Bug with medium trust on postback and xml binding

6 posts, 0 answers
  1. gerry
    gerry avatar
    48 posts
    Member since:
    May 2007

    Posted 08 May 2008 Link to this post

    I've been able to generate a simple sample that generates a security exception when running on a shared hosting environment.

    The error:

    Security Exception

    Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
       System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +150
       System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100
       System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +281
       System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +67
       System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +145
       System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +43
       System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +41
       System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +139
       System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) +51
    

    The sample page:

    <%

    @ Page Language="C#" %>

    <%

    @ Register TagPrefix="telerik" Namespace="Telerik.Web.UI" Assembly="Telerik.Web.UI" %>

    <!

    DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <

    html xmlns="http://www.w3.org/1999/xhtml">

    <

    head runat="server">

    <title>PanelBar Test</title>

    </

    head>

    <

    body>

    <form id="form1" runat="server">

    <div>

    <asp:ScriptManager ID="ScriptManager1" runat="server" />

    <asp:XmlDataSource ID="XmlDataSource1" runat="server"

    DataFile="~/menu.xml" XPath="/Items/Item"></asp:XmlDataSource>

    <telerik:RadPanelbar runat="server" ID="RadPanelbar1" Skin="Mac"

    datasourceid="XmlDataSource1"

    DataTextField="Text" DataNavigateUrlField="Url" DataValueField="Text" Width="140px"

    OnClientItemClicked="OnClientItemClickedHandlerForMenu" >

    <ExpandAnimation Type="OutQuint" Duration="300" />

    <CollapseAnimation Type="OutQuint" Duration="300" />

    </telerik:RadPanelbar>

    </div>

    <

    input type="submit" />

    </form>

    </

    body>

    <

    script type="text/javascript">

    function

    OnClientItemClickedHandlerForMenu(sender, eventArgs)

    {

    }

    </

    script>

    </

    html>


    The page loads fine.  However, when I click on the 'submit' button during the postback it generates the above security error.

    Gerry
  2. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 09 May 2008 Link to this post

    Hello gerry,

    Could you please open a formal support ticket and send us your permission file? It is usually located in here
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config

    I am asking you for this because we couldn't replicate that error locally when testing in medium trust. Thank you for your cooperation.

    Regards,
    Albert
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. gerry
    gerry avatar
    48 posts
    Member since:
    May 2007

    Posted 09 May 2008 Link to this post

    The hosting company will not send me their config file--they said it would be a security concern.  They would also not tell me what is different about their 'medium' trust enviroment.

    At this point i think the only way to debug it would be if you had a version that might provide more verbose logging, etc.

    Gerry
  4. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 12 May 2008 Link to this post

    Hi gerry,

    After some additional testing our developers managed to reproduce the security exception on our end. Please find attached a hotfix build and let us know if it helps. Keep in mind this is a trial build. If it works for you please open a support ticket to obtain the DEV version of the hotfix.

    Regards,
    Albert
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  5. gerry
    gerry avatar
    48 posts
    Member since:
    May 2007

    Posted 12 May 2008 Link to this post

    Albert,

    Yes, good news in it has fixed the postback problem with the panelbar.  However, I still have the security problem with the Rad Date picker.

    Thanks,
    Gerry
  6. Yavor
    Admin
    Yavor avatar
    11 posts

    Posted 13 May 2008 Link to this post

    Hello gerry,

    I see that you have the same issue under discussion in a separate forum thread. To avoid duplicate posts, we can continue our communication there.

    Kind regards,
    Yavor
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Back to Top