Security Exception in CE 6.1

Last post 03-26-2013, 9:58 AM by dotcom. 12 replies.
Sort Posts: Previous Next
  •  05-22-2008, 11:29 AM 40673

    Security Exception in CE 6.1

    I have just upgraded to CE 6.1 from 6.0. Every time I attempt to load a resource from the server using toolbar buttons, I get the Security Exception below. The same happens if I use CE to provide a Select Image dialog, following the example given in the code samples.
     
    The application worked with 6.0. The directories configured as the resource folders in Configuration\Security\Default.config are the same as they were before; they are directories within the virtual root of the web. The NETWORK SERVICE identity has the same permissions on the CuteSoft_Client directory and subdirectories as it did before.
     
    It looks as though CE is trying to access a temp directory, which I guess is the one at ImageEditor\TempFiles. This appears to have the same permissions as usual.
     
    I'm running the web on IIS7 on Windows Vista. The security context is medium trust, to emulate shared hosting conditions.
     
    Can anyone throw any light on this please? I need to resolve this to be able to move forward with CE 6.1, which otherwise looks a lot better, especially with usability of the editor.
     
    Paul Taylor
     
     

    Paul Taylor
    Dotcom Software Solutions
  •  05-22-2008, 11:44 AM 40675 in reply to 40673

    Full Trust

    Aha. When I run the application under full trust, it works. Is this a bug introduced in 6.1?
    Paul Taylor
    Dotcom Software Solutions
  •  05-22-2008, 12:08 PM 40676 in reply to 40673

    Re: Security Exception in CE 6.1

    dotcom,
     
    Cute Editor contains an uploader control which needs a temp folder to store the temp files.
     
    If you are using medium trust, try the steps below.
     
    1. Create a folder under your project and name it "CuteEditorTemp"; make sure ASPNET account has write permission to the above folder.
     
    2. Open your web.config and add the following entry:
     
    <add key="CuteEditorTempPath" value="~/CuteEditorTemp" />
     
    Keep me posted

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  05-23-2008, 2:01 AM 40694 in reply to 40676

    Re: Security Exception in CE 6.1

    Hi Adam,
     
    Thanks for your reply. Unfortunately, it hasn't solved the problem. What I did to test is as follows:
    • Add your config entry to the appSettings section in web.config
    • Change the virtual directory to one that CE 6.0 is able to write to
    • Click on the ImageGallery button in the toolbar
    Same error message.
     
    From the trace it looks like CE is trying to use the Windows Temp directory which is a part of the user profile and is not available in Medium Trust scenarios. MT applications only have access to directories below the web root and "Isolated Storage". 
     
    Paul

    Paul Taylor
    Dotcom Software Solutions
  •  05-23-2008, 1:25 PM 40726 in reply to 40694

    Re: Security Exception in CE 6.1

    Paul,
     
    Cute Editor contains an uploader control which needs a temp folder to store the temp files.
     
    If you are using medium trust, try the steps below.
     
    1. Create a folder under your project and name it "CuteEditorTemp"; make sure ASPNET account has write permission to the above folder.
     
    2. Open your web.config and add the following entry:
     
    <add key="CuteEditorTempPath" value="~/CuteEditorTemp" />
     
    • If you follow the above steps correctly, it should resolve the problem.
    • To make sure you set the permission correctly, please write a simple upload script and upload some files to this temp folder.
    • If you still have problems with it, put your site online and send the FTP to us.
     
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  05-23-2008, 2:23 PM 40729 in reply to 40694

    Re: Security Exception in CE 6.1

    Paul,
     
    Please use this DLL which will give you a better error message:
     
     
    Keep me posted

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  06-13-2008, 6:47 AM 41395 in reply to 40729

    Re: Security Exception in CE 6.1

    Hi Adam,

    Not been able to work on this for a while, but I've got a chance to pick it up again now.
     
    The Zip file in the link doesn't exist.
     
    Also, I have followed your last instructions to the letter, giving the NETWORK SERVICE account write access to the directory, and the error still occurs.
     
    If you look at the stack trace in the error message I posted, you can see that CE calls the Path.GetTempPath() method, which requires unrestricted CAS Environment permission (see: http://msdn.microsoft.com/en-us/library/system.io.path.gettemppath(VS.71).aspx). In a medium trust environment, this is not available.
     
