3
Vote

2.0 Security Exceptions on GoDaddy Hosting

description

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
 
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
 
Source Error:
 
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
 
Stack Trace:
 
 
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Net.ServicePointManager.set_ServerCertificateValidationCallback(RemoteCertificateValidationCallback value) +54
facebook.API.postRequest(String requestUrl, String postString) +98
facebook.API.SendRequest(IDictionary`2 parameterDictionary, Boolean useSession) +253
facebook.auth.getSession(String auth_token) +83
facebook.API.CreateSession() +17
facebook.API.CreateSession(String authToken) +15
facebook.web.BasePageHelper.LoadFBMLPage(API FaceBookAPI, Boolean requireLogin, HttpRequest request, HttpResponse response) in BasePageHelper.cs:81
facebook.web.CanvasFBMLMasterPage.Page_Init(Object sender, EventArgs e) in CanvasFBMLMasterPage.cs:65
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +33
System.Web.UI.Control.OnInit(EventArgs e) +99
System.Web.UI.UserControl.OnInit(EventArgs e) +74
System.Web.UI.Control.InitRecursive(Control namingContainer) +321
System.Web.UI.Control.InitRecursive(Control namingContainer) +198
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) +4
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +358
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

comments

jschuster wrote Oct 29, 2008 at 2:54 PM

Can someone who's having this issue please test this out with change set 23787 or later? There was an issue with how we were dealing with an invalid SSL certificate, and I'm wondering if the fix also fixed this issue.

phillipb wrote Oct 29, 2008 at 3:13 PM

I'm using the latest and still get the error.

phillipb wrote Oct 29, 2008 at 3:19 PM

WI # 8812 in the 1.5 release may have been related. Not for sure. In any event, I added the AllowPartiallyTrustedCallers to the assembly file and still no luck.

jschuster wrote Oct 29, 2008 at 9:44 PM

Thanks for checking for me, phillipb. I'll try and take a deeper look into this issue and figure out what's going on.

jschuster wrote Oct 29, 2008 at 10:52 PM

phillipb, was the stack trace any different after you got the latest code? And are you sure you're using the latest (source code) version? From the above stack trace, it looks like we're failing at the call to ServicePointManager.ServerCertificateValidationCallback. However, that call has actually now been removed (that's the fix I mentioned that happened in 23787). Could you check in your version of the source code to see if that call is still there? It should be around line 615 or so of API.cs. Thanks.

wrote Dec 17, 2008 at 2:03 AM

ScottStonehouse wrote Dec 17, 2008 at 2:04 AM

I'm getting this message with the 2.0 release that I downloaded today. Not on GoDaddy - but I am on a shared host.

jschuster wrote Dec 17, 2008 at 3:47 AM

ScottStonehouse, could you please post the exact error and stack trace that you're getting? That will help us find the problem.

ScottStonehouse wrote Dec 18, 2008 at 12:36 AM

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Stack Trace:


[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Net.ServicePointManager.set_ServerCertificateValidationCallback(RemoteCertificateValidationCallback value) +54
facebook.API.postRequest(String requestUrl, String postString) +105
facebook.API.SendRequest(IDictionary`2 parameterDictionary, Boolean useSession) +185
facebook.auth.getSession(String auth_token) +84
facebook.API.CreateSession() +20
facebook.Components.FacebookService.CreateSession(String authToken) +32
WebApplication1._Default.Page_Load(Object sender, EventArgs e) in Default.aspx.vb:39
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) +37
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

ScottStonehouse wrote Dec 18, 2008 at 12:43 AM

All I did was cut and paste the sample VB authentication code from section 6.5 of the documentation - that's what gives me this error.

I did have to modify the line "_fbService.API.IsDesktopApplication = False"

ScottStonehouse wrote Jan 27, 2009 at 2:17 AM

FYI - I have this demo app working fine locally with Cassini. Upload to ASPNIX server and I still get this error.

catsaway wrote Mar 16, 2009 at 6:45 AM

I got some such error on GoDaddy and it was due to the fact that I had not set up the directory using the IIS7 thing to create a virtual directory; I had just uploaded the files with the File Manager. Also I noticed that with IIS7 you need to have stuff between the form tags or other runat=server tags. Not that this addresses your problem, I am just putting it here in case it might help someone. I am using Facebook Toolkit 2.0 and for Facebook Connect. Good luck!

wrote Mar 16, 2009 at 9:59 PM

jschuster wrote Jul 28, 2009 at 8:48 PM

Is anyone still seeing this problem while using version 2.1 or later of the toolkit? If so, could you please post the details (error message and stack trace) or the error you're seeing?

itree wrote Oct 8, 2009 at 1:19 PM

I got the same kind of error. Basically I am trying to build an XBAP WPF application for in VB2008. It is pulled down well in facebook and starts properly displaying controls. However, when I try to navigate to:

http://www.facebook.com/login.php?api_key=" & fbs.Secret & "&v=1.0

in order to get an auth_token, I get this same error; which I attach. Perhaps I have misunderstood something with the toolkit but I seem to understand it is the same problem mentioned in this post.

mscorlib

Richiesta di autorizzazione di tipo 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' non soddisfatta.

Check

in System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
in System.Security.CodeAccessPermission.Demand()
in System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
in System.Net.HttpRequestCreator.Create(Uri Uri)
in System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
in System.Net.WebRequest.Create(Uri requestUri)
in MS.Internal.WpfWebRequestHelper.CreateRequest(Uri uri)
in System.IO.Packaging.PackWebRequestFactory.CreateWebRequest(Uri uri)
in System.Windows.Navigation.NavigationService.CreateWebRequest(Uri resolvedDestinationUri, NavigateInfo navInfo)
in System.Windows.Navigation.NavigationService.Navigate(Uri source, Object navigationState, Boolean sandboxExternalContent, Boolean navigateOnSourceChanged)
in System.Windows.Navigation.NavigationService.Navigate(Uri source)
in TreeMonkey.TMPage.DoubleClick(Object sender, MouseEventArgs e)

itree wrote Oct 8, 2009 at 8:03 PM

I have researched the thing myself now and, after more than 40 builds, this is what I have discovered.

The Facebook toolkit API does not have a strong-name apparently. This means that assembly of any XBAP referencing it can not be signed for trusted web deployment. This is pretty obvious if you consider that a signed assembly must only reference other signed assemblies. One could otherwise change the unsigned components to attack the application and no one would understand it.

The error is not generated by the Facebook toolkit but rather by the XBAP (or any other .Net based app) that is trying to use some security privilege that is outside the ones normally granted to an untrusted app.

So, we are basically off!!!

I wish to suggest that the next release of the Facebook toolkit be signed so as to securely being referenceable by a .Net browser app. This will allow browser apps (not only XBAP) to use several basic features such as DNS and Sockets which are otherwise restricted from use in untrusted apps.

I hope this helps the many in this community who are struggling with all the complexities of a development world with many tools to develop and sheer results on the end-user side.

tsvmadhavsiri wrote Aug 29, 2012 at 6:04 AM

hi..

i am also having the same issue.. it is working fine on my local system.. when it comes to godaddy host server .. it is saying that

System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed

can anyone update me how to resolve this issue i am using 3.1 beta..

wrote Feb 21, 2013 at 11:38 PM