I have a ASMX Web Service that references a custom DLL we have created. The DLL has a function to read some settings from a XML file that we deploy along with the web service on the web server.
When I run the solution on my local machine using the web server built into VS.Net 2005, everything works great. When I deploy it to our Web Server running IIS, I'm getting an error saying it doesn't have proper permissions to read the file. The entire exception message is below, but it looks like it's saying the assembly that caused the failure (my custom DLL - BusinessModel.DLL) is in the MyComputer zone. Shouldn't this mean that the assembly has unrestricted access to the file system I don't have any security specific stuff in my code (no attributes explicitly demanding or denying permissions).
How can I get rid of this error so that my DLL can successfully read from the XML file
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.Path.GetFullPath(String path)
at System.Xml.XmlResolver.ResolveUri(Uri baseUri, String relativeUri)
at System.Xml.XmlUrlResolver.ResolveUri(Uri baseUri, String relativeUri)
at System.Xml.XmlTextReaderImpl..ctor(String url, XmlNameTable nt)
at System.Xml.XmlTextReader..ctor(String url)
at Westeel.WesteelConfigReader.ReadSetting(String settingName) in C:\Visual Studio Projects\Shop Floor Control\BusinessModel\WesteelConfigReader.vb:line 8
at Westeel.ProductionSchedule.Scheduler.ScheduleOrder(BillOfMaterials bomParent)
at Westeel.ProductionSchedule.Scheduler.ScheduleOutstandingOrders(String siteId)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
PathDiscovery="c:\windows\system32\inetsrv\WesteelConfig.xml"/>
The demand was for:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
PathDiscovery="c:\windows\system32\inetsrv\WesteelConfig.xml"/>
The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"/>
<IPermission class="System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010053F5BE9FF6E27CC3D78494864AF72EE770628BC97E5DF9224D4B745B868407FE7DEC57AE6BF18407D0ACC6E140FF26C54C8985796A3118F828CD5AD22F22D019192E03CDCC26E1FEBAFC7FEFBE1697252C0BEF1F631B146FEDA71E0D421FAF8FAE00CE813CAA2254A1799819F266975FAD2B14D6687540EEC19405753ED4BBB7"
Name="BusinessModel"
AssemblyVersion="1.0.0.0"/>
<IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Url="file:///C:/inetpub/wwwroot/WesteelERP/bin/BusinessModel.DLL"/>
<IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Zone="MyComputer"/>
<IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Minimal"/>
<IPermission class="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
version="1"
Connections="True"/>
</PermissionSet>
The assembly or AppDomain that failed was:
BusinessModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=87434fb0838317d2
The method that caused the failure was:
System.String ReadSetting(System.String)
The Zone of the assembly that failed was:
MyComputer
The Url of the assembly that failed was:
file:///C:/inetpub/wwwroot/WesteelERP/bin/BusinessModel.DLL
Request for the permission of type FileIOPermission failed
Kolchak
I found the solution with the help of MS support. My assembly should have had unrestricted permissions, however since I had Sharepoint running on the same computer Sharepoint basically overrides the security for all websites and sets it to a very restricted set of permissions. To fix it I added this line to my Web.Config for the web service:
<
trust level="Full" originUrl="" />Ram-Sree
The XML file was deployed along with the web service (part of the msi). I also manually copied it to the C:\Windows\System32\inetsrv\ directory since for some reason that seems to be where my DLL is trying to open it from (that's a different issue that I'm sure I can fix easily enough when I get some time).
I tried running the FileMon and the request to read that file never showed up in the utility. So it doesn't appear to be making it past the CLR.
Somthing that may or may not help troubleshoot this, is in the Web Service code (not the DLL) I have some code that is writing to another txt file in the same directory that succeeds with no problems (it shows up in FileMon as SUCCESS). But when I try to read from the XML file in the same directory from my DLL it throws the security exception.
The code in the DLL attempts to access the file using this code:
Dim
MyReader As System.Xml.XmlTextReader = New System.Xml.XmlTextReader("WesteelConfig.xml")The code in the Web Service attempts to access the file using this code:
Private
Shared ShopFloorFileWriter As IO.StreamWriter = My.Computer.FileSystem.OpenTextFileWriter("ShopFloorLog.txt", False)Any idea what next step I can take to troubleshoot this issue
Richo
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission( fp );
XmlTextReader reader = new XmlTextReader(@"c:\temp\tmp.xml");
reader.XmlResolver = new XmlSecureResolver(new XmlUrlResolver(), ps);
The above code should hopefully solve the problem. if not You will need to decrease the security for your hosted application or grant it FileIOPermission.
BarryTannenbaum
I will definately give that a shot. But the nature of the error message leads me to believe that it is not Windows security (ie. the file's ACL), but Code Access Security in .Net that is saying that this code is not secure enough (based on its location, source, etc) to be able to access this file. I would expect that if it was due to the windows access permissions on the file the error message would be quite different.
I am also using Impersonation in my Web Service, and it is running under my user account which has Admin on the web server box.
Demono
to track the file. First start it up and right click and exclude process on stuff that you don't need such as explorer.exe, crss.exe etc. Once you've got most of the stuff filtered out clear the buffer and then run the offending code. When the offending code is run and the file permission is thrown there should be an Access Denied entry. Search for Denied and when you find it scroll over to the right. It will show you which user was trying to access the file.
Hope this helps.
Ting-fang Zheng
Check this article out:
http://www.15seconds.com/issue/040121.htm
cbenesh