    To demonstrate, put the following line in the system.web section of yourweb.config, and attempt to access any of the toolbar items that open a file dialog:

    <trust level="Medium"/>

     
    You should get an error message similar to the one I posted.

    Paul Taylor
    Dotcom Software Solutions
  •  06-16-2008, 9:54 AM 41446 in reply to 41395

    Re: Security Exception in CE 6.1

    Paul,
     
     
    Or just download the control again.
     
    Keep me posted.

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  06-17-2008, 2:50 AM 41481 in reply to 41446

    Re: Security Exception in CE 6.1

    Great! Thanks Adam, the new dll works. I'll download the control again and integrate the new version.
     
    Regards,
     
    Paul

    Paul Taylor
    Dotcom Software Solutions
  •  03-06-2013, 1:20 PM 76991 in reply to 41481

    Re: Security Exception in CE 6.1

    I came across this old post while researching another Code Access Security exception with CE 6.1 on Medium Trust that has recently arisen and previously did not occur. The site in question was deployed several years ago and worked correctly. Neither the application nor CE has been upgraded since. At some point, possibly due to an operating system upgrade, the editor has stopped working. I have pasted the error stack trace below.

     

    Has this issue been encountered before, and is there a fix for it?

     

    Paul Taylor 

     

    Details:
    Application: mscorlib
    System.MethodAccessException: System.RuntimeType.get_Assembly() ---> System.Security.SecurityException: Request failed.
       at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
       at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
       at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
       at System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh)
       at System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh)
       at System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet)
       at System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet)
       at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext)
       at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant)
    The action that failed was:
    Demand
    The type of the first permission that failed was:
    System.Security.PermissionSet
       --- End of inner exception stack trace ---
       at System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams)
       at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args)
       at CuteEditor.Editor.a.a.e.a.a.a()
       at CuteEditor.Editor.a.a.a..ctor(a manager)
       at CuteEditor.Editor.a.a..ctor(Editor cuteEditor)
       at CuteEditor.Editor..ctor()
       at ASP.backoffice_contenteditor_aspx.__BuildControleditContent() in C:\inetpub\wwwroot\xxx\xxx\ContentEditor.aspx:line 62
       at ASP.backoffice_contenteditor_aspx.__BuildControlMain(Control __ctrl) in C:\inetpub\wwwroot\xxx\xxx\ContentEditor.aspx:line 7
       at System.Web.UI.CompiledTemplateBuilder.InstantiateIn(Control container)
       at ASP.backoffice_backoffice_master.__BuildControlphContent() in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 43
       at ASP.backoffice_backoffice_master.__BuildControlForm1() in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 10
       at ASP.backoffice_backoffice_master.__BuildControlTree(backoffice_backoffice_master __ctrl) in C:\inetpub\wwwroot\xxx\xxx\BackOffice.master:line 1
       at ASP.backoffice_backoffice_master.FrameworkInitialize()
       at System.Web.UI.UserControl.InitializeAsUserControlInternal()
       at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)
       at System.Web.UI.Page.get_Master()
       at System.Web.UI.Page.ApplyMasterPage()
       at System.Web.UI.Page.PerformPreInit()
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest()
       at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
       at System.Web.UI.Page.ProcessRequest(HttpContext context)
       at ASP.backoffice_contenteditor_aspx.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    http://localhost/xxx/xxx/ContentEditor.aspx?pid=1
    Void PerformSecurityCheck(System.Object, System.RuntimeMethodHandle, IntPtr, UInt32)
     


    Paul Taylor
    Dotcom Software Solutions
  •  03-06-2013, 1:44 PM 76993 in reply to 76991

    Re: Security Exception in CE 6.1

    Paul,

     

    Can you upgrade from 6.1 to 6.6? Version 6.1 is a very old version, 

     

    This upgrade is free. Your exisitng license file should work for this new version.

     

    http://cutesoft.net/downloads/default.aspx

     


    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  03-06-2013, 2:48 PM 76994 in reply to 76993

    Re: Security Exception in CE 6.1

    Will try it.
    Paul Taylor
    Dotcom Software Solutions
  •  03-26-2013, 9:58 AM 77104 in reply to 76994

    Re: Security Exception in CE 6.1

    Yep fixed in v6.6
    Paul Taylor
    Dotcom Software Solutions
View as RSS news feed in XML