Issues related to lack of permission for running Asp.net on virtual hosts and solutions)

Source: Internet
Author: User
Sometimes the Asp.net application we write runs on a VM. Some virtual hosts may be configured with permissions for Asp.net due to security considerations, which will cause the normal operation of our applications.

Symptom:

For some reason, Asp.net cannot load some DLL files and the following error occurs: Server Error in '/'application.

---------------------------------------------

Required permissions cannot be acquired.

Description: An unhandled exception occurred during the execution of the current Web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception details: system. Security. Policy. policyexception: required permissions cannot be acquired.

Source error:

An unhandled exception was generated during the execution of the current Web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack trace:

[Policyexception: required permissions cannot be acquired.]

System. Security. securitymanager. resolvepolicy (evidence, permissionset reqdpset, permissionset optpset, permissionset denypset, permissionset & denied, Boolean checkexecutionpermission) + 2738293

System. Security. securitymanager. resolvepolicy (evidence, permissionset reqdpset, permissionset optpset, permissionset denypset, permissionset & denied, int32 & forbidden, Boolean checkexecutionpermission) + 57

[Fileloadexception: cocould not load file or assembly 'Microsoft. practices. objectbuilder, version = 1.0.51205.0, culture = neutral, publickeytoken = null' or one of its dependencies. failed to grant minimum permission requests. (exception from hresult: 0x80131417)]

System. reflection. Assembly. nload (assemblyname filename, string codebase, evi1_assemblysecurity, assembly locationhint, stackcrawlmark & stackmark, Boolean throwonfilenotfound, Boolean forintrospection) + 0

System. reflection. Assembly. internalload (assemblyname assemblyref, evidence assemblysecurity, stackcrawlmark & stackmark, Boolean forintrospection) + 211

System. reflection. Assembly. internalload (string assemblystring, evidence assemblysecurity, stackcrawlmark & stackmark, Boolean forintrospection) + 141

System. reflection. Assembly. Load (string assemblystring) + 25

System. Web. configuration. compilationsection. loadassemblyhelper (string assemblyname, Boolean stardirective) + 32

Problem Analysis:

According to my observations, the DLL directly generated by the Asp.net application can be loaded normally, and the external DLL directly called by Asp.net can also be loaded normally, however, only other external DLL referenced by the external DLL cannot be loaded. My guess is: Because the permissions are incomplete, the DLL generated by the Asp.net application itself and the directly referenced dll can be obtained through permission inheritance, other external DLL referenced by external DLL cannot inherit permissions due to permission restrictions, so the permission is insufficient.

Solution:

Through a test on my computer, I guess the root web is modified on the VM. config (on my computer, its location is c: \ windows \ Microsoft. net \ framework \ v2.0.50727 \ config.

The default web. config permission settings section is as follows:

<Location AllowOverride = "true">

<System. Web>

<SecurityPolicy>

<Trustlevel name = "full" policyfile = "internal"/>

<Trustlevel name = "high" policyfile = "web_hightrust.config"/>

<Trustlevel name = "medium" policyfile = "web_mediumtrust.config"/>

<Trustlevel name = "low" policyfile = "web_lowtrust.config"/>

<Trustlevel name = "minimal" policyfile = "web_minimaltrust.config"/>

</SecurityPolicy>

<Trust level = "full" originurl = ""/>

</System. Web>

</Location>

Speculate on the modified settings on the VM:

<Location AllowOverride = "false">

<System. Web>

<SecurityPolicy>

<Trustlevel name = "full" policyfile = "internal"/>

<Trustlevel name = "high" policyfile = "web_hightrust.config"/>

<Trustlevel name = "medium" policyfile = "web_mediumtrust.config"/>

<Trustlevel name = "low" policyfile = "web_lowtrust.config"/>

<Trustlevel name = "minimal" policyfile = "web_minimaltrust.config"/>

</SecurityPolicy>

<Trust level = "high" originurl = ""/>

</System. Web>

</Location>

He first sets AllowOverride to false, which prevents the ability to redefine permissions in user web. config. Then, it defines the trust level as high, rather than the default full. After my tests, as long as the trust level is not full, other external DLL files referenced by the external DLL cannot be loaded. Therefore, we recommend that you set AllowOverride to true. In this way, I can re-specify permissions in Web. config.

Example: <trust level = "full" originurl = ""/>

I have not studied aps.net recently, so I have not carefully searched for the underlying reasons. Maybe my understanding is wrong. I hope that the expert can tell the reason or correct my mistakes.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.