How do I resolve a System.Security.SecurityException with custom code in SSRS?

https://stackoverflow.com/questions/32428

09-06-2019
|

Question

I've created an assembly and referenced it in my Reporting Services report. I've tested the report locally (works), and I then uploaded the report to a report server (doesn't work).

Here is the error that is thrown by the custom code I've written.

System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 unrestrictedOverride, Int32 create) at System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark) at System.Security.CodeAccessPermission.Assert() at [Snipped Method Name] at ReportExprHostImpl.CustomCodeProxy.[Snipped Method Name] The action that failed was: Demand The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer

This project is something I inherited, and I'm not intimately familiar with it. Although I do have the code (now), so I can at least work with it :)

I believe the code that is failing is this:

    Dim fio As System.Security.Permissions.FileIOPermission = New System.Security.Permissions.FileIOPermission(Security.Permissions.PermissionState.Unrestricted)
    fio.Assert()

However, this kind of stuff is everywhere too:

Private Declare Function CryptHashData Lib "advapi32.dll" (ByVal hhash As Integer, ByVal pbData As String, ByVal dwDataLen As Integer, ByVal dwFlags As Integer) As Integer

I can see either of these being things that Reporting Services would not accommodate out of the box.

Solution 2

This is how I was able to solve the issue:

strongly sign the custom assembly in question

modify the rssrvpolicy.config file to add permissions for the assembly

                    <CodeGroup
                        class="UnionCodeGroup"
                        version="1"
                        PermissionSetName="FullTrust"
                        Name="Test"
                        Description="This code group grants the Test code full trust. ">
                        <IMembershipCondition
                                class="StrongNameMembershipCondition"
                                version="1"
                                PublicKeyBlob="0024000004800000940100000602000000240000575341310004000001000100ab4b135615ca6dfd586aa0c5807b3e07fa7a02b3f376c131e0442607de792a346e64710e82c833b42c672680732f16193ba90b2819a77fa22ac6d41559724b9c253358614c270c651fad5afe9a0f8cbd1e5e79f35e0f04cb3e3b020162ac86f633cf0d205263280e3400d1a5b5781bf6bd12f97917dcdde3c8d03ee61ccba2c0"
                            />
                    </CodeGroup>

Side note: here is a great way to get the public key blob of your assembly VS trick for obtaining the public key token and blob of a signed assembly.

OTHER TIPS

<system.web>

<trust level="Full"/>

</system.web>

try this in web.config

Run your service in administrator mode

 <CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="FullTrust">

For me, the solution was changing the above line in the rssrvpolicy.config from "None" to "FullTrust".

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow