the CAS to full as per that article you linked. I am not seeing any reference to 4.0/4.5 being the only versions able to use full trust.
>>>>>
>>>>>Ah. That was under 'Web/Classic on that link. Under Plesk it gives instructions for allowing full trust using the GoDaddy configuration
>>>>
>>>>Turns out I can set it to Full, just don't use their interface to do it as it puts it in incorrectly. I manually adjusted the web.config and put it in another place and it is working now!
>>>
>>>Another place ?
>>
>>They were adding it in like this:
>>
>>

  <location path="Default.aspx">
>>    <system.web>
>>      <authorization>
>>        <allow users="*"/>
>>      </authorization>
>>    <trust level="Full"/>
>>    </system.web>
>>  </location>
>>

>>
>>I moved it from there to higher up in the web.config
>>
>>

  <system.web>
>>    <compilation debug="true" targetFramework="4.6" >
>>      <assemblies>
>>        <add assembly="DevExpress.Data.v16.1, Version=16.1.5.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"/>
>>        <add assembly="DevExpress.Web.ASPxThemes.v16.1, Version=16.1.5.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"/>
>>        <add assembly="DevExpress.RichEdit.v16.1.Core, Version=16.1.5.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"/>
>>        <add assembly="DevExpress.Printing.v16.1.Core, Version=16.1.5.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"/>
>>        <add assembly="DevExpress.Web.v16.1, Version=16.1.5.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"/>
>>        <add assembly="DevExpress.Web.ASPxRichEdit.v16.1, Version=16.1.5.0, Culture=neutral, PublicKeyToken=B88D1754D700E49A"/>
>>        <add assembly="DevExpress.Web.ASPxSpellChecker.v16.1, Version=16.1.5.0, Culture=neutral, PublicKeyToken=B88D1754D700E49A"/>
>>        <add assembly="DevExpress.SpellChecker.v16.1.Core, Version=16.1.5.0, Culture=neutral, PublicKeyToken=B88D1754D700E49A"/>
>>        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
>>      </assemblies>
>>    </compilation>
>>
>>    <customErrors mode="Off"/>
>>    <trust level="Full"/>

>
>Makes sense. The original was only giving full trust to a specific page.....

When it was there, it was crashing the entire site.

Frank.

Frank Cazabon
Samaan Systems Ltd.
www.samaansystems.com

Map

View

Click here to load this message in the networking platform