That assembly does not allow partially trusted callers

[Guest]

From the amount of articles about this one I’m sure this gets asked a lot,
but I haven’t yet found a succinct article which explains what is required in
its entirety.

I work using Visual Studio 2005 SP1 mainly in ASP.Net using VB.Net 2.0.

I have an application which runs without error on my development server so I
believe that the underlying code is correct.

Most of my applications including this one runs on a shared server (Win
2003) that my hosting provider runs in medium trust. I understand from
background reading that because of the trust issue certain ASP.Net 2.0
assemblies require additional alterations to their compilations files to
allow other assemblies to call there methods etc.

The application is set up so that the main application (project) has a
reference to a second project (the business layer) within the solution, where
most of the code is kept and maintained. Compilation of the business layer
passes the dll to the bin folder of the main application and then the
application including the dll in the bin folder is copied across to the live
server.

When I run the application on the live server I get the error “That assembly
does not allow partially trusted callersâ€

After background reading I added the line –

<Assembly: AllowPartiallyTrustedCallersAttribute()>

into the AssemblyInfo.vb file along with an “Imports System.Securityâ€

I could find no mention of where in the file this line should be added so I
assume this is of no importance.

I recompiled the application and uploaded it again but the error was still
present. Further research suggested that the assembly should have a “Strong
Name†so I went to the signing tab of the project settings and ticked the box
to “Sign the assembly†I then created a new “strong name key file†there were
none before this and the key “keyname.pfx†appeared in the business layer
project folder.

This is where I became stuck! I can find no reference explaining what I am
supposed to do with the key although I assume it is required on the live
server so that the business layer dll file can be referenced. I have uploaded
the new dll but the application still fails. I tried adding the key to the
bin folder on the live application but that didn’t help matters.

Any advice on the above or anybody know one good article which explains the
whole thing.

 

[Alvin Bruney [MVP]]

wow, slow your roll. There's no reason for this to fail on the shared server
if it works on the dev machine, after all, the assemblies on the dev machine
are (hopefully) the same ones on the share. Couple questions: What assembly
is it complaining about partial trust? This may quite possibly be a security
issue related to accessing the assembly on a shared drive, masquerading as
an aptca issue. The way to confirm/eliminate that issue is to turn CAS
policy off on the production machine and see if you get the message.

--
Regards,
Alvin Bruney
------------------------------------------------------
Shameless author plug
Excel Services for .NET is coming...
OWC Black book on Amazon and
www.lulu.com/owc
Professional VSTO 2005 - Wrox/Wiley

 

[Steven Cheng[MSFT]]

Hi Martyn,

As for the problem you met, it is likely a typical .NET(ASP.NET) Code
access security issue. As the error message indicate some assembly not
allow partial trusted caller, I agree with Alvin that you should first
check which assembly is the exact one that raise this error. Normally in a
public service hoster(with restricted code access permission policy), this
is common issue. And it is not necessarily your assembly, but could be some
other assemblies(system assembies) your assembly uses that raise this
error.

Generally, at development time, since your ASP.NET application is running
under Full Trust policy, there won't raise such CAS problem. At publich
shared hoster, CAS policy is restricted, if your application has called
some privileged code(according to .NET CAS permission), it may raise some
error. As for the "strong-name" or "AllowPartiallyTrustedCallers"
attribute, it is a typical approach use to create a wrapper assembly which
call those privileged code and install it into GAC. Here is a good MSDN
article detailedly describe ASP.NET 2.0 code access security and how to
deal with some common issues. You can have a look:

#How To: Use Code Access Security in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998326.aspx#paght000017_wrappingp
rivilegedcode

If you have any more specific questions, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi there and thanks for the reply

To expand a little the error is as follows:

-----------------------------------------------

[SecurityException: That assembly does not allow partially trusted callers.]
BusinessLayer.exRateFactory.SerializeClass(exRate _exRate, String Path)
in exRateFactory.vb:91
BusinessLayer.exRateFactory.GetExRate() in exRateFactory.vb:26
Test.Page_Load(Object sender, EventArgs e) in
D:\networkclub2couk\wwwroot\webservices\exRate\Test.aspx.vb:9
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.test_aspx.ProcessRequest(HttpContext context) +29

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +64

-----------------------------------------------

exRateFactory and exRate are classes in the business layer. The two methods
which are called are GetexRate which basically sets a number of values on the
exRate class and SerializeClass which serializes the exRate class once the
values are loaded. Basically the exRateFactory either calculates new values
or takes the values from the serialized class according to certain perameters.

