Home
ASP.NET Forums » General ASP.NET » Configuration and Deployment » Security Exception when accessing a database

Security Exception when accessing a database

Last post 09-28-2007 2:49 AM by vivek_iit. 15 replies.

Sort Posts:

  • Security Exception when accessing a database

    01-29-2007, 12:36 PM

    Hi,

     I've developed an ASP.NET application running 2.0. I am having trouble accessing the database. Here is a brief code snippet:

    --------------------------------------------------------------------------------------------------------------------------------------- 

    strConnect = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & strPath & "\" & strDBName

    DBConn = Server.CreateObject("ADODB.Connection")

    DBConn.Open(strConnect)

    --------------------------------------------------------------------------------------------------------------------------------------- 

    I got the code from GoDaddy. Here is the issue, when I run the web page from VS 2003 it can access the database with no problems. But when I run the page from LocalHost or on the GoDaddy server where it sits I get a "Security Exception". The database sits on my local drive at c:\inetpub\wwwroot\access_db.

    Why is it that I can get it to work just fine when VS runs the page but I keep getting a security exception when running it from IE off of localhost or GoDaddy? I included the text from the web page in case it is any help. And yes I did add the debug="true" statement, compiled it in debug mode, etc, but I keep getting the same page. I also put copies of the database in the KRFeedback directory. I'm totally lost. If I have to change the trust level in the config file then how do I do that.

    Server Error in '/KRFeedback' Application.

    Security Exception

    Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Source Error:

    The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

    1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

      <%@ Page Language="C#" Debug="true" %>

    or:

    2) Add the following section to the configuration file of your application:

    <configuration>
       <system.web>
           <compilation debug="true"/>
       </system.web>
    </configuration>

    Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

    Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

    Stack Trace: 

    [SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Web.HttpServerUtility.CreateObject(String progID) +34
   KRFeedback.WebForm1.UpdateDB2() +106
   KRFeedback.WebForm1.btnSubmit_Click(Object sender, EventArgs e) +676
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
   System.Web.UI.Page.ProcessRequest() +86
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.feedback_aspx.ProcessRequest(HttpContext context) +29
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

    Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210

    Thank you

  • Re: Security Exception when accessing a database

    01-29-2007, 3:47 PM
    • Loading...
    • vivek_iit
    • Joined on 06-18-2006, 2:13 PM
    • New Delhi
    • Posts 3,072
    • TrustedFriends-MVPs

    Make sure that the ASPNET user has read/write priviledges to your access DB. Right click the folder where the db is located, go to Security->Add ASPNET user and give r/w rights.

    HTH,

    Vivek

    MVP, ASP.NET || My Website || Blog || Articles

    Please mark the most helpful reply/replies as "Answer".

  • Re: Security Exception when accessing a database

    01-29-2007, 9:44 PM
    Sorry to not get this but when I right click and goto Sharing and security I am unable to find a spot to add users. I did however go to the Web Sharing tab and set read, write, script source access, and directory browsing. And still there is no difference.

  • Re: Security Exception when accessing a database

    01-29-2007, 11:47 PM
    • Loading...
    • vivek_iit
    • Joined on 06-18-2006, 2:13 PM
    • New Delhi
    • Posts 3,072
    • TrustedFriends-MVPs

    Check out this blog:

    http://geekswithblogs.net/vivek/archive/2006/12/27/102099.aspx

    HTH,

    Vivek

    MVP, ASP.NET || My Website || Blog || Articles

    Please mark the most helpful reply/replies as "Answer".

  • Re: Security Exception when accessing a database

    01-30-2007, 8:56 PM

    I did that and I'm getting the same error. Here is my code:

     

    strDSN = "access_KRCustomer.dsn"

    strDBName = "KRCustomer.mdb"

    'strPath = Server.MapPath("")

    strPath = "c:\inetpub\wwwroot\db"

    strConnect = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & strPath & "\" & strDBName

    'Label3.Text = strConnect

    'Exit Sub

    DBConn = Server.CreateObject("ADODB.Connection")

    'DBConn.Mode = 3 'ReadWrite

    DBConn.Open(strConnect)

  • Re: Security Exception when accessing a database

    01-30-2007, 11:26 PM

    Here is my web.config file.

