How to disable System.Security.Permissions.ReflectionPermission usage in new VS2013 Asp.net template so it works on shared hosting

StackOverflow https://stackoverflow.com/questions/19505770

Pergunta

I created a brand new Visual Studio 2013 ASp.net MVC application off of the default MVC template. However I am getting an error message Request for the permission of type 'System.Security.Permissions.ReflectionPermission failed.

Is it possible to turn off this Reflection Permission so the site still works?

here is my web.config

<?xml version="1.0" encoding="utf-8"?>
    <!--
    For more information on how to configure your ASP.NET application, please visit
    http://go.microsoft.com/fwlink/?LinkId=301880
    -->
    <configuration>
    <configSections>

      <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
      <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    </configSections>
    <connectionStrings>
      <add name="MyDb" connectionString="Data Source=x.x.com;Initial Catalog=x;User Id=x;Password=x;" providerName="System.Data.SqlClient" />
    </connectionStrings>
    <appSettings>
      <add key="webpages:Version" value="3.0.0.0" />
      <add key="webpages:Enabled" value="false" />
      <add key="ClientValidationEnabled" value="true" />
      <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    </appSettings>
    <system.web>
    <trust level="Full" />
      <customErrors mode="Off"/>
      <authentication mode="None" />
      <compilation targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
    </system.web>
    <system.webServer>
      <modules>
        <remove name="FormsAuthenticationModule" />
      </modules>
    </system.webServer>
    <runtime>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
          <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
          <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
        </dependentAssembly>
      </assemblyBinding>
    </runtime>
    <entityFramework>
      <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
        <parameters>
          <parameter value="v11.0" />
        </parameters>
      </defaultConnectionFactory>
      <providers>
        <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      </providers>
    </entityFramework>
    </configuration>

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

[SecurityException: Request for the permission of type >'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Delegate.DelegateConstruct(Object target, IntPtr slot) +0 Owin.Loader.DefaultLoader..ctor(Func3 next, Func2 activator, IEnumerable1 referencedAssemblies) +69 Microsoft.Owin.Host.SystemWeb.OwinBuilder.GetAppStartup() +65 Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +28 System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func1 valueFactory) +115 Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +418 System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +336 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +296

I tried to add 

<trust level="Full" />

to my Web.Config system.Web section but that didn't work as I got a

This configuration section cannot be used at this path. This happens when the site administrator has locked access to this section using from an inherited configuration file.

it is shared hosting at 1and1.com and they won't give me full trust.

Foi útil?

Solução 2

I asked the asp.net team directly and this was their response

We officially announced that partial trust is no longer a trust boundary for the purposes of application isolation last year (http://support.microsoft.com/kb/2698981) and as such our recommendation to shared hosting providers is to not use it anymore. Moving forward, we will not be supporting partial trust for new framework features we develop for this reason.

I know lots of people using shared hosting and since host providers won't ever give full trust to their shared hosting products I am guessing Microsoft made this decision so they can get more clients on Azure.

Puts us small developers who have clients sold on shared hosting in a predicament. Either go to more expensive hosting or jump to azure.

Outras dicas

http://www.codeproject.com/Questions/586223/SecurityplusExceptionpluscomingplusinplusaplusrunn

Solution 4 System.Security.SecurityException: Request for the permission of type 'System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed

following solution of above error

<system.web>
    <customErrors mode="Off"/>
    <trust level="Full" />
</system.web>

Works for my en godady hosting

If you have the following conditions:

1) Must use Trust Level Medium or lower due to mandatory security requirements.

2) Using ASP.Net 4.5

3) Do not need to use Owin to allow external authentication providers, like Google or Facebook.

4) The application error information shows that Owin is involved in preventing your application from starting up under Medium Trust.

You can add the following line to your web.config AppSettings section to disable Owin and you should be able to get your program running at Medium trust levels:

<add key="owin:AutomaticAppStartup" value="false" />

Partial trust is not supported for Microsoft.Owin.Host.SystemWeb package. This is the package which helps running OWIN middlewares on IIS integrated pipeline. This assembly does reflection to detect & load the OWIN Startup class. You can turn off this by adding an appSetting , but unfortunately OWIN middlewares will not work as the Startup detection is disabled. Short answer - not possible to run on partial trust.

With 7.2.x on GoDaddy Plesk I had security issues.

The resolution for me was to add the trust level below the customErrors manually to my web.config (if you use the godaddy dashboard to add this, it puts it specific to a umbraco directory not the upper root of the site).

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top