SecurityException when adding page in 1.1.4

Topics: Developer Forum, User Forum
Jan 14, 2008 at 10:25 PM
Edited Jan 14, 2008 at 10:35 PM
Can't get this working on my own machine. I've read the documentation and several entries on this forum of relevance. When I try adding a page I get the following (I have modified the code to get me this additional information):

CreateDirectory(C:\Documents and Settings\michaelb\My Documents\Visual Studio 2005\Projects\MyWebPagesStarterKit1.1.4\AppData\ContactForm) failed! Error message:
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
User account: T38PRO\ASPNET

T38PRO is my machine name. I have given full authority on App_Data to ASPNET and to its parent directory. I have also turned on directory browsing on both of these. I even briefly tried turning on web sharing but to no avail.

The relevant error log entry is as follows:
<Created>14 January 2008 23:12:47</Created>
<Error>System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at MyWebPagesStarterKit.Persistable`1.SaveData() in c:\Documents and Settings\michaelb\my documents\visual studio 2005\projects\mywebpagesstarterkit1.1.4\AppCode\Persistable.cs:line 90
at Default.btnNewSectionClick(Object sender, EventArgs e) in c:\Documents and Settings\michaelb\my documents\visual studio 2005\projects\mywebpagesstarterkit_1.1.4\Default.aspx.cs:line 62
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.defaultaspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\a73081f4\e41561bf\AppWeb__82rnxul.2.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
The action that failed was:
The type of the first permission that failed was:
The Zone of the assembly that failed was:
<string>ALLHTTP: HTTPCACHECONTROL:no-cache, HTTPCONNECTION:Keep-Alive, HTTPCONTENTLENGTH:3459, HTTPCONTENTTYPE:application/x-www-form-urlencoded, HTTPACCEPT:/, HTTPACCEPTENCODING:gzip, deflate, HTTPACCEPTLANGUAGE:en-gb,en-us;q=0.5, HTTPCOOKIE:ASP.NETSessionId=okri2m45bjfp0nzmuaaama45; .ASPXFORMSAUTH=2C7431AB62327E051DDE209FE01D2FC1B7AD4F8D867D8ABE870C47C84A54C979C0A356EE783DC85B32340B1957937800AE57A03C225A05CC3AFEDD07D7334FCB3C31BC3F4E878365862DFD1FB2BA002B, HTTPHOST:localhost, HTTPREFERER:http://localhost/homepage.aspx, HTTPUSERAGENT:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022), HTTPUA_CPU:x86, </string>
<string>ALLRAW: Cache-Control: no-cache, Connection: Keep-Alive, Content-Length: 3459, Content-Type: application/x-www-form-urlencoded, Accept: /, Accept-Encoding: gzip, deflate, Accept-Language: en-gb,en-us;q=0.5, Cookie: ASP.NETSessionId=okri2m45bjfp0nzmuaaama45; .ASPXFORMSAUTH=2C7431AB62327E051DDE209FE01D2FC1B7AD4F8D867D8ABE870C47C84A54C979C0A356EE783DC85B32340B1957937800AE57A03C225A05CC3AFEDD07D7334FCB3C31BC3F4E878365862DFD1FB2BA002B, Host: localhost, Referer: http://localhost/homepage.aspx, User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022), UA-CPU: x86, </string>
<string>APPLMDPATH: /LM/W3SVC/2/ROOT</string>
<string>APPLPHYSICALPATH: C:\Documents and Settings\michaelb\My Documents\Visual Studio 2005\Projects\MyWebPagesStarterKit_1.1.4\</string>
<string>AUTH_TYPE: Forms</string>
<string>AUTH_USER: admin</string>
<string>REMOTE_USER: admin</string>
<string>CONTENT_LENGTH: 3459</string>
<string>CONTENT_TYPE: application/x-www-form-urlencoded</string>
<string>GATEWAY_INTERFACE: CGI/1.1</string>
<string>HTTPS: off</string>
<string>INSTANCE_ID: 2</string>
<string>INSTANCEMETAPATH: /LM/W3SVC/2</string>
<string>PATH_INFO: /default.aspx</string>
<string>PATHTRANSLATED: C:\Documents and Settings\michaelb\My Documents\Visual Studio 2005\Projects\MyWebPagesStarterKit1.1.4\default.aspx</string>
<string>QUERY_STRING: pg=5c0867e8-b970-454f-a8a9-5e2cf2a2284a</string>
<string>REMOTE_PORT: 4549</string>
<string>REQUEST_METHOD: POST</string>
<string>SCRIPT_NAME: /default.aspx</string>
<string>SERVER_NAME: localhost</string>
<string>SERVER_PORT: 80</string>
<string>SERVERPORTSECURE: 0</string>
<string>SERVER_PROTOCOL: HTTP/1.1</string>
<string>SERVER_SOFTWARE: Microsoft-IIS/5.1</string>
<string>URL: /default.aspx</string>
<string>HTTPCACHECONTROL: no-cache</string>
<string>HTTP_CONNECTION: Keep-Alive</string>
<string>HTTPCONTENTLENGTH: 3459</string>
<string>HTTPCONTENTTYPE: application/x-www-form-urlencoded</string>
<string>HTTP_ACCEPT: /</string>
<string>HTTPACCEPTENCODING: gzip, deflate</string>
<string>HTTPACCEPTLANGUAGE: en-gb,en-us;q=0.5</string>
<string>HTTPCOOKIE: ASP.NETSessionId=okri2m45bjfp0nzmuaaama45; .ASPXFORMSAUTH=2C7431AB62327E051DDE209FE01D2FC1B7AD4F8D867D8ABE870C47C84A54C979C0A356EE783DC85B32340B1957937800AE57A03C225A05CC3AFEDD07D7334FCB3C31BC3F4E878365862DFD1FB2BA002B</string>
<string>HTTP_HOST: localhost</string>
<string>HTTP_REFERER: http://localhost/homepage.aspx</string>
<string>HTTPUSERAGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)</string>
<string>HTTPUACPU: x86</string>

