SecurityException: Request failed in LoadControl

14 Dec 2006 10:52 AM

Achim Domma

Hi,

I have a web part which dynamicaly loads an ascx control. If I
configure my sharepoint for full trust, everything works fine. Using
other security settings, I get the following exception:

[SecurityException: Request failed.]
   System.Reflection.MethodBase.PerformSecurityCheck(Object obj,
RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags) +0
   System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean
skipVisibilityChecks, Boolean fillCache) +189
   System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
   System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes) +1036
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes) +114
   System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[]
args) +40
   System.Web.Configuration.PagesSection.CreateControlTypeFilter()
+3368024
   System.Web.UI.TemplateParser.ProcessConfigSettings() +179
   System.Web.UI.TemplateControlParser.ProcessConfigSettings() +15
   System.Web.UI.UserControlParser.ProcessConfigSettings() +9
   System.Web.UI.TemplateParser.PrepareParse() +415
   System.Web.UI.TemplateParser.Parse() +155

System.Web.Compilation.BaseTemplateBuildProvider.get_CodeCompilerType()
+105

System.Web.Compilation.BuildProvider.GetCompilerTypeFromBuildProvider(BuildProvider
buildProvider) +54

System.Web.Compilation.BuildProvidersCompiler.ProcessBuildProviders()
+256
   System.Web.Compilation.BuildProvidersCompiler.PerformBuild() +29
   System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath
virtualPath) +279

System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath
virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean
allowBuildInPrecompile) +580

System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext
context, VirtualPath virtualPath, Boolean noBuild, Boolean
allowCrossApp, Boolean allowBuildInPrecompile) +93
   System.Web.UI.TemplateControl.LoadControl(VirtualPath virtualPath)
+76
   System.Web.UI.TemplateControl.LoadControl(String virtualPath) +23

Using Reflector for .Net, I can look into CreateInstanceImpl and see a
check like this:

if (entry1.m_ctor != null)
{
if (!skipVisibilityChecks && entry1.m_bNeedSecurityCheck)
{
    MethodBase.PerformSecurityCheck(obj1, entry1.m_hCtorMethodHandle,
      this.TypeHandle.Value, 0x10000000);
}
}

Any hint why this check could fail or how to figure out what's the
reason is? I'm working on a custom trust file but have no idea what
permission my code might be missing.

regards,
Achim

14 Dec 2006 2:58 PM

Achim Domma

Hi,

I additionally granted System.Security.Permissions.ReflectionPermission
to my code and now the exception is thrown a bit later. Now the call to
System.RuntimeTypeHandle.CreateInstance throws a SecurityException.

Any hint?

Achim

15 Dec 2006 6:19 PM

Andy

What version of .NET are you using? The permissions available on the
full/high/medium/low default security policies are different between
frameworks and will determine what parameters you have to override.

21 Feb 2007 8:39 PM

JD

Has anyone determined the answer to this issue yet? I am running into the same problem trying to do the same thing.
---
Posted via DotNetSlackers.com

5 Apr 2007 4:34 PM

jumbox_us

I guess this is a late response, however I ran into exact same problem
and thought to share my solution. I couldn't find an answer anywhere.
A configuration recommended by official papers does not appear to work
with User Controls. After some disassembly and debugging, I was able
to solve it with following minimal permission set. Apparently a
template parser wants an entire PermissionSet unrestricted. It is also
worth noting that it uses LinkDemand, which probably explains why if
you deploy a user control with full trust and later switch to custom
set, you may remove all permissions and it will still work.

<SecurityClasses>
   ...
   <SecurityClass Name="SharePointPermission"
Description="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
   <SecurityClass Name="FileIOPermission"
Description="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>

<NamedPermissionSets>
    ...
   <PermissionSet class="NamedPermissionSet" version="1"
Name="wss_KS_minimaltrust" Unrestricted="true">
       <IPermission class="AspNetHostingPermission" version="1"
Level="Minimal"/>
       <IPermission class="SharePointPermission" version="1"
ObjectModel="True"/>
       <IPermission class="SecurityPermission" version="1"
Flags="Execution, ControlThread"/>
       <IPermission class="WebPartPermission" version="1"
Connections="True"/>
       <IPermission class="FileIOPermission" AllFiles="None"
AllLocalFiles="PathDiscovery, Read"/>
   </PermissionSet>
   ...
</NamedPermissionSets>