Code Access Security in Reporting Services 2008

StackOverflow https://stackoverflow.com/questions/2911830

Question

I have a Delivery Extension running inside Reporting Service 2008.

It has been running fine for a long time. But now I want to make an insert into a database from within the extension.

First error I got, was this:

Exception: System.Security.SecurityException Exception Message: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Stacktrace:    at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.PermissionSet.Demand()
   at System.Data.Common.DbConnectionOptions.DemandPermission()
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()

Then I added this, before my code that opens the connection and does the insert:

SqlClientPermission sqlPermission = new SqlClientPermission(System.Security.Permissions.PermissionState.Unrestricted);
sqlPermission.Assert();

Then the error message changed to this:

Exception: System.Security.SecurityException Exception Message: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Stacktrace:    at System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 unrestrictedOverride, Int32 create)
   at System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark)
   at System.Security.CodeAccessPermission.Assert()

Then I added the following line:

SecurityPermission permission = new SecurityPermission(PermissionState.Unrestricted);
permission.Assert();

And now the error I get is this:

Exception: System.Security.SecurityException Exception Message: Stack walk modifier must be reverted before another modification of the same type can be performed. Stacktrace:    at System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark)
   at System.Security.CodeAccessPermission.Assert()

My code that contains the actual SqlConnection specific code is in an assembly referenced from the Delivery Extension. The Permission specific code was inside that assembly, but I tried moving it into the Delivery Extension assembly - but wothout any luck.

Was it helpful?

Solution

At the point you are trying to modify the access permissions you may already have inherited it from higher level, or maybe you have done it somewhere before the point you are.

For example we have code like this:

SqlClientPermission sqlClientPermission = new SqlClientPermission(PermissionState.Unrestricted);
sqlClientPermission.Assert();

SecurityPermission securityPermission = new SecurityPermission(PermissionState.Unrestricted);
securityPermission.Assert();

We will have the exception like yours.

OTHER TIPS

user407428 is correct, trying to enable two different modifiers is what is causing your problem. The best principle is to allow the permission for the part of the code that requires it, and then to disable the permission afterwords. So that when you need the next permission you can modify those rights again.

SqlClientPermission sqlClientPermission = new SqlClientPermission(PermissionState.Unrestricted);
sqlClientPermission.Assert();

   //<your code that requires SqlClientPermission here>

CodeAccessPermission.RevertAccess();

SecurityPermission securityPermission = new SecurityPermission(PermissionState.Unrestricted);
securityPermission.Assert();

Some more things to take into account is that it is mostly not required to keep an object to the stack-walk, so the assert can be simplified to a single line, ei.

System.Security.Permissions.SecurityPermission(System.Security.Permissions.PermissionState.Unrestricted).Assert();

If you modified the stack-walk in a encapsulating method, the inner stack would probably not be able to modify the modifiers again. Ex.

public void UseSecurityPermission()
{
    CodeAccessPermission.RevertAssert();
    new System.Security.Permissions.SecurityPermission(System.Security.Permissions.PermissionState.Unrestricted).Assert();

    <Some code that requires the SecurityPermission>
}

static void Main(string[] args)
{
    new System.Security.Permissions.FileIOPermission(System.Security.Permissions.PermissionState.Unrestricted).Assert();
    //< Some code that requires IOPermission>
    UseSecurityPermission();
}

Even though UseSecurityPermission() reverts the stack-walk permission, it would not work, because the compiler can't get the security descriptor in the context.

Some further reading: Programming with Stack-Walk Modifiers

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top