Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional ASP.NET 2.0 Security, Membership, and Role Management ISBN: 978-0-7645-9698-8
This is the forum to discuss the Wrox book Professional ASP.NET 2.0 Security, Membership, and Role Management by Stefan Schackow; ISBN: 9780764596988
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional ASP.NET 2.0 Security, Membership, and Role Management ISBN: 978-0-7645-9698-8 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old May 5th, 2008, 10:59 AM
Registered User
 
Join Date: Oct 2007
Location: , , .
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 3: originUrl issue (Medium trust)

Hi, Stefan.

I set the trust level to "Medium" and used originUrl attribute, but it looks like for a specific URL it doesn't work. Here are my settings:

<trust level="Medium" originUrl="http://www.microsoft.com/" />

I checked also the Medium policy file to see whether the WebPermission is properly set.

The test has been conducted on IE7 and Firefox browsers. The same result came up, a security exception like this one:

"[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Obj ect demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +59
   System.Net.HttpWebRequest.CheckResubmit(Exception& e) +896"

But if I specify the URL as a regular expression like "http://www.microsoft.com/.*" everything works fine as it should.

I guess it might be a bug or the way it works. What do you think ?

Michael


Reply With Quote
  #2 (permalink)  
Old May 5th, 2008, 01:26 PM
Wrox Author
 
Join Date: Feb 2006
Location: Redmond, Washington, USA.
Posts: 76
Thanks: 0
Thanked 0 Times in 0 Posts
Default

You usually need to use the regex form with the wildcard for originUrl to work properly. Otherwise the web permission infrastructure attempts an exact match.

My bet is that a redirect is occurring underneath the hood, and once that happens you are really requesting a Url more like "http://www.microsoft.com/default.aspx" which of course fails the match.

-Stefan
Reply With Quote
  #3 (permalink)  
Old May 5th, 2008, 03:15 PM
Registered User
 
Join Date: Oct 2007
Location: , , .
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

You're right Stefan.

I checked with Fiddler and there is a 302 Redirect issued for www.microsoft.com and obviouslly the new URL doesn't match anymore.

I made one more test with www.google.ca (no redirection) and it works.

Thank you,
michaelg

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Membership not working in Medium Trust stoverje BOOK: Beginning ASP.NET 2.0 BOOK VB ISBN: 978-0-7645-8850-1; C# ISBN: 978-0-470-04258-8 0 July 5th, 2008 10:43 AM
Medium trust problems DavidWilks BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 0 June 26th, 2007 03:51 PM
Medium Trust mike_h BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 6 October 24th, 2006 05:52 PM



All times are GMT -4. The time now is 05:40 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.