CODEDIGEST
Home » Articles
Search
 

Technologies
 

Sponsored links
 

CodeDigest Navigation
 

Technology News
No News Feeds available at this time.
 

Community News
No News Feeds available at this time.
 
Executing ASP.Net Application from Network Share in IIS 6.0

By Satheesh Babu
Posted On Dec 18,2009
Article Rating:
Be first to rate
this article.
No of Comments: 0
Category: ASP.Net
Print this article.

Executing ASP.Net Application from Network Share in IIS 6.0

 

There are situations where we need to put our asp.net application files on a network share instead of keeping it in local file system. To do this, go to your website Properties > click the tab "Home Directory" in case website and "Virtual Directory" in case of a virtual directory, you can specify the share location by selecting the option “A share located on another computer”. Next, specify the account through which IIS can connect to the share by clicking “Connect As...”  button.

Refer the figure below,

 

Please note that your service account should have the proper access to the share location to connect to it.

 

When we try to execute our application after making the above change, it will throw an error similar to below,

Server Error in '/Apps/InqTest' Application.


Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

 

[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

   System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0

   System.Reflection.Assembly.GetType(String name, Boolean throwOnError) +36

   System.Web.Compilation.BuildResultCompiledType.GetPreservedAttributes(PreservationFileReader pfr) +54

   System.Web.Compilation.PreservationFileReader.ReadFileInternal(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +496

   System.Web.Compilation.PreservationFileReader.ReadBuildResultFromFile(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +91

   System.Web.Compilation.DiskBuildResultCache.GetBuildResult(String cacheKey, VirtualPath virtualPath, Int64 hashCode) +66

   System.Web.Compilation.BuildManager.GetBuildResultFromCacheInternal(String cacheKey, Boolean keyFromVPP, VirtualPath virtualPath, Int64 hashCode) +176

   System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath) +43

   System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +59

   System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +101

   System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +126

   System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +62

   System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +33

   System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +40

   System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig) +160

   System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +93

   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

 


Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053

 

Before resolving this error, it is necessary to understand why we are presented with the above error.

 

.Netframework has a special security feature which can control the code access to the resources called Code Access Security Policy.

 




Code Access Security Policy

Through this feature, the framework will control the code from performing any privileged actions that are vulnerable or which may compromise security. Code Access Security provides various levels of trusted access to the code based on its origination and identity. By default, framework has some predefined levels of permission which it uses to grant permissions for the codes to execute. You can read more about this here.

Thus, by this feature we have another layer of security mechanism in place which can reduce the threats.

We can use a tool called Caspol.exe to modify these settings to grant or deny access to a resource.

 

Now, to make our code to execute successfully, we can use this tool and tell the framework that the code originating from the share can be fully trusted so that Code Access Security can allow the execution.

 

Resolution

Login to your server. Go to RUN. Type cmd to open command prompt. Browse to C:\WINDOWS\Microsoft.NET\Framework\v2.0.XXXXX> folder and execute the below command.

caspol -m -ag 1 -url file:\\ShareServer\Test\* FullTrust

 

 

OUTPUT

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>caspol -m -ag 1 -url file:\\ShareServer\Test\* FullTrust

Microsoft (R) .NET Framework CasPol 2.0.50727.3053

Copyright (c) Microsoft Corporation.  All rights reserved.

 

Added union code group with "-url" membership condition to the Machine level.

Success

 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>

 

Do an IISRESET to see the changes working.

 

The below command can be used to check the list of code groups. You can see our share appended at the last.

 

List Groups

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>caspol -lg

Microsoft (R) .NET Framework CasPol 2.0.50727.3053

Copyright (c) Microsoft Corporation.  All rights reserved.

 

Security is ON

Execution checking is ON

Policy change prompt is OFF

 

Level = Machine

 

Code Groups:

 

1.  All code: Nothing

   1.1.  Zone - MyComputer: FullTrust

      1.1.1.  StrongName - 0024000004800000940000000
6020000002400005253413100040

0000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9
E8FD6AEC8F87FB03766C834C99921EB23BE

79AD9D5DCC1DD9AD236132102900B723CF980957FC4E17
7108FC607774F29E8320E92EA05ECE4E82

1C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D
745D6F2DE5F17E5EAF0FC4963D261C8

A12436518206DC093344D5AD293: FullTrust

      1.1.2.  StrongName - 000000000000000004
00000000000000: FullTrust

   1.2.  Zone - Intranet: LocalIntranet

      1.2.1.  All code: Same site Web

      1.2.2.  All code: Same directory FileIO - 'Read, PathDiscovery'

   1.3.  Zone - Internet: Internet

      1.3.1.  All code: Same site Web

   1.4.  Zone - Untrusted: Nothing

   1.5.  Zone - Trusted: Internet

      1.5.1.  All code: Same site Web

   1.6.  Url - file:\\ShareServer\Test\*: FullTrust

Success

 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>

 

The below command can be used to remove a group from the code group.

Remove Group

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 >caspol -rg 1.6

 

You can learn more about using the tool here.

 

Conclusion

Security is one of the vital parts of any application we develop these days. Even though we are restricting the users from accessing protected resources through authentication and authorization techniques, a malicious user can exploit in some way if the code is not actually restricted. Thus, Code Access security policy the framework adds a layer of security over our application security to help having more secure environments.

Further Reading...

Microsoft brings major changes in Code Access Security policy in .Netframework 4.0. Read more here.

Similar Articles
You can contribute to CodeDiget.Com:
Donate to CodeDigest.com
Article Feedback
Comments