Security Exception (The application attempted to perform an operation not allowed by the security policy) )

Question

we're having as issue with the following security exception when we attempt to open our admin login page.

 Security Exception
 Description: The application attempted to perform an operation not allowed by the security policy.
To grant this application the required 
permission please contact your system administrator or change the   application's trust level in the configuration file. 


 Exception Details: System.Security.SecurityException: Request failed.

first of all we use membership for user authentication operations we have two separate application one for admin one for user each of which has their own Web.Config file.

The user data uploads in wwwroot but admin data uploads in wwwroot/admin and in admin webconfig we define Login.aspx as default page for admin (when user enter mysite.com/admin) and we've created a virtual directory for admin (since we have two Web.Config files) named /admin with path mysite.com/wwwroot/admin

the funny thing is that we use same methods (with the same membership and web.config and also same host) in some other projects but they're working well and the mentioned problem appears from time to time in some of our project(not always occurs) event though all the setting and infrastructures (for all the projects) are the same.

we also have app_Webreference Folder for some of our web services which might be the cause of problem but i'm not sure.We attempted to change the security trust level but the host doesn't let us do so and if it was from host so why wouldn't we have this problem with some other sites of ours so currently I have no Idea what seems to be the problem but it's really problematic please help me

thanks a lot

Answer 1

Me also helped, just added few lines in web.config to allow full trust level in my web application.

<system.web>
   <trust level="Full" />
</system.web>

Answer 2

I found this article on MSDN which I think is pertinent (the exception details appear to be the same). It says it applies to ASP.NET 1.0 and 1.1 but it is also from October 2005 so may well not have been updated to explicitly say whichever version you are using (presumably >= 4.0):

"FIX: How to resolve Security Exception (ASP.NET)?" by Anand Narayanaswamy MVP.

---

Symptoms

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception:

System.Security.SecurityException: Request Failed

Cause: The above error occurs since the domain is not placed under its own application pool on the IIS and also due to lack of proper trust level in the machine.config file on the server.

Resolution

1. Create an application pool for the appropriate domain using Internet Information Services (IIS). Login to the remote desktop and open IIS Manager. Expand the tree Application Pools. Right click and select New | Application Pool and give the required particulars.

2. The next step is to place the domain under the newly created application pool. In order to perform this action, expand the tree labeled Web Sites and then Default Web Site under it. Select your domain name, right click on it and choose Properties menu item. Select the drop down box labeled Application pool and choose the newly created application pool name.

   Note: You can automatically perform the above mentioned steps using certain popular hosting control panels if you have installed them on the server.

3. Add the following lines of code to machine.config file. This file can be located under the folder - Root Drive Name:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG

   <location path="yourdomain.com" allowOverride="true">
       <system.web>
           <trust level="Full" originUrl=""/>
       </system.web>
   </location>
   

(A) You should require administrative rights to the server and access to remote desktop to resolve the above issue. You should contact your hosting service provider if you don’t have access to the server.

(B) Replace yourdomain.com with the appropriate domain name in which the problem is occurring.

Warning: Incorrect modification of machine.config file will cause problems to the ASP.NET service on the server.