    <?xml version="1.0" encoding="utf-8" ?>

    - <configuration>
    - <system.web>
    - <!-- 
      DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
      --> f(clean);
      <compilation defaultLanguage="vb" debug="true" />
    - <!-- 
      CUSTOM ERROR MESSAGES
          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running 
           on the local Web server. This setting is recommended for security purposes, so 
           that you do not display application detail information to remote clients.
      --> f(clean);
      <customErrors mode="Off" />
    - <!-- 
      AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
      --> f(clean);
      <authentication mode="Windows" />
    - <!-- 
      AUTHORIZATION 
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users.
      --> f(clean);
    - <authorization>
      <allow users="*" />
    <!-- 
     Allow all users
      --> f(clean);
    - <!-- 
      <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
      --> f(clean);
      </authorization>
    - <!-- 
      APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application. 
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
          application trace log by browsing the "trace.axd" page from your web application
          root.
      --> f(clean);
      <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
    - <!-- 
      SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session. 
          If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
          To disable cookies, set sessionState cookieless="true".
      --> f(clean);
      <sessionState mode="InProc" stateConnectionString="tcpip=http://kreftroofing.com:42424" sqlConnectionString="data source=http://kreftroofing.com;Trusted_Connection=yes" cookieless="false" timeout="20" />
    - <!-- 
      GLOBALIZATION
          This section sets the globalization settings of the application.
      --> f(clean);
      <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
      </system.web>
      </configuration>

  • Re: Security Exception when accessing a database

    01-31-2007, 12:35 AM
    Answer
    • Loading...
    • vivek_iit
    • Joined on 06-18-2006, 2:13 PM
    • New Delhi
    • Posts 3,072
    • TrustedFriends-MVPs

    >DBConn = Server.CreateObject("ADODB.Connection")

    I suggest use ADO.NET instead of ADODB to access the DB. You can use the following code:

    string

     sCon = "Provider=Microsoft.JET.OLEDB.4.0; Data Source=" + strPath & "\" & strDBName      

    Dim cn as OleDbConnection

     = new OleDbConnection(sCon)

    Dim cmd as OleDbCommand

     = new OleDbCommand(sQuery, cn)

    cn.Open()

    cmd.ExecuteNonQuery()

     Tweak this code to suit your needs.

    Hope this helps,

    Vivek
    MVP, ASP.NET || My Website || Blog || Articles

    Please mark the most helpful reply/replies as "Answer".

  • Re: Security Exception when accessing a database

    01-31-2007, 10:13 AM
    • Loading...
    • JoshStodola
    • Joined on 01-16-2007, 9:17 AM
    • Heartland of America
    • Posts 3,025

    Vivek is correct, using ADODB would only be appropriate if you are using classic ASP.  And I dont find any reason to be using classic ASP.

    So, give the OleDB connection a try, I have a Microsoft Access database on a GoDaddy server also, and it works great.

     Good luck!

    -JoshGeeked

    Josh Stodola ← Come check out my blog!

  • Re: Security Exception when accessing a database

    01-31-2007, 1:47 PM

    Thanks,

    I will try this out tonight, but I do have one more question for Josh. When you connect to your GoDaddy DB is the DB in the access_db path created by GoDaddy? Also, did you hard code the path of the DB, i.e. d:\hosting\USERNAME\access_db\DB.mdb or did you use the Server.MapPath("access_db")? My access_db directory is not a subdirectory of my aspx files. Does this make a difference.

    Thank you

  • Re: Security Exception when accessing a database

    01-31-2007, 11:26 PM

    I changed everything over to use OleDB and I can get read and write the DB when running it in VS. But when I run the page from localhost in IE I get the same error as was posted above. If there is any more info you need, i.e. code, let me know and I will post it.

    Thank you

  • Re: Security Exception when accessing a database

    02-01-2007, 12:03 AM

    I think it is working but it is now another problem. OK, my main page has three frames. When I click on a link in one frame it loads the ASP.NET page into another frame. This causes a security exception. When I type in the page directly, i.e. http://localhost/KRFeedback/KRFeedback, it works correclty. So it is something to do with the frames. I'm not sure how to fix this.

  • Re: Security Exception when accessing a database

    02-01-2007, 1:16 PM
    • Loading...
    • vivek_iit
    • Joined on 06-18-2006, 2:13 PM
    • New Delhi
    • Posts 3,072
    • TrustedFriends-MVPs

    What is the exception message you are getting?

    -Vivek

    MVP, ASP.NET || My Website || Blog || Articles

    Please mark the most helpful reply/replies as "Answer".

  • Re: Security Exception when accessing a database

    02-01-2007, 3:41 PM
    • Loading...
    • JoshStodola
    • Joined on 01-16-2007, 9:17 AM
    • Heartland of America
    • Posts 3,025

    Dustin,

    I hard coded the path.  As far as your problem with frames, I have no idea.  I never did mess around with frames, I find them to be annoying.  Maybe more detail about the exception and I can help.

    Good luck

    Josh Stodola ← Come check out my blog!