Support forums - Security Exception in CE 6.1

Support forums » Products » Cute Editor for .NET » Re: Security Exception in CE 6.1

Security Exception in CE 6.1

Last post 03-26-2013, 9:58 AM by dotcom. 12 replies.


	Sort Posts: Previous Next

05-22-2008, 11:29 AM 40673

dotcom
Joined on 02-07-2005
Posts 26

Security Exception in CE 6.1

Reply Quote

I have just upgraded to CE 6.1 from 6.0. Every time I attempt to load a resource from the server using toolbar buttons, I get the Security Exception below. The same happens if I use CE to provide a Select Image dialog, following the example given in the code samples.

The application worked with 6.0. The directories configured as the resource folders in Configuration\Security\Default.config are the same as they were before; they are directories within the virtual root of the web. The NETWORK SERVICE identity has the same permissions on the CuteSoft_Client directory and subdirectories as it did before.

It looks as though CE is trying to access a temp directory, which I guess is the one at ImageEditor\TempFiles. This appears to have the same permissions as usual.

I'm running the web on IIS7 on Windows Vista. The security context is medium trust, to emulate shared hosting conditions.

Can anyone throw any light on this please? I need to resolve this to be able to move forward with CE 6.1, which otherwise looks a lot better, especially with usability of the editor.

Paul Taylor

Paul Taylor
Dotcom Software Solutions

05-22-2008, 11:44 AM 40675 in reply to 40673

dotcom
Joined on 02-07-2005
Posts 26

Full Trust

Reply Quote

Aha. When I run the application under full trust, it works. Is this a bug introduced in 6.1?

Paul Taylor
Dotcom Software Solutions

05-22-2008, 12:08 PM 40676 in reply to 40673

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security Exception in CE 6.1

Reply Quote

dotcom,

Cute Editor contains an uploader control which needs a temp folder to store the temp files.

If you are using medium trust, try the steps below.

1. Create a folder under your project and name it "CuteEditorTemp"; make sure ASPNET account has write permission to the above folder.

2. Open your web.config and add the following entry:

Keep me posted

asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
asp wysiwyg html editor: http://cutesoft.net/ASP
asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
Live Support: http://cutesoft.net/live-support/default.aspx

05-23-2008, 2:01 AM 40694 in reply to 40676

dotcom
Joined on 02-07-2005
Posts 26

Re: Security Exception in CE 6.1

Reply Quote

Hi Adam,

Thanks for your reply. Unfortunately, it hasn't solved the problem. What I did to test is as follows:

Add your config entry to the appSettings section in web.config
Change the virtual directory to one that CE 6.0 is able to write to
Click on the ImageGallery button in the toolbar

Same error message.

From the trace it looks like CE is trying to use the Windows Temp directory which is a part of the user profile and is not available in Medium Trust scenarios. MT applications only have access to directories below the web root and "Isolated Storage".

Paul

Paul Taylor
Dotcom Software Solutions

05-23-2008, 1:25 PM 40726 in reply to 40694

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security Exception in CE 6.1

Reply Quote

Paul,

Cute Editor contains an uploader control which needs a temp folder to store the temp files.

If you are using medium trust, try the steps below.

1. Create a folder under your project and name it "CuteEditorTemp"; make sure ASPNET account has write permission to the above folder.

2. Open your web.config and add the following entry:

If you follow the above steps correctly, it should resolve the problem.
To make sure you set the permission correctly, please write a simple upload script and upload some files to this temp folder.
If you still have problems with it, put your site online and send the FTP to us.

05-23-2008, 2:23 PM 40729 in reply to 40694

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security Exception in CE 6.1

Reply Quote

Paul,

Please use this DLL which will give you a better error message:

http://CuteSoft.net/download/ce-DLLs.zip

Keep me posted

06-13-2008, 6:47 AM 41395 in reply to 40729

dotcom
Joined on 02-07-2005
Posts 26

Re: Security Exception in CE 6.1

Reply Quote

Hi Adam,

Not been able to work on this for a while, but I've got a chance to pick it up again now.

The Zip file in the link doesn't exist.

Also, I have followed your last instructions to the letter, giving the NETWORK SERVICE account write access to the directory, and the error still occurs.

If you look at the stack trace in the error message I posted, you can see that CE calls the Path.GetTempPath() method, which requires unrestricted CAS Environment permission (see: http://msdn.microsoft.com/en-us/library/system.io.path.gettemppath(VS.71).aspx). In a medium trust environment, this is not available.

To demonstrate, put the following line in the system.web section of yourweb.config, and attempt to access any of the toolbar items that open a file dialog:

You should get an error message similar to the one I posted.

Paul Taylor
Dotcom Software Solutions

06-16-2008, 9:54 AM 41446 in reply to 41395

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security Exception in CE 6.1

Reply Quote

Paul,

Please use this link: http://CuteSoft.net/download/DLLs.zip

Or just download the control again.

Keep me posted.

06-17-2008, 2:50 AM 41481 in reply to 41446

dotcom
Joined on 02-07-2005
Posts 26

Re: Security Exception in CE 6.1

Reply Quote

Great! Thanks Adam, the new dll works. I'll download the control again and integrate the new version.

Regards,

Paul

Paul Taylor
Dotcom Software Solutions

03-06-2013, 1:20 PM 76991 in reply to 41481

dotcom
Joined on 02-07-2005
Posts 26

Re: Security Exception in CE 6.1

Reply Quote

I came across this old post while researching another Code Access Security exception with CE 6.1 on Medium Trust that has recently arisen and previously did not occur. The site in question was deployed several years ago and worked correctly. Neither the application nor CE has been upgraded since. At some point, possibly due to an operating system upgrade, the editor has stopped working. I have pasted the error stack trace below.

Has this issue been encountered before, and is there a fix for it?

Paul Taylor

Details:
Application: mscorlib
System.MethodAccessException: System.RuntimeType.get_Assembly() ---> System.Security.SecurityException: Request failed.
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
at System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh)
at System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh)
at System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet)
at System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet)
at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext)
at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.PermissionSet
--- End of inner exception stack trace ---
at System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams)
at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args)
at CuteEditor.Editor.a.a.e.a.a.a()
at CuteEditor.Editor.a.a.a..ctor(a manager)
at CuteEditor.Editor.a.a..ctor(Editor cuteEditor)
at CuteEditor.Editor..ctor()
at ASP.backoffice_contenteditor_aspx.__BuildControleditContent() in C:\inetpub\wwwroot\xxx\xxx\ContentEditor.aspx:line 62
at ASP.backoffice_contenteditor_aspx.__BuildControlMain(Control __ctrl) in C:\inetpub\wwwroot\xxx\xxx\ContentEditor.aspx:line 7
at System.Web.UI.CompiledTemplateBuilder.InstantiateIn(Control container)
at ASP.backoffice_backoffice_master.__BuildControlphContent() in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 43
at ASP.backoffice_backoffice_master.__BuildControlForm1() in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 10
at ASP.backoffice_backoffice_master.__BuildControlTree(backoffice_backoffice_master __ctrl) in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 1
at ASP.backoffice_backoffice_master.FrameworkInitialize()
at System.Web.UI.UserControl.InitializeAsUserControlInternal()
at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)
at System.Web.UI.Page.get_Master()
at System.Web.UI.Page.ApplyMasterPage()
at System.Web.UI.Page.PerformPreInit()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.backoffice_contenteditor_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
http://localhost/xxx/xxx/ContentEditor.aspx?pid=1
Void PerformSecurityCheck(System.Object, System.RuntimeMethodHandle, IntPtr, UInt32)