Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 22nd, 2004, 08:11 PM
Registered User
  
Join Date: Apr 2004
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Security Exception - application trust level
The LogEvent method in PhilePage.cs produces a security exception:

"System.Security.SecurityException: Requested registry access is not allowed."

when run on Framework 1.1, and I'm advised to "change the application's trust level in the configuration file."

I've added this to Web.config:

<trust level="Full" originUrl=""
 />

and

 <securityPolicy>
      <trustLevel name="Full" policyFile="internal"/>
 </securityPolicy>

neither of which allow application registry access.

Does anyone know a workaround for this problem?

Thanks,
Gordon Zuehlke
[email protected]
 
Old November 24th, 2004, 02:49 PM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Changing the config file won't give it permission to do something that it's not allowed to do.

I think this is the common error relating to creation of an event source, but this might be a little different.

In any event, the account used to run your application (ASPNET on Win2k and XP) does not have permission to do the registry access needed by a certain operation (most likely creating an event source or something similar).

This is discussed in the README.HTM file in the code download. They explain how to run the application under the SYSTEM account instead of ASPNET.

I prefer to use a different solution than the one given there, because this is entirely unacceptable for production deployment. I prefer to create the event source in a console mode program (because your user account likely has permission to do this), and then run the application under a lower priviledge account (like ASPNET). This makes for a much safer system in case a hacker might gain access to your system.

I posted another message here with code to do this - look around and you'll find it.

The best solution in my opinion is to remove all use of event sources, and log to a file instead. This was done in the VB.NET code download. This is the only suitable option if you want to use a low cost hosting company, because they won't give you registry access.

Eric





Similar Threads
Thread Thread Starter Forum Replies Last Post
User Level Security cpbsmw Access 1 February 1st, 2007 08:41 AM
User Level Security cpbsmw Access 2 January 26th, 2007 04:07 PM
Custom Membership Provider and Medium Trust level mosi_asgari BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 3 December 24th, 2006 11:11 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.