System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

My customer tried to run a pre compiled web application and he gets the following exception

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

   System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0

   System.Reflection.Assembly.GetType(String name, Boolean throwOnError) +36

   System.Web.Compilation.BuildResultCompiledType.GetPreservedAttributes(PreservationFileReader pfr) +54

   System.Web.Compilation.PreservationFileReader.ReadFileInternal(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +496

   System.Web.Compilation.PreservationFileReader.ReadBuildResultFromFile(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +91

   System.Web.Compilation.DiskBuildResultCache.GetBuildResult(String cacheKey, VirtualPath virtualPath, Int64 hashCode) +66

   System.Web.Compilation.BuildManager.GetBuildResultFromCacheInternal(String cacheKey, Boolean keyFromVPP, VirtualPath virtualPath, Int64 hashCode) +176

   System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp) +65

   System.Web.Compilation.BuildManager.CompileGlobalAsax() +51

   System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +337


Environment: Windows server 2008 R2, ASP.net 3.5

 

This is the most common error you would get when you host your content on a UNC share. https://support.microsoft.com/?id=320268 describes the problem, resolution. However in this specific case content is not hosted on UNC share.

Cause

This issue would happen when you download a file from Internet or Network Location, etc. Windows now preserves the zone information for file(s). This identifies where the file came from and displays appropriate warning messages, indicating you to be careful.

Note : Also when you copy the zip file from network location /Internet and extract the same, all the files contained in the zip file also will get this attribute set.

Resolution

You can resolve this issue by following any of the following methods.

Method#1 Go to the properties of precompiled dll’s, check to see if it has following security message (at the bottom of the window): "This file came from another computer and might be blocked to help protect this computer." If present, click "Unblock", "Apply" and "OK".

If you have multiple dlls in your application, you would need to perform this step to all dlls one by one.

Method#2 Run the below caspol command to resolve the issue Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url "file:////c:\mysitecontent\*" FullTrust -exclusive on

Note: Please substitute "c:\mysitecontent\*" with actual path where ASP.net pre compiled dlls are located.

Alternatively, you can use below methods to get around the issue.

To avoid the "This file came from another computer and might be blocked to help protect this computer." You can use one of the following methods depending on your scenario.

1) Move all the files to non NTFS partition i.e. FAT and move them back to NTFS partition. When you move the files to non NTFS partition, it will not maintain zone information.

2) Use the "Strems v 1.56" tool to remove streams

a. Download "Streams v1.56" from https://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

b. Execute the following command from command line:

"streams -s -d directory"

3) If you have copied a zip file to your machine that has the above attribute, before you extract, just unblock the zip file( as mentioned in resolution section) and then proceed with extraction.

4) There is a Group Policy, that you can Enable to make sure zone information is not preserved.

a. Run gpedit.msc ( From Run Prompt or CMD prompt)

b. Navigate to Local Security Policy ==> User Configuration ==> Administrative Templates ==>Windows Components ==>Attachment Manager

c. Enable "Do not preserve zone information in file attachments" setting.

This will only make sure that zone information is not present for the files that you copy after the policy is enabled. For Existing files, you would still need to use one of the above methods. Also, please consult with your Administrator, Team before you enable this setting, as this might be needed for other applications and might break those, if you enable it without taking consent from Administrator(s)/your team.

Comments

  • Anonymous
    September 15, 2010
    thanks it did the trick when i was struggling with the security exception. streams.exe is a cool too. i need to restart the application pool for this to take effect.

  • Anonymous
    November 05, 2010
    Thanks. Method #2 worked perfectly.

  • Anonymous
    January 20, 2011
    It worked for me. Thank you

  • Anonymous
    February 03, 2011
    Thanks. It worked for me too... I had to recylce the app. pool.

  • Anonymous
    February 21, 2012
    #4 worked for me; I also had to recycle the app pool.

  • Anonymous
    November 21, 2012
    Thanks, Method 2 worked for me

  • Anonymous
    June 17, 2013
    Thanks! I unzipped my code files over the network and every file was marked as unsure (method1).

  • Anonymous
    September 04, 2013

  • In my case the files are stored on remote mapped drive and I was getting this error whicle compile.
  • I performed all method but still I was getting same error.
  • Solution : I changed the Target framework from 3.5 to 4.0 and it starts working.
  • Anonymous
    September 09, 2013
    Thanks. This outlined the issue perfectly and the suggested resolutions worked! I "unblocked" each of the DLLs and that worked. Also, unzipped the code from a windows 2003 system which didn't tag the files under a "zone"

  • Anonymous
    February 04, 2014
    It worked for me.. one of my DLLS file was having this problem. I Just moved  the file to non NTFS partition ( FAT) and move it back.  Thanks.

  • Anonymous
    April 27, 2014
    Thanks! It worked for me too! My project was on a shared folder in Parallels VM on my MacBook Pro and only caspol.exe worked for me :)

  • Anonymous
    July 07, 2014
    If you need to fix and existing site you can run the Powershell script below: foreach ($file in (Get-ChildItem "\ServerShare" -Recurse -EA 0).FullName) {     if (Get-Item $file -Stream Zone.Identifier -EA 0 | select Stream)     {        Unblock-File -Path $file        # In Powershell 2.0 comment line above and uncomment line below        #Remove-Item $file -Stream Zone.Identifier -Verbose -EA 0        if ( Get-Item $file -Stream Zone.Identifier -EA 0 | select Stream)           {              "Could not unblock! $file"           }        else           { "$file un-blocked" }     } }

  • Anonymous
    April 28, 2015
    Found the solution by setting the application pool attribute        Load UserProfile = TRUE