Web.config causing "blocked by group policy" error

Question

The miriad of different web.config settings have always been a bit of a mystery to me. I'm glad Microsoft has cleaned up some of the content put there by default, but it's still causing problems.

Specifically, Visual Studio 2015 is placing the following section in the generated web.config of a standard ASP.NET MVC application.

<system.codedom>   <compilers>     <compiler language="c#;cs;csharp" extension=".cs"       type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"       warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701"/>    <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"       type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"       warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+"/>   </compilers> </system.codedom> 

When I upload this application on to my GoDaddy shared Plesk hosting account, I get the following error.

This program is blocked by group policy. For more information, contact your system administrator.

GoDaddy support is completely unwilling and unable to provide any assistance. However, I found that if I comment out the section above, the error goes away.

Does anyone know the purpose of this block or why Microsoft puts it there? My app seems to run okay without it. (Note that my app uses C# and not VB.)

Answer 1

<system.codedom>    <!--remove all the contents here--> </system.codedom> 

Remove all the contents inside the system.codedom tag and add

<trust level="Full"/> 

inside system.web tag

<system.web>    <trust level="Full"/> </system.web> 

Answer 2

Since ASP.NET 2 is it possible to upload your site to your hosting without compiling it. Then the site will be compiled on the initial request using the compiler settings as seen in the web.config. If you pre-compile your site but still have code in the App_code folder those settings will be used to compile that code.

I think that go-daddy disabled compiling on their servers so no malicious code can somehow be inserted and compiled/executed.

As long as you don't use the App_code folder and you pre-compile your website you can delete the web.config section you mentioned.

For more information about the App_code folder check:

• https://msdn.microsoft.com/en-us/library/ex526337.aspx
• https://msdn.microsoft.com/en-us/library/t990ks23.aspx

For more information about dynamic compilation of ASP.NET check:

• https://msdn.microsoft.com/en-us/library/ms366723(v=vs.100).aspx