Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Khai 71 posts 161 karma points
    Jan 20, 2014 @ 16:08
    Khai
    0

    Umbraco 6.02 SecurityException: Request failed in Medium Trust Environment

    Hi,

    I have an umbraco website 6.02 that I just deployed on a shared medium trust environment. Umbraco should work at the hosting company because I had another succesfullly installed a 6.03 Umbraco website as well.

    Somehow I get the following error:

    [SecurityException: Request failed.]
       System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +165
       System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100
       System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +272
       System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) +55
       System.Reflection.RuntimeAssembly.GetExportedTypes(RuntimeAssembly assembly, ObjectHandleOnStack retTypes) +0
       System.Reflection.RuntimeAssembly.GetExportedTypes() +21
       Umbraco.Core.TypeFinder.GetTypesWithFormattedException(Assembly a) +68
       Umbraco.Core.TypeFinder.GetTypes(Type assignTypeFrom, IEnumerable`1 assemblies, Boolean onlyConcreteClasses) +129
       Umbraco.Core.TypeFinder.GetAssignablesFromType(IEnumerable`1 assemblies, Boolean onlyConcreteClasses) +56
       Umbraco.Core.TypeFinder.FindClassesOfType(IEnumerable`1 assemblies, Boolean onlyConcreteClasses) +59
       Umbraco.Core.TypeFinder.FindClassesOfType(IEnumerable`1 assemblies) +45
       Umbraco.Core.PluginManager.<ResolveTypes>b__1c() +55
       Umbraco.Core.PluginManager.LoadViaScanningAndUpdateCacheFile(TypeList typeList, TypeResolutionKind resolutionKind, Func`1 finder) +46
       Umbraco.Core.PluginManager.ResolveTypes(Func`1 finder, TypeResolutionKind resolutionType, Boolean cacheResult) +1169
       Umbraco.Core.PluginManager.ResolveTypes(Boolean cacheResult) +133
       Umbraco.Core.CoreBootManager.InitializeApplicationEventsResolver() +44
       Umbraco.Web.WebBootManager.InitializeApplicationEventsResolver() +8
       Umbraco.Core.CoreBootManager.Initialize() +481
       Umbraco.Web.WebBootManager.Initialize() +18
       Umbraco.Core.UmbracoApplicationBase.StartApplication(Object sender, EventArgs e) +79
       Umbraco.Core.UmbracoApplicationBase.Application_Start(Object sender, EventArgs e) +9

     

    Things that I did:

    - Check packages: Courier 2 ( doesn't work on medium trust, so I uninstalled it.), Newsletters Studio v.1.3.3 ( SHould work on medium trust )

    - UmbracoUseMediumTrust Is true in web.config

    Umbraco 6.02 should support Medium Trust right?  Am i doing something wrong ? Am I missing something?

     

  • Sebastiaan Janssen 4850 posts 14395 karma points MVP admin hq
    Jan 20, 2014 @ 17:00
    Sebastiaan Janssen
    100

    It looks like one of the dlls in your bin folder is not medium trust compatible. I'd recommend you compare the ones in your bin folder to the dlls that come with Umbraco and see which ones are not supposed to be there.

    That said both 6.0.2 and 6.0.3 have a severe security issue and you really, really, really need to upgrade to at least 6.0.5 if you want your sites to be safe from hackers.

  • Khai 71 posts 161 karma points
    Jan 21, 2014 @ 12:09
    Khai
    0

    Hi Sebastiaan, thanks a lot for your input! Found the assemblies which were not compatible. Also thanks for the suggestion for upgrading, I will keep that in mind. Anyways, this problem has been solved now but I'm running into a stranger error.. Somehow the website cannot be served. Browser error in chrome is: "This webpage is not available"..

    The more weird thing is, that when I remove the connection string, I'll get an asp.net error ( umbraco error because there is no database. ) I know for sure the connectionstring is working because I also tested on an internal test server with the connection string to the production database.

  • Sebastiaan Janssen 4850 posts 14395 karma points MVP admin hq
    Jan 21, 2014 @ 14:55
    Sebastiaan Janssen
    0

    You may need to republish the entire site, not sure what else could be going on. Check the logs in App_Data/Logs and the log table (umbracoLog) as well to see what might be going on there.

  • Khai 71 posts 161 karma points
    Jan 23, 2014 @ 13:37
    Khai
    0

    HI Sebastiaan, seems there was something wrong with the infrastructure at the hosting company.. anyways I got the site working except I just found out now that macro editors don't work in medium trust.. is there an explanation why the macro editors would need to have full trust? 

    [SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
       System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
       System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark) +31
       System.Security.CodeAccessPermission.Demand() +46
       System.Net.ServicePointManager.set_ServerCertificateValidationCallback(RemoteCertificateValidationCallback value) +57
       umbraco.macro.MacroContentByHttp(Int32 PageID, Guid PageVersion, Hashtable attributes) +932
       umbraco.presentation.tinymce3.insertMacro.renderMacro_Click(Object sender, EventArgs e) +833
       System.EventHandler.Invoke(Object sender, EventArgs e) +0
       System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9555658
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103
       System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
       System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
       System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6704
       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +245
       System.Web.UI.Page.ProcessRequest() +72
       System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
       System.Web.UI.Page.ProcessRequest(HttpContext context) +58
       ASP.umbraco_plugins_tinymce3_insertmacro_aspx.ProcessRequest(HttpContext context) +4
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
  • Khai 71 posts 161 karma points
    Jan 23, 2014 @ 13:45
    Khai
    0

    well I found a work around, by setting the macro with  using "render macro in editor" unchecked will not give an error.

  • Sebastiaan Janssen 4850 posts 14395 karma points MVP admin hq
    Jan 23, 2014 @ 13:53
    Sebastiaan Janssen
    0

    Yup. It's been like that forever.

    FYI: We're not spending any more time making Umbraco medium trust compatible, this is the only issue that we know of that's still left but Microsoft is telling hosting providers that MedTrust is not supported any more and they too are closing medtrust issues as "won't fix". So we're following their lead and for v7 and onwards we're not going to be supporting MedTrust any more.

Please Sign in or register to post replies

Write your reply to:

Draft