Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to disable System.Security.Permissions.ReflectionPermission usage in new VS2013 Asp.net template so it works on shared hosting

I created a brand new Visual Studio 2013 ASp.net MVC application off of the default MVC template. However I am getting an error message Request for the permission of type 'System.Security.Permissions.ReflectionPermission failed.

Is it possible to turn off this Reflection Permission so the site still works?

here is my web.config

<?xml version="1.0" encoding="utf-8"?>
    <!--
    For more information on how to configure your ASP.NET application, please visit
    http://go.microsoft.com/fwlink/?LinkId=301880
    -->
    <configuration>
    <configSections>

      <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
      <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    </configSections>
    <connectionStrings>
      <add name="MyDb" connectionString="Data Source=x.x.com;Initial Catalog=x;User Id=x;Password=x;" providerName="System.Data.SqlClient" />
    </connectionStrings>
    <appSettings>
      <add key="webpages:Version" value="3.0.0.0" />
      <add key="webpages:Enabled" value="false" />
      <add key="ClientValidationEnabled" value="true" />
      <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    </appSettings>
    <system.web>
    <trust level="Full" />
      <customErrors mode="Off"/>
      <authentication mode="None" />
      <compilation targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
    </system.web>
    <system.webServer>
      <modules>
        <remove name="FormsAuthenticationModule" />
      </modules>
    </system.webServer>
    <runtime>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
          <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
          <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
        </dependentAssembly>
        <dependentAssembly>
          <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
          <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
        </dependentAssembly>
      </assemblyBinding>
    </runtime>
    <entityFramework>
      <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
        <parameters>
          <parameter value="v11.0" />
        </parameters>
      </defaultConnectionFactory>
      <providers>
        <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      </providers>
    </entityFramework>
    </configuration>

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

[SecurityException: Request for the permission of type >'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Delegate.DelegateConstruct(Object target, IntPtr slot) +0 Owin.Loader.DefaultLoader..ctor(Func3 next, Func2 activator, IEnumerable1 referencedAssemblies) +69 Microsoft.Owin.Host.SystemWeb.OwinBuilder.GetAppStartup() +65 Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +28 System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func1 valueFactory) +115 Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +418 System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +336 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +296

I tried to add

<trust level="Full" />

to my Web.Config system.Web section but that didn't work as I got a

This configuration section cannot be used at this path. This happens when the site administrator has locked access to this section using from an inherited configuration file.

it is shared hosting at 1and1.com and they won't give me full trust.

like image 825
greay Avatar asked Oct 21 '13 22:10

greay


4 Answers

http://www.codeproject.com/Questions/586223/SecurityplusExceptionpluscomingplusinplusaplusrunn

Solution 4 System.Security.SecurityException: Request for the permission of type 'System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed

following solution of above error

<system.web>
    <customErrors mode="Off"/>
    <trust level="Full" />
</system.web>

Works for my en godady hosting

like image 145
rafaellorey Avatar answered Nov 13 '22 08:11

rafaellorey


I asked the asp.net team directly and this was their response

We officially announced that partial trust is no longer a trust boundary for the purposes of application isolation last year (http://support.microsoft.com/kb/2698981) and as such our recommendation to shared hosting providers is to not use it anymore. Moving forward, we will not be supporting partial trust for new framework features we develop for this reason.

I know lots of people using shared hosting and since host providers won't ever give full trust to their shared hosting products I am guessing Microsoft made this decision so they can get more clients on Azure.

Puts us small developers who have clients sold on shared hosting in a predicament. Either go to more expensive hosting or jump to azure.

like image 32
greay Avatar answered Nov 13 '22 10:11

greay


If you have the following conditions:

1) Must use Trust Level Medium or lower due to mandatory security requirements.

2) Using ASP.Net 4.5

3) Do not need to use Owin to allow external authentication providers, like Google or Facebook.

4) The application error information shows that Owin is involved in preventing your application from starting up under Medium Trust.

You can add the following line to your web.config AppSettings section to disable Owin and you should be able to get your program running at Medium trust levels:

<add key="owin:AutomaticAppStartup" value="false" />
like image 3
WWC Avatar answered Nov 13 '22 10:11

WWC


Partial trust is not supported for Microsoft.Owin.Host.SystemWeb package. This is the package which helps running OWIN middlewares on IIS integrated pipeline. This assembly does reflection to detect & load the OWIN Startup class. You can turn off this by adding an appSetting , but unfortunately OWIN middlewares will not work as the Startup detection is disabled. Short answer - not possible to run on partial trust.

like image 2
Praburaj Avatar answered Nov 13 '22 10:11

Praburaj