Security exceptions calling a web service from within a UserControl embedded in IE

Hot Topic

Deployment error vb .net
how to save controls' properties into a physical file (creating forms/controls dynamically)?
Tool strip control is not aligned to left
Designtime mapping name problem
Dbl click btw rows in grid?
how to make parent form shortcut keys work in user controls...
Icons not showing up on Treview
How to add controls at run-time ?
MaskedTextBox question
Problem with thread and dataGrid

Windows Forms

resize win form
Searchable DataGrid
forms seperator line
trivial combobox problem
keyevents in datagrid
Datagrid for multiple tables
Disable column
Taskvision Server in different location!
The new .NET 2.0 ConfigurationManager and Associated Classes
Custom MenuItem

Security exceptions calling a web service from within a UserControl embedded in IE

Hi,

We're getting a security exception on a asychronous callback from a web service.  This exception only occurs when our control is embedded within an IE web page.  The security exception does not occur when we elevate the trust for the "local intranet" group from it's default to full trust.  We'd like to be able to deploy this application from within IE without any installation on the client side. 

I've found two exceptions that occur only when the control is embedded inside IE (they don't occur in a windows form), I found these exceptions by switching on the option to*space
space*on the throw of exceptions in the debugger.  The actual behaviour exhibitted in our control inside IE is that on an asychronous call to the web service we never receive the callback.  

The first exception occurs when we construct the client to the web service.  The second exception occurs after the Begin method has been called....

An early version of our control connected to the same web service works fine, I can't see how the code we've added could have caused these problems.   We're currently gradually eliminating code in attempt to identify what it is that has caused this problem.  It's a bit of a needle in a hay stack.  We're a bit stuck here if anyone can help us out please do, it'd be much appreciated.....

1. Construction Exception:-

Message:
A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll

Additional information: Request for the permission of type System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

Stack Trace:
    mscorlib.dll!System.Security.CodeAccessPermission::CheckDemand(System.Security.CodeAccessPermission demand) + 0x9e bytes 
   mscorlib.dll!System.Security.CodeAccessSecurityEngine::CheckHelper(System.Security.PermissionSet grantedSet, System.Security.PermissionSet deniedSet, System.Security.CodeAccessPermission demand, System.Security.PermissionToken permToken) + 0x1ad bytes 
   system.dll!System.ComponentModel.ReflectPropertyDescriptor::ShouldSerializeValue(System.Object component) + 0xeb bytes 
   system.data.dll!System.Data.XmlTreeGen::AddXdoProperty(System.ComponentModel.PropertyDescriptor pd = {System.ComponentModel.ReflectPropertyDescriptor}, System.Object instance = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlElement root = {System.Xml.XmlElement}, System.Xml.XmlDocument xd = {System.Xml.XmlDocument}) + 0x147 bytes 
   system.data.dll!System.Data.XmlTreeGen::AddXdoProperties(System.Object instance = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlElement root = {System.Xml.XmlElement}, System.Xml.XmlDocument xd = {System.Xml.XmlDocument}) + 0xbf bytes 
   system.data.dll!System.Data.XmlTreeGen::SchemaTree(System.Xml.XmlDocument xd = {System.Xml.XmlDocument}, System.Data.DataSet ds = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}) + 0x43d bytes 
   system.data.dll!System.Data.XmlTreeGen::Save(System.Data.DataSet ds = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlWriter xw = {System.Xml.XmlTextWriter}) + 0x45 bytes 
   system.data.dll!System.Data.DataSet::System.Xml.Serialization.IXmlSerializable.GetSchema() + 0x97 bytes 
   system.xml.dll!System.Xml.Serialization.SerializableMapping::set_Type(System.Type value) + 0x3a bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportSpecialMapping(System.Type type, System.Xml.Serialization.TypeDesc typeDesc, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context) + 0x64 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1f7 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportAccessorMapping(System.Xml.Serialization.MemberMapping accessor, System.Xml.Serialization.FieldModel model, System.Xml.Serialization.XmlAttributes a, String* ns, System.Xml.Schema.XmlSchemaForm form, System.Type choiceIdentifierType) + 0x20f0 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportFieldMapping(System.Xml.Serialization.StructModel parent, System.Xml.Serialization.FieldModel model, System.Xml.Serialization.XmlAttributes a, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0xb2 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportStructLikeMapping(System.Xml.Serialization.StructModel model, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0x683 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1b9 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeType(System.Type type) + 0x55 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeTypes(System.Reflection.ICustomAttributeProvider provider) + 0x7b bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportStructLikeMapping(System.Xml.Serialization.StructModel model, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0x8ec bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1b9 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeType(System.Type type) + 0x55 bytes 
   system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeTypes(System.Reflection.ICustomAttributeProvider provider) + 0x7b bytes 
   system.web.services.dll!System.Web.Services.WebMethodReflector::IncludeTypes(System.Web.Services.Protocols.LogicalMethodInfo[] methods = {Length=51}, System.Xml.Serialization.XmlReflectionImporter importer = {System.Xml.Serialization.XmlReflectionImporter}) + 0x53 bytes 
   system.web.services.dll!System.Web.Services.Protocols.SoapClientType::SoapClientType(System.Type type = {"Fusion.PortfolioInsight.Client.Data.CreditPortalWS.CreditPortalService"}) + 0x213 bytes 
   system.web.services.dll!System.Web.Services.Protocols.SoapHttpClientProtocol::SoapHttpClientProtocol() + 0xc9 bytes 

2. Exception on web service callback:-

Message:
A first chance exception of type 'System.Security.SecurityException' occurred in system.web.services.dll

Additional information: Security error.

Stack Trace:

system.web.services.dll!System.Web.Services.Protocols.WebClientAsyncResult::Complete() + 0xd8 bytes 
  system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ProcessAsyncResponseStreamResult(System.Web.Services.Protocols.WebClientAsyncResult client = {System.Web.Services.Protocols.WebClientAsyncResult}, System.IAsyncResult asyncResult = {System.Net.NestedSingleAsyncResult}) + 0x121 bytes 
  system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ReadAsyncResponseStream(System.Web.Services.Protocols.WebClientAsyncResult client = {System.Web.Services.Protocols.WebClientAsyncResult}) + 0x138 bytes 
  system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ReadResponseAsyncCallback(System.IAsyncResult asyncResult = {System.Net.NestedSingleAsyncResult}) + 0xb3 bytes 
  system.dll!System.Net.ConnectStream::ReadCallback(System.IAsyncResult asyncResult) + 0xb1 bytes 
  system.dll!System.Net.Sockets.OverlappedAsyncResult::CompletionPortCallback(unsigned __int32 errorCode, unsigned __int32 numBytes, System.Threading.NativeOverlapped* nativeOverlapped) + 0xec bytes 


TIA

Michael

Answer this question

Security exceptions calling a web service from within a UserControl embedded in IE

  • gavrilenko_s

    It is only calling webservices on the domain it is deployed from....

    Something I've realised subsequent to this post is that the Security Exception is on the failure of a ReflectionPermission demand, yet my application is running under the Local Intranet zone which should have that permission.  

    Seems like the Frameworks security architecture is getting a little confused here.....

  • Sachina

    it's hard to say what exactly the problem is, without seeing the code, BTW web deployed win form could only call web services from where it's deployed. but when you said the previous version worked fine then my suggestion is to investigate the exception dialog under the debug menu, 

    HTH
    erymuzuan mustapa
  • Security exceptions calling a web service from within a UserControl embedded in IE
Answer this question