Executing ASP.Net Application from Network Share in IIS 6.0

Home » Articles

	Search

	Technologies
	ASP.Net C# ASP.Net AJAX IIS .NetFramework Webservices Sql Server Javascript Sharepoint Services ASP.Net MVC jQuery

	Sponsored links

	CodeDigest Navigation
	Home Register Login Advertise Contact Us

	Technology News
	No News Feeds available at this time.

	Community News
	No News Feeds available at this time.

Executing ASP.Net Application from Network Share in IIS 6.0

By Satheesh Babu
Posted On Dec 18,2009

Article Rating:


Be first to rate this article.

No of Comments: 0

Category: ASP.Net


Print this article.

Executing ASP.Net Application from Network Share in IIS 6.0

There are situations where we need to put our asp.net application files on a network share instead of keeping it in local file system. To do this, go to your website Properties > click the tab "Home Directory" in case website and "Virtual Directory" in case of a virtual directory, you can specify the share location by selecting the option “A share located on another computer”. Next, specify the account through which IIS can connect to the share by clicking “Connect As...” button.

Refer the figure below,

Please note that your service account should have the proper access to the share location to connect to it.

When we try to execute our application after making the above change, it will throw an error similar to below,

Server Error in '/Apps/InqTest' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0

System.Reflection.Assembly.GetType(String name, Boolean throwOnError) +36

System.Web.Compilation.BuildResultCompiledType.GetPreservedAttributes(PreservationFileReader pfr) +54

System.Web.Compilation.PreservationFileReader.ReadFileInternal(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +496

System.Web.Compilation.PreservationFileReader.ReadBuildResultFromFile(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +91

System.Web.Compilation.DiskBuildResultCache.GetBuildResult(String cacheKey, VirtualPath virtualPath, Int64 hashCode) +66

System.Web.Compilation.BuildManager.GetBuildResultFromCacheInternal(String cacheKey, Boolean keyFromVPP, VirtualPath virtualPath, Int64 hashCode) +176

System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath) +43

System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +59

System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +101

System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +126

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +62

System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +33

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +40

System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig) +160

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +93

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053

Before resolving this error, it is necessary to understand why we are presented with the above error.

.Netframework has a special security feature which can control the code access to the resources called Code Access Security Policy.

Code Access Security Policy

Through this feature, the framework will control the code from performing any privileged actions that are vulnerable or which may compromise security. Code Access Security provides various levels of trusted access to the code based on its origination and identity. By default, framework has some predefined levels of permission which it uses to grant permissions for the codes to execute. You can read more about this here.

Thus, by this feature we have another layer of security mechanism in place which can reduce the threats.

We can use a tool called Caspol.exe to modify these settings to grant or deny access to a resource.

Now, to make our code to execute successfully, we can use this tool and tell the framework that the code originating from the share can be fully trusted so that Code Access Security can allow the execution.

Resolution

Login to your server. Go to RUN. Type cmd to open command prompt. Browse to C:\WINDOWS\Microsoft.NET\Framework\v2.0.XXXXX> folder and execute the below command.

caspol -m -ag 1 -url file:\\ShareServer\Test\* FullTrust

OUTPUT

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>caspol -m -ag 1 -url file:\\ShareServer\Test\* FullTrust

Microsoft (R) .NET Framework CasPol 2.0.50727.3053

Added union code group with "-url" membership condition to the Machine level.

Success

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>

Do an IISRESET to see the changes working.

The below command can be used to check the list of code groups. You can see our share appended at the last.

List Groups

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>caspol -lg

Microsoft (R) .NET Framework CasPol 2.0.50727.3053

Security is ON

Execution checking is ON

Policy change prompt is OFF

Level = Machine

Code Groups:

1. All code: Nothing

1.1. Zone - MyComputer: FullTrust

1.1.1. StrongName - 0024000004800000940000000
6020000002400005253413100040

0000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9
E8FD6AEC8F87FB03766C834C99921EB23BE

79AD9D5DCC1DD9AD236132102900B723CF980957FC4E17
7108FC607774F29E8320E92EA05ECE4E82

1C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D
745D6F2DE5F17E5EAF0FC4963D261C8

A12436518206DC093344D5AD293: FullTrust

1.1.2. StrongName - 000000000000000004
00000000000000: FullTrust

1.2. Zone - Intranet: LocalIntranet

1.2.1. All code: Same site Web

1.2.2. All code: Same directory FileIO - 'Read, PathDiscovery'

1.3. Zone - Internet: Internet

1.3.1. All code: Same site Web

1.4. Zone - Untrusted: Nothing

1.5. Zone - Trusted: Internet

1.5.1. All code: Same site Web

1.6. Url - file:\\ShareServer\Test\*: FullTrust

Success

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>

The below command can be used to remove a group from the code group.

Remove Group

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 >caspol -rg 1.6

You can learn more about using the tool here.

Conclusion

Security is one of the vital parts of any application we develop these days. Even though we are restricting the users from accessing protected resources through authentication and authorization techniques, a malicious user can exploit in some way if the code is not actually restricted. Thus, Code Access security policy the framework adds a layer of security over our application security to help having more secure environments.

Latest Articles

5 Tips on How to Use Twitter Effectively for Your IT Career

How to Choose a Real World Network Security

Is It Easy to Learn Java if You Already Know JavaScript?

New to ASP.NET? Here’s the Simplest Code You Can Execute

Top 5 programming languages commonly used by online gaming developers

Streaming Media Contents and VPNs

Latest QuickStart Guides

What is Web Accessibility Guidelines & Section 508 Compliance? Build Screen Reader Friendly WebSites

What is Dapper? How to Use Dapper in Asp.Net MVC?

What is REST Services? How to Create REST Services in Asp.Net?

What is OWASP? What are OWASP Top 10 Security Risks?

Using Gulp (gulpfile.js) in Visual Studio 2017

What is Gulp? How to Use Gulp?

You can contribute to CodeDiget.Com:

Article Feedback

Comments

www.codedigest.com. All articles are posted "AS IS" with no warranties. All articles are posted for educational purpose only and individual authors are responsible for their article. Please mail satheeshbabu.b{at}gmail.com for any queries or compliants.
Disclaimer Terms and Condition Privacy Policy Contact Us Our network websites: ChennaiOnNet.Com