As far as I understand it when I build the solution the BusinesLayer.dll is
copied to the bin foilder of the main application. The main application then
calls the classes from within the BusinessLayer.dll. This works without issue
on the devlopment server.

When I upload the application to the Shared hosting environments all the
contents of the bin folder are copied to the bin folder on the live
application.

I'm assuming from the error message that the offending assembly is the
BusinessLayer.dll

I have quite a few applications on this host built with the same basic
architecture (using BusinessLayer.dll) buit have never come across this issue
before. As a result I am somewhet confused!

The development server and live server are set up as close to the same as
possible, same versions of ASP.Net etc but I have no control over the live
server as it is not mine. My hosting provider is however very helpfull.

I apologise if my explanations are muddled but despite reading several
articles on this im not entirly sure I fully understand the problems.

--
Regards

Martyn Fewtrell

 

[Guest]

Hi there

I have now identified what the problem is. As this post is now rather old
and partially irrelevant I'll start a new thread.

Thanks for your advice.
--
Regards

Martyn Fewtrell

Hi there and thanks for the reply

To expand a little the error is as follows:

-----------------------------------------------

[SecurityException: That assembly does not allow partially trusted callers.]
BusinessLayer.exRateFactory.SerializeClass(exRate _exRate, String Path)
in exRateFactory.vb:91
BusinessLayer.exRateFactory.GetExRate() in exRateFactory.vb:26
Test.Page_Load(Object sender, EventArgs e) in
D:\networkclub2couk\wwwroot\webservices\exRate\Test.aspx.vb:9
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.test_aspx.ProcessRequest(HttpContext context) +29

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +64

-----------------------------------------------

exRateFactory and exRate are classes in the business layer. The two methods
which are called are GetexRate which basically sets a number of values on the
exRate class and SerializeClass which serializes the exRate class once the
values are loaded. Basically the exRateFactory either calculates new values
or takes the values from the serialized class according to certain perameters.

As far as I understand it when I build the solution the BusinesLayer.dll is
copied to the bin foilder of the main application. The main application then
calls the classes from within the BusinessLayer.dll. This works without issue
on the devlopment server.

When I upload the application to the Shared hosting environments all the
contents of the bin folder are copied to the bin folder on the live
application.

I'm assuming from the error message that the offending assembly is the
BusinessLayer.dll

I have quite a few applications on this host built with the same basic
architecture (using BusinessLayer.dll) buit have never come across this issue
before. As a result I am somewhet confused!

The development server and live server are set up as close to the same as
possible, same versions of ASP.Net etc but I have no control over the live
server as it is not mine. My hosting provider is however very helpfull.

I apologise if my explanations are muddled but despite reading several
articles on this im not entirly sure I fully understand the problems.

--
Regards

Martyn Fewtrell

Hi Martyn,

As for the problem you met, it is likely a typical .NET(ASP.NET) Code
access security issue. As the error message indicate some assembly not
allow partial trusted caller, I agree with Alvin that you should first
check which assembly is the exact one that raise this error. Normally in a
public service hoster(with restricted code access permission policy), this
is common issue. And it is not necessarily your assembly, but could be some
other assemblies(system assembies) your assembly uses that raise this
error.

Generally, at development time, since your ASP.NET application is running
under Full Trust policy, there won't raise such CAS problem. At publich
shared hoster, CAS policy is restricted, if your application has called
some privileged code(according to .NET CAS permission), it may raise some
error. As for the "strong-name" or "AllowPartiallyTrustedCallers"
attribute, it is a typical approach use to create a wrapper assembly which
call those privileged code and install it into GAC. Here is a good MSDN
article detailedly describe ASP.NET 2.0 code access security and how to
deal with some common issues. You can have a look:

#How To: Use Code Access Security in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998326.aspx#paght000017_wrappingp
rivilegedcode

If you have any more specific questions, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Steven Cheng[MSFT]]

Thanks for your reply Martyn,

I haven't got replied due to some other urgent business. How are you doing
and what's the problem you've identified? I think it is ok to continue to
discuss here or if you want, you can also feel free to create a new thread.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.