implementing ICertificatePolicy causes security exception under hosted environment

[C.W.]

I need to establish an SSL connection with another in my application.
However, I have run into a security exception when I run my code under
hosted environment.

In particular, I have the following class:

Class AcceptAllCertificatesPolicy

Implements ICertificatePolicy



Public Function CheckValidationResult(ByVal srvPoint As
System.Net.ServicePoint, ByVal certificate As
System.Security.Cryptography.X509Certificates.X509Certificate, ByVal request
As System.Net.WebRequest, ByVal certificateProblem As Integer) As Boolean
Implements System.Net.ICertificatePolicy.CheckValidationResult

Return True

End Function

End Class



When I call this class using

ServicePointManager.CertificatePolicy = New AcceptAllCertificatesPolicy

I get a security exception

Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the
permission of type System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.


Line 418: req.ClientCertificates.Add(X509Cert)
Line 419:
Line 420: ServicePointManager.CertificatePolicy = New
AcceptAllCertificatesPolicy
Line 421:
Line 422: Dim reqWriter As StreamWriter = New
StreamWriter(req.GetRequestStream())



Stack Trace:
[SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.]
System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
PermissionToken permToken) +666
System.Security.CodeAccessSecurityEngine.Check(PermissionToken permToken,
CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 checkFrames,
Int32 unrestrictedOverride) +0
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap,
StackCrawlMark& stackMark) +88
System.Security.CodeAccessPermission.Demand() +62
System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy
value) +45



I gather this must be due to security restrictions set up by the webhost.
Can I change my code to somehow get around this or only the web host can fix
this issue?

Thanks in advance

 

[Joe Kaplan \(MVP - ADSI\)]

The SDK docs indicate that accessing the
ServicePointManager.CertificatePolicy requires SecurityPermission with the
UnmanagedCode flag. If you are running your code under partial trust
(sounds like you are), you must have that permission.

The alternative might be to fix the SSL issues that are causing you to want
to override certificate errors.

Joe K.

I need to establish an SSL connection with another in my application.
However, I have run into a security exception when I run my code under
hosted environment.

In particular, I have the following class:

Class AcceptAllCertificatesPolicy

Implements ICertificatePolicy



Public Function CheckValidationResult(ByVal srvPoint As
System.Net.ServicePoint, ByVal certificate As
System.Security.Cryptography.X509Certificates.X509Certificate, ByVal
request As System.Net.WebRequest, ByVal certificateProblem As Integer) As
Boolean Implements System.Net.ICertificatePolicy.CheckValidationResult

Return True

End Function

End Class



When I call this class using

ServicePointManager.CertificatePolicy = New AcceptAllCertificatesPolicy

I get a security exception

Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the
permission of type System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 failed.


Line 418: req.ClientCertificates.Add(X509Cert)
Line 419:
Line 420: ServicePointManager.CertificatePolicy = New
AcceptAllCertificatesPolicy
Line 421:
Line 422: Dim reqWriter As StreamWriter = New
StreamWriter(req.GetRequestStream())



Stack Trace:
[SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.]
System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
PermissionToken permToken) +666
System.Security.CodeAccessSecurityEngine.Check(PermissionToken
permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32
checkFrames, Int32 unrestrictedOverride) +0
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap,
StackCrawlMark& stackMark) +88
System.Security.CodeAccessPermission.Demand() +62
System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy
value) +45



I gather this must be due to security restrictions set up by the webhost.
Can I change my code to somehow get around this or only the web host can
fix this issue?

Thanks in advance