Security Exception

Jason

Hi

I have a ASP.NET application where i would like to authenticate the
connecting users according to the Local Users and Groups on the web server.
I have the following code in the ASP.NET project.

private static void Demand(string[] groups)
{
WindowsIdentity processIdentity = WindowsIdentity .GetCurrent();
Console.WriteLi ne(processIdent ity.Name);

IPermission permission = null;
foreach(string strGroup in groups)
{
string strDomainAndGro up = strGroup;
if(strGroup.Ind exOf ('\\') == -1)
{
strDomainAndGro up = Environment.Mac hineName + "\\" + strGroup;
}

if(permission == null)
{
permission = new PrincipalPermis sion(null, strDomainAndGro up);
}
else
{
permission = permission.Unio n(new PrincipalPermis sion(null,
strDomainAndGro up));
}
}

if(permission != null)
{
permission.Dema nd();

// Revert to self, so that all actions now happen as the
// process user, not as the impersonated user.
Win32.AdvApi.Re vertToSelf();

}
}

but i get the following error when i hit the "permission.Dem and();" line

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security .SecurityExcept ion: Request for principal
permission failed.

I know it says i must change the application's trust level. but i dont know
how to do this? someone have an example? or a solution to my problem even?
it would be much appreciated... thanks.

Jason

Nov 19 '05 #1

Subscribe Reply

2665

Chris R. Timmons

"Jason" <c_*******@migh ty.co.za> wrote in
news:Og******** ******@tk2msftn gp13.phx.gbl:

Hi

I have a ASP.NET application where i would like to authenticate
the connecting users according to the Local Users and Groups on
the web server. I have the following code in the ASP.NET
project.

private static void Demand(string[] groups)
{
WindowsIdentity processIdentity =
WindowsIdentity .GetCurrent();
Console.WriteLi ne(processIdent ity.Name);

IPermission permission = null;
foreach(string strGroup in groups)
{
string strDomainAndGro up = strGroup;
if(strGroup.Ind exOf ('\\') == -1)
{
strDomainAndGro up = Environment.Mac hineName + "\\" +
strGroup;
}

if(permission == null)
{
permission = new PrincipalPermis sion(null,
strDomainAndGro up);
}
else
{
permission = permission.Unio n(new PrincipalPermis sion(null,
strDomainAndGro up));
}
}

if(permission != null)
{
permission.Dema nd();

// Revert to self, so that all actions now happen as the
// process user, not as the impersonated user.
Win32.AdvApi.Re vertToSelf();

}
}

but i get the following error when i hit the
"permission.Dem and();" line

Security Exception
Description: The application attempted to perform an operation
not allowed by the security policy. To grant this application
the required permission please contact your system administrator
or change the application's trust level in the configuration
file.

Exception Details: System.Security .SecurityExcept ion: Request
for principal permission failed.

I know it says i must change the application's trust level. but
i dont know how to do this? someone have an example? or a
solution to my problem even? it would be much appreciated...
thanks.

Jason,

I think you may have the wrong impression as to what the
Demand() method does.

Demand() is not a "demand" in the sense that your code is
demanding to be given a permission. There is no way for
code to grant itself more permissions that it was granted
by the security policies set by the administrator.
Demand() is "demanding" that .Net verify a certain state is
true. In this case, the state to be verified is whether
or not the role and ID of the PrincipalPermis sion match
the role and ID of the current thread's principal.
You are getting an exception because one or more of
your groups is not in the list of roles of the current
thread's principal.

http://msdn.microsoft.com/library/de...classtopic.asp

or

http://tinyurl.com/7xpds

You could change your void method Demand to a boolean method
called IsAuthenticated . Wrap the permission.Dema nd() call
in a try/catch block, and return false from the catch block.
Return true if no exceptions occur.

You also appear to be doing some kind of identity impersonation
through the Windows API. (Note that Demand() does not have anything
to do with impersonation). Managed wrappers for this functionality
are provided in the .Net framework.

http://msdn.microsoft.com/library/de...etdataflow.asp

or

http://tinyurl.com/4pu4a

There are also many messages in Google Groups and pages in the
regular Google search engine relating to ASP.Net impersonation.
--
Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/

Nov 19 '05 #2

Similar topics

3371

OMA - System.Security.SecurityException

by: James B | last post by:

OMA (Outlook Mobile Access) under Exchange is giving me a System.Security.SecurityException error. From what I gather this is a problem with the security level under which the OMA application is trying to run. Anyone got some ideas on where I can start in getting this worked out? I've posted in Exchange but I'm thinking this group may actually have more ideas. Security Exception Description: The application attempted to perform an...

.NET Framework

539

Security Exception

by: James B | last post by:

OMA (Outlook Mobile Access) under Exchange is giving me a System.Security.SecurityException error. From what I gather this is a problem with the security level under which the OMA application is trying to run. Anyone got some ideas on where I can start in getting this worked out?. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required...

.NET Framework

2764

Apply security permission in class library, fail to call it out!

by: Chua Wen Ching | last post by:

Hi there, I had applied this security permissions in my class library based on fxcop standards. Before namespace: using System.Runtime.InteropServices; using System.Security.Permissions;

C# / C Sharp

3232

Security.Exception

by: Diego F. | last post by:

I think I'll never come across that error. It happens when running code from a DLL that tries to write to disk. I added permissions in the project folder, the wwwroot and in IIS to NETWORK_SERVICE and Everyone, with Full Control to see if it's a permissions problem. The project is hosted in a Windows 2003 Server and developed from PCs in a domain, developing with Visual Studio 2005 Beta 1. -- Regards,

ASP.NET

1542

Security Exception on 1&1 with SQL Server

by: Carl Gilbert | last post by:

Hi I am trying to get an online gallery to work (www.ngallery.org). I have managed to get it all working on my local host but I can not get it to work on my web space. The site can be found at www.gallerox.com which should re-direct to www.gallerox.com/gallerox/default.aspx I have put the bin directory in the /gallerox folder as I have a re-director

ASP.NET

2472

Security exception while opening an OleDBConnection

by: CyberLotus | last post by:

Hi, I've created a web application and through this I want to import Excel data to database. Following is the code that I've written, ******************************************************************* string fileLocation = txtboxFileName.Text.ToString(); string sheetName = "Import"; string connectionString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data

C# / C Sharp

2260

Security exception with impersonate true for a webservice

by: KaNos | last post by:

Hello world, I've made a webservice (c# v2) to install in a server IIS 6 on a Windows 2000 last SP. We can use the webservice in local, throw the pages wich present the methods, with a windows mode connection (<authentication mode="Windows"/>) if impersonate is false (<identity impersonate="false"/>). Note that i use the administrator user to be sure. But when I change impersonate element (<identity impersonate="true"/>) a system...

ASP.NET

12065

Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK

by: Mike | last post by:

Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config) ---> System.Security.SecurityException: Request for the permission of type

ASP.NET

13344

System.ServiceModel.Security.SecurityNegotiationException

by: =?Utf-8?B?TWFuanJlZSBHYXJn?= | last post by:

Hi, I created a web service and hosted it in Windows Services. It is working fine. Now I am trying to implement the X509 certificates for message layer security. But it is throwing the following exception: An unhandled exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in mscorlib.dll

.NET Framework

8345

System.Security.SecurityException: Request

by: Henry Stock | last post by:

I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: for the permission of type

ASP.NET

10651

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10392

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10136

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

9208

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6893

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5555

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5693

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3868

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

3020

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General