Does GridView.DataBind work under medium trust with custom objects

[Guest]

I am having problems getting a gridview to bind to custom objects under any
non-full trust level.

I created a test project to verify what I am seeing isn't a side effect of
other code in my project and I get the same errors there:

Exception Details: System.Security.SecurityException: That assembly does not
allow partially trusted callers.

[SecurityException: That assembly does not allow partially trusted callers.]
__ASP.FastObjectFactory_app_web_hkdmcy7e.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Here is the code I have for the one page test site (using Asp.Net web
application projects).

Default.aspx:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs"
Inherits="TestWebApp._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:GridView runat="server" ID="testGrid"></asp:GridView>
</div>
</form>
</body>
</html>

Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace TestWebApp
{
public partial class _Default : System.Web.UI.Page
{
public class MyClass
{
public MyClass()
{
name = Guid.NewGuid().ToString();
}
private string name;

public string Name
{
get { return name; }
set { name = value; }
}

}

public void Page_Load(object sender, EventArgs e)
{
testGrid.DataSource = new MyClass();
testGrid.DataBind();
}

protected void Page_PreRender(object sender, EventArgs e)
{
}
}
}

I have tried adding AllowPartiallyTrustedCallers to the assemblyinfo.cs file
for the web application, no luck.

 

[Winista]

GridView has nothing to do with this exception. Its .Net framework that is
preventing the access.

Do you have any third party assembly involved in this dataccess process? If
so, then you need to make sure that it has correct attribute set for
Partially trusted callers. Or this assembly needs to be registered in GAC.

I am having problems getting a gridview to bind to custom objects under any
non-full trust level.

I created a test project to verify what I am seeing isn't a side effect of
other code in my project and I get the same errors there:

Exception Details: System.Security.SecurityException: That assembly does
not
allow partially trusted callers.

[SecurityException: That assembly does not allow partially trusted
callers.]
__ASP.FastObjectFactory_app_web_hkdmcy7e.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean
useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Here is the code I have for the one page test site (using Asp.Net web
application projects).

Default.aspx:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs"
Inherits="TestWebApp._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:GridView runat="server" ID="testGrid"></asp:GridView>
</div>
</form>
</body>
</html>

Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace TestWebApp
{
public partial class _Default : System.Web.UI.Page
{
public class MyClass
{
public MyClass()
{
name = Guid.NewGuid().ToString();
}
private string name;

public string Name
{
get { return name; }
set { name = value; }
}

}

public void Page_Load(object sender, EventArgs e)
{
testGrid.DataSource = new MyClass();
testGrid.DataBind();
}

protected void Page_PreRender(object sender, EventArgs e)
{
}
}
}

I have tried adding AllowPartiallyTrustedCallers to the assemblyinfo.cs
file
for the web application, no luck.

 

[Guest]

I created another project, called TestDll and I have moved the class
definition to that file. This dll is compiled, signed and placed in the GAC.

Referencing this dll in the web application project and attempting to bind
to it causes the security error about the assembly not allowing partially
trusted callers. The dll test project does have that attribute set, as does
the web application project. The page_load event succeeds, but the
processing dies before the page_prerender event.

Also visual studio does not catch the exception, it just automatically spits
out the error:

[SecurityException: That assembly does not allow partially trusted callers.]
__ASP.FastObjectFactory_app_web_h72yepmo.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Any ideas on what I can do to debug this further?

GridView has nothing to do with this exception. Its .Net framework that is
preventing the access.

Do you have any third party assembly involved in this dataccess process? If
so, then you need to make sure that it has correct attribute set for
Partially trusted callers. Or this assembly needs to be registered in GAC.

I am having problems getting a gridview to bind to custom objects under any
non-full trust level.

I created a test project to verify what I am seeing isn't a side effect of
other code in my project and I get the same errors there:

Exception Details: System.Security.SecurityException: That assembly does
not
allow partially trusted callers.

[SecurityException: That assembly does not allow partially trusted
callers.]
__ASP.FastObjectFactory_app_web_hkdmcy7e.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean
useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Here is the code I have for the one page test site (using Asp.Net web
application projects).

Default.aspx:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs"
Inherits="TestWebApp._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:GridView runat="server" ID="testGrid"></asp:GridView>
</div>
</form>
</body>
</html>

Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace TestWebApp
{
public partial class _Default : System.Web.UI.Page
{
public class MyClass
{
public MyClass()
{
name = Guid.NewGuid().ToString();
}
private string name;

public string Name
{
get { return name; }
set { name = value; }
}

}

public void Page_Load(object sender, EventArgs e)
{
testGrid.DataSource = new MyClass();
testGrid.DataBind();
}

protected void Page_PreRender(object sender, EventArgs e)
{
}
}
}

I have tried adding AllowPartiallyTrustedCallers to the assemblyinfo.cs
file
for the web application, no luck.

 

[Guest]

Well,

I got my test project working after I discovered the built in http server
was not reloading my changes automatically and I had to shut it down manually
for some reason.

In my real project I still couldn't get it working, but then I saw I was
making a call to the Microsoft AntiXSSLibrary.HtmlEncode method... which
apparently does not allow non-trusted callers.

I removed those calls (change to Server.HtmlEncode) and it appears to work.
So now I am going to try and add a wrapper dll in the gac to still allow me
to use the AntiXSSLibrary. Very interesting, I wish it would have gave a
little more information about why it was failing.

I created another project, called TestDll and I have moved the class
definition to that file. This dll is compiled, signed and placed in the GAC.

Referencing this dll in the web application project and attempting to bind
to it causes the security error about the assembly not allowing partially
trusted callers. The dll test project does have that attribute set, as does
the web application project. The page_load event succeeds, but the
processing dies before the page_prerender event.

Also visual studio does not catch the exception, it just automatically spits
out the error:

[SecurityException: That assembly does not allow partially trusted callers.]
__ASP.FastObjectFactory_app_web_h72yepmo.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Any ideas on what I can do to debug this further?

GridView has nothing to do with this exception. Its .Net framework that is
preventing the access.

Do you have any third party assembly involved in this dataccess process? If
so, then you need to make sure that it has correct attribute set for
Partially trusted callers. Or this assembly needs to be registered in GAC.

I am having problems getting a gridview to bind to custom objects under any
non-full trust level.

I created a test project to verify what I am seeing isn't a side effect of
other code in my project and I get the same errors there:

Exception Details: System.Security.SecurityException: That assembly does
not
allow partially trusted callers.

[SecurityException: That assembly does not allow partially trusted
callers.]
__ASP.FastObjectFactory_app_web_hkdmcy7e.Create_ASP_default_aspx() +0
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +194

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +493
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +306

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath)
+336
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean
useAppConfig)
+643

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+279
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +444

Here is the code I have for the one page test site (using Asp.Net web
application projects).

Default.aspx:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs"
Inherits="TestWebApp._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:GridView runat="server" ID="testGrid"></asp:GridView>
</div>
</form>
</body>
</html>

Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace TestWebApp
{
public partial class _Default : System.Web.UI.Page
{
public class MyClass
{
public MyClass()
{
name = Guid.NewGuid().ToString();
}
private string name;

public string Name
{
get { return name; }
set { name = value; }
}

}

public void Page_Load(object sender, EventArgs e)
{
testGrid.DataSource = new MyClass();
testGrid.DataBind();
}

protected void Page_PreRender(object sender, EventArgs e)
{
}
}
}

I have tried adding AllowPartiallyTrustedCallers to the assemblyinfo.cs
file
for the web application, no luck.