"System.Security.SecurityException: Security error" error message when the virtual directory points to a remote share in ASP.NET

Very recently, We have faced a problem to deploy application. The problem is raised when virtual directory points to a remote PC. The scenario is describe below..
PC1-- Web server(where IIS and .net framework is installed)
PC2-- Remote pc where precompile application directory located.

When deploy application virtual directory is created in PC1 but precompile application folder is points to remote PC2. After configure everything it shows me exception about security permission. After searching I added <trust level="Full"/ > in web.config file. Unfortunately, it shows me the same error

Parser Error Description:
An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.

After search in various site I found the solution in msdn.

Why this problem occur?

The System.Web namespace does not have the AllowPartiallyTrusted CallersAttribute applied to it.
http://msdn2.microsoft.com/en-us/library/ms994923.aspx

Any code that is not in the My_Computer_Zone code group that does not have this attribute requires the FullTrust user right. Therefore, the remote share that holds the Web applications content requires FullTrust.

Solution 1:Using Administrative Tools

To resolve this behavior, grant the FullTrust right to the remote share:

1. On the Web server, open Administrative Tools, and then double-click Microsoft .NET Framework Configuration.
2. Expand Runtime Security Policy, expand Machine, and then expand Code Groups.
3. Right-click All_Code, and then click New.
4. Select Create a new code group. Give your code group a relevant name, such as the name of the applications share. Click Next.
5. In the Choose the condition type for this code group list, select URL.
6. In the URL box, type the path of the share in the following format:
file:////\\computername\sharename\*
Note:Replace computername with the name of the computer that is hosting the remote share. Replace sharename with the name of the share.
7. Click Next. On the next page, select Use an existing permission set, and then select FullTrust.
8. Click Next, and then click Finish.
9. Restart Microsoft Internet Information Services (IIS) to restart the ASP.NET worker process.

If Microsoft .NET Framework Configuration is not displayed under Administrative Tools, you can install the .NET Framework SDK to add Microsoft .NET Framework Configuration.

Solution 2:Using Command line
Alternatively, you can run the following command to make the change:

Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url "file:////\\computername\sharename\*" FullTrust -exclusive on

Note For more information about what these arguments do, run the following command:
caspol.exe -?

Additional Information:

In this configuration, the account under which the ASP.NET worker process runs must have sufficient rights to the remote share. You can set the account under which the worker process runs by using the Processmodel tag in the Machine.config file.
Back to the top
Steps to reproduce the behavior

1. Create a new virtual directory that points to a remote share.
2. Create an application for the virtual directory. Make sure that the user who connects to the share has read access to the remote content.
3. In the Processmodel tag of the Machine.config file, change the user to a domain user who has list, read, and execute permissions on the remote share.
4. Create an inline .aspx file, and then put the file in the remote share.
5. Make a request for the page.

For more information:
Please visits
http://support.microsoft.com/kb/317012
http://support.microsoft.com/kb/306590

Comments

Popular posts from this blog

The model backing the 'MyDBContext' context has changed since the database was created. Either manually delete/update the database, or call Database.SetInitializer with an IDatabaseInitializer instance. For example, the DropCreateDatabaseIfModelChanges strategy will automatically delete and recreate the database, and optionally seed it with new data.

"This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet."

Check/Uncheck all items in a CheckBoxList using Javascript