Another Security Exception on GoDaddy after Login

2019-01-25 11:53发布

问题:

Host: GoDaddy Shared Hosting

Trust Level: Medium

The following happens after I submit a valid user/pass. The database has read/write permissions and when I remove the login requirement on an admin page that updates the database work as expected.

Has anyone else had this issue or know what the problem is? Anyone?

Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +59
   System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +684
   System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +114
   System.Configuration.Internal.InternalConfigHost.StaticOpenStreamForRead(String streamName) +80
   System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String streamName, Boolean assertPermissions) +115
   System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String streamName) +7
   System.Configuration.Internal.DelegatingConfigHost.OpenStreamForRead(String streamName) +10
   System.Configuration.UpdateConfigHost.OpenStreamForRead(String streamName) +42
   System.Configuration.BaseConfigurationRecord.InitConfigFromFile() +437


Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433 

回答1:

If you're using any third party components you might want to check to see if the components are performing some type of security action. A year or so ago I ran into an issue with GoDaddy and the SubSonic ORM, it had a problem with a particular line of code that was requesting a level of security. I cracked open the code in reflector, took a look , verified it.

This can be a problem. If the component is causing you the pain try downloading the code and removing the suspect code, recompiling and run with that. That is exactly what I had to do w/ the SubSonic code a year or two back.



回答2:

http://www.codeproject.com/Questions/586223/SecurityplusExceptionpluscomingplusinplusaplusrunn

Solution 4 System.Security.SecurityException: Request for the permission of type 'System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed

following solution of above error

<system.web>
    <customErrors mode="Off"/>
    <trust level="Full" />
</system.web>

Works for my en godady hosting



回答3:

Have you tried playing around with the permissions of the files and folders in your site? I've had an error on godaddy where a new file couldn't be written because the directory had no write permission. You could try setting your whole root to read/write to see if that fixes your problem. To get to your permissions settings:

  • Login to GoDaddy
  • Click "My Hosting Account" and "Manage Account" next to your site name
  • Click "My Files"
  • Check the boxes next to files that are getting accessed then click the Permissions icon at the top


回答4:

I am currently moving my website to GoDaddy and hit this error. I have a custom Membership Provider that uses hashed passwords based on the machinekey in the web.config. So it was this block of code that was causing the error:

// Get encryption and decryption key information from the configuration.
Configuration cfg =
  WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
machineKey = (MachineKeySection)cfg.GetSection("system.web/machineKey");

if (machineKey.ValidationKey.Contains("AutoGenerate"))
    if (PasswordFormat != MembershipPasswordFormat.Clear)
        throw new ProviderException("Hashed or Encrypted passwords are not supported with auto-generated keys.");

So the problem was trying to open the web.config using WebConfigurationManager.OpenWebConfiguration, which I fixed by replacing the OpenWebConfiguration and GetSection lines with the following:

machineKey = (MachineKeySection)WebConfigurationManager.GetWebApplicationSection("system.web/machineKey");