I have a .Net 3.5 application which I am trying to deploy on windows 2008 r2 64 bit with IIS running in 32 bit mode.
If I set the application pool to run as Network Service, everything is fine (I have deployed this to literally hundreds of win2003 servers in the past using Network Service)
If I have the application running as default "Application Pool Identity", I get this error:
Security Exception
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
note that the application is not running from a network share - it is standalone. The application is definitely running with full trust as I have verified this in the web.config and also tried it out with some test code. This is a completely vanilla installation
of windows 2008 r2 from MSDN (not locked down or in any way interfered with).
Does anyone have any idea what might be causing this or what I can try out next.
ASP.NETnetwork servicetrustserver 2008 r2 64 bitapplication pool identity
To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Did you do this? Checked machine.config? Granted access to the ASP.NET process account, which is unique in IIS 7.5?
yes I have checked the machine.config and the master web.config (the latter says full trust). I also added a <trust level="Full"> to my own web.config
I have granted full control access to everyone on the file permissions and this still made no difference, so i'm sure it's not a file permission problem.
Incidentally, a trivial asp.net application does work OK, so I'm sure it's something in my application but without a sensible error message or stack trace, I'm at a loss to find out what. I also don't understand why different application pool users would
behave differently
thanks for the tip - I found an article on that iis.net web site with a section called "Compatibility Issues with Application Pool Identities". It mentioned that the application pool identities don't load the user profile. I set the "LoadUserProfile" to
true and my application started working .
3 mysteries remain though:
1. my app is a well behaved server app with 100% managed code and minimal third party stuff. What the heck am I doing to cause the user profile to be accessed?
2. why no sensible error message or stack trace?
3. now it's working, I can set the LoadUserProfile to false again and the application continues to work (even after a reboot)!! I have tried this with 3 separate application pools now and it's repeatable. I only need to start the app once with LoadUserProfile=true
and then it'll work forever even with it set back to false.
--- Tim
Marked as answer by timrobinson33 on Nov 12, 2009 03:51 PM
timrobinson3...
0 Points
8 Posts
The application attempted to perform an operation not allowed by the security policy
Nov 12, 2009 03:01 PM|LINK
Hi
I have a .Net 3.5 application which I am trying to deploy on windows 2008 r2 64 bit with IIS running in 32 bit mode.
If I set the application pool to run as Network Service, everything is fine (I have deployed this to literally hundreds of win2003 servers in the past using Network Service)
If I have the application running as default "Application Pool Identity", I get this error:
Security Exception
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0
System.Reflection.Assembly.GetType(String name, Boolean throwOnError, Boolean ignoreCase) +42
System.Web.UI.Util.GetTypeFromAssemblies(ICollection assemblies, String typeName, Boolean ignoreCase) +145
System.Web.UI.TemplateParser.GetType(String typeName, Boolean ignoreCase, Boolean throwOnError) +73
System.Web.UI.TemplateParser.ProcessInheritsAttribute(String baseTypeName, String codeFileBaseTypeName, String src, Assembly assembly) +111
System.Web.UI.TemplateParser.PostProcessMainDirectiveAttributes(IDictionary parseData) +279
note that the application is not running from a network share - it is standalone. The application is definitely running with full trust as I have verified this in the web.config and also tried it out with some test code. This is a completely vanilla installation of windows 2008 r2 from MSDN (not locked down or in any way interfered with).
Does anyone have any idea what might be causing this or what I can try out next.
ASP.NET network service trust server 2008 r2 64 bit application pool identity
jeff@zina.co...
All-Star
87677 Points
11637 Posts
Moderator
Re: The application attempted to perform an operation not allowed by the security policy
Nov 12, 2009 03:06 PM|LINK
Did you do this? Checked machine.config? Granted access to the ASP.NET process account, which is unique in IIS 7.5?
Jeff
timrobinson3...
0 Points
8 Posts
Re: The application attempted to perform an operation not allowed by the security policy
Nov 12, 2009 03:12 PM|LINK
yes I have checked the machine.config and the master web.config (the latter says full trust). I also added a <trust level="Full"> to my own web.config
I have granted full control access to everyone on the file permissions and this still made no difference, so i'm sure it's not a file permission problem.
Incidentally, a trivial asp.net application does work OK, so I'm sure it's something in my application but without a sensible error message or stack trace, I'm at a loss to find out what. I also don't understand why different application pool users would behave differently
jeff@zina.co...
All-Star
87677 Points
11637 Posts
Moderator
Re: The application attempted to perform an operation not allowed by the security policy
Nov 12, 2009 03:18 PM|LINK
Sorry. You might also check www.iis.net to see what, if any, changes might affect this using the app pool identity.
Jeff
timrobinson3...
0 Points
8 Posts
Re: The application attempted to perform an operation not allowed by the security policy
Nov 12, 2009 03:51 PM|LINK
thanks for the tip - I found an article on that iis.net web site with a section called "Compatibility Issues with Application Pool Identities". It mentioned that the application pool identities don't load the user profile. I set the "LoadUserProfile" to true and my application started working
.
3 mysteries remain though:
1. my app is a well behaved server app with 100% managed code and minimal third party stuff. What the heck am I doing to cause the user profile to be accessed?
2. why no sensible error message or stack trace?
3. now it's working, I can set the LoadUserProfile to false again and the application continues to work (even after a reboot)!! I have tried this with 3 separate application pools now and it's repeatable. I only need to start the app once with LoadUserProfile=true and then it'll work forever even with it set back to false.
--- Tim