This is a migrated thread and some comments may be shown as answers.

RadToolTipManager throws security exception in medium trust for 2012 Q2

5 Answers 90 Views
ToolTip
This is a migrated thread and some comments may be shown as answers.
Paul
Top achievements
Rank 1
Paul asked on 11 Jun 2012, 10:38 PM
I've been using RadToolTipManager in medium trust environment without any problems. Since upgrading to the 2012 Q2 release I get the following exception. Nothing changed on the page or the environment except upgrading from 2012 Q1 to Q2.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request failed.

Source Error: 
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 
[SecurityException: Request failed.] 
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm,
    PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh
    , SecurityAction action, Object demand, IPermission permThatFailed) +168
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString,
    PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh,
    SecurityAction action, Object demand, IPermission permThatFailed) +100
System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants,
    PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh,
    Object assemblyOrString, SecurityAction action, Boolean throwException) +278
System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet,
    PermissionSet& alteredDemandset, RuntimeMethodHandleInternal rmh) +69
System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset,
    RuntimeMethodHandleInternal rmh) +156
System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +33
System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(
    Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +128
System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission,
    PermissionSet targetGrant) +54

5 Answers, 1 is accepted

Sort by
0
Marin Bratanov
Telerik team
answered on 12 Jun 2012, 02:06 PM
Hi Paul,

This is most likely due to a fix for a generic framework problem (that throws an error message that an UpdatePanel cannot be unregistered) and this fix uses some internal methods of the script manager class and it is possible that this is not allowed in medium trust. I tried the code on my machine in medium trust and it appears to be working fine with me, however. Could you post here your configuration for the medium trust level and the way you are handling the OnAjaxUpdate event of the tooltip manager? If you remove this handler does the problem persist?


All the best,
Marin Bratanov
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Paul
Top achievements
Rank 1
answered on 12 Jun 2012, 02:15 PM
UPDATE: I can generate the same error just by adding the medium trust configuration line to the Telerik demo site's web.config. Go to the Tooltip demos and under the Functionality group click on the 'RadTooltip vs RadTooltipManager' demo.

I don't have an OnAjaxUpdate event handler. The ToolTipManager is just being used to auto-handle all tooltips so it can display html-formatted tooltips. Below is the markup. I also tried removing the AutoTooltipify and assigning a few test targets, but got the same error.

I set medium trust on my IIS test site in the site properties. For the Visual Studio 2010 development web server I just have the standard line in web.config: <trust level="Medium" />. In both IIS and the Cassini server running in full trust works but medium trust does not. My client's web host provider does not offer full trust, so this makes the tooltip manager unusable for this application. 
<telerik:RadToolTipManager ID="RadToolTipManagerSessionPaperSchedule" runat="server"
    AutoTooltipify="true"
    ShowEvent="OnMouseOver" HideEvent="Default"
    Animation="Slide"
    RelativeTo="Element" Position="BottomCenter" Width="300"
    ContentScrolling="Default"
    />
0
Marin Bratanov
Telerik team
answered on 13 Jun 2012, 12:54 PM
Hello Paul,

I was able to replicate the problem. My previous attempt had failed because of a silly typo in my web.config.

We are looking into the matter and as soon as a viable solution is found it will be present in the latest internal build and subsequent official releases. You can monitor the issue's progress in this PITS item.

For the time being I am afraid that you would need to use the previous release (Q1 2012 SP1) for this environment. 

Kind regards,
Marin Bratanov
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Paul
Top achievements
Rank 1
answered on 13 Jun 2012, 12:58 PM
The new release fixes a RadScheduler drag and drop bug with the Chrome browser, which I also need. Is there any estimate/guess of how long it will take to get an internal release that fixes the TootipManager bug? If not, is there any way to use the previous tooltip manager's code with the current release?
0
Marin Bratanov
Telerik team
answered on 14 Jun 2012, 01:31 PM
Hi Paul,

The next internal build (that should go live in the beginning of the next week) will contain a fix for this exception. I cannot guarantee it will be the final version of the code, as we have not yet had time to properly evaluate and research the case, yet I hope it will suffice for now. This is the reason why I have not marked the PITS issue as resolved. Stay tuned and monitor your account to get the build as soon as it goes live.


Regards,
Marin Bratanov
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
Tags
ToolTip
Asked by
Paul
Top achievements
Rank 1
Answers by
Marin Bratanov
Telerik team
Paul
Top achievements
Rank 1
Share this question
or