Hi, Stefan.

I set the trust level to "Medium" and used originUrl attribute, but it looks like for a specific URL it doesn't work. Here are my settings:

<trust level="Medium" originUrl="http://www.microsoft.com/" />

I checked also the Medium policy file to see whether the WebPermission is properly set.

The test has been conducted on IE7 and Firefox browsers. The same result came up, a security exception like this one:

"[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Obj ect demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +59
   System.Net.HttpWebRequest.CheckResubmit(Exception& e) +896"

But if I specify the URL as a regular expression like "http://www.microsoft.com/.*" everything works fine as it should.

I guess it might be a bug or the way it works. What do you think ?

Michael

You usually need to use the regex form with the wildcard for originUrl to work properly. Otherwise the web permission infrastructure attempts an exact match.

My bet is that a redirect is occurring underneath the hood, and once that happens you are really requesting a Url more like "http://www.microsoft.com/default.aspx" which of course fails the match.

-Stefan

You're right Stefan.

I checked with Fiddler and there is a 302 Redirect issued for www.microsoft.com and obviouslly the new URL doesn't match anymore.

I made one more test with www.google.ca (no redirection) and it works.

Thank you,
michaelg