ProcessMonitor from SysInternals/Mark Russinovich shows a surprise though - the only point where it shows the process aspnet_wp.exe attempting to do anything with ContactForm is as follows:
25454 23:12:45.8373234 aspnetwp.exe 1868 QueryOpen C:\Documents and Settings\michaelb\My Documents\Visual Studio 2005\Projects\MyWebPagesStarterKit1.1.4\App_Data\ContactForm NAME NOT FOUND

i.e. It's trying a QueryOpen rather than a Create. Or maybe the code always looks to see whether something already exists before creating a new one? Maybe to prevent name clashes? Sadly the stack trace on this line is useless - presumably it doesn't understand .Net.

Any ideas anyone?
Jan 15, 2008 at 12:13 AM
Did you remove "Read Only" from all the files in the site? Are you using IIS? IF so; your localhost is set to "homepage.aspx" instead of "default.aspx."

I'm new to ASP.NET, and most of the error codes you show; i've seen. Are you using the site as a virtual site, or is it in the main directory? I tried, at first, as a virtual site, and couldn't get it working at all. I switched
it to my main site, and it's worked pretty good since.

If there's one file or folder that's "Read Only" then it won't run either; error codes right down the line, until you remove all the read only files and folders, too.

Also, If you're using IIS; check to make sure that your ASP.NET snap-in can see your web.config file - if it isn't, then the site won't run outside of VS or VB.

hopefully this helps you out a bit
Jan 15, 2008 at 5:36 AM
Edited Jan 15, 2008 at 5:37 AM
Thanks for those suggestions. Sadly none of them helped. The site itself runs fine because I have configured it as a main site rather than a virtual directory, it can access web.config OK and it is set to use default.aspx (actually I've never seen ASP.Net default to homepage.aspx - I wonder why that happens on your machine). I did, however, have loads of read-only files (there's no such thing as a read-only directory in NTFS a far as I'm aware) so I have removed the RO flag from them all now, but that made no difference.

I should have pointed out that the site does appear to be running OK generally - I can configure the site and set up user accounts. It's only when I go to add a new page that it goes wrong.

All suggestions gratefully received.

Jan 15, 2008 at 9:19 AM
I was just looking at my "error" log and it appears, almost, exactly the same as your's does. Right not, my problem is when I try to edit a page with the HTML tags; it won't give me the option to do any editing. The only way that i can, is to use my Visual Web Developer app. Doing that, though; it doesn't post to the site for a couple of hours.

the "homepage.aspx" page i was referring to is part of your error log, not mine; it's one of your last tags in your error log. In mine, it says some other page that's part of MWPSK. When I go to build my site, I get warnings all over the place, and when i debug, there's even more. I thought it was because I was editing some hidden pages, but that's not the case; I took them out of the hidden state, and still get the same.

The site runs fine; I just can't edit anything (especially HTML) and have it keep. IE7 script debugging enabled; I get errors all over the pages, too. I can barely navigate around the site without the error messages popping up. Everything was running fine for a while, but I think that an Office update screwed everything up (Office SP3 probably).

Once again, though; I'll probably restart the whole application again, and start from scratch. That's if they don't respond to my post (previous to yours) any time soon.

Good luck!!
Jan 15, 2008 at 7:54 PM
In the error desc there are several lines with 'System.Security.Permissions.FileIOPermission
Make sure you have read and write permissions on the server(IIS) and also the IIS account.
Maby you have to change account (IUSR_DOMAIN) to another that has this permissions.
In Windows it's always security thats is the problem :-)