Hello all --
I'm putting this out there as sort of a knowledge base article so that the next person won't have to pay Microsoft $250 to solve the problem. There are alot of questions out there on the net with no answers.
After setting IIS (applies to both 5 & 6) to run at "A share located on another computer", rather than "A directory on this computer", a third party assembly I've been using successfully for over a year now began to throw the following configuration exception:
Unverifiable Assembly 'AssemblyName' failed policy check
The problem was that a UNC path is in a different security zone than "My Computer", but furthermore, setting "Local Intranet" and "Trusted Sites" to a "Full Trust" security policy failed to solve the problem (which I still don't completely understand, since that's the zone where my share resides, but I digress).
What eventually had to happen was to open up the .NET framework configuration utility, go under the "Runtime Security Policy" at the "Machine" level, and expand code groups.
Right click the parent code group node, and make a new code group.
Name it something (anything).
Set the definition to "URL"
Specify the url as the root of your website. In my case, it was:
Set the new code group to be "Full Trust"
Voila. Problem solved. Please find below some more detailed descriptions of the process and some other miscellaneous information from an extremely helpful person out of their ASP.NET developer support group.
Here's hoping this saves someone some cash down the road somewhere, and happy coding!
-----------------------------------------------
ISSUE:
After moving web content to a UNC share, the following error started to occur:
Configuration Error
Parser Error Message: Unverifiable assembly 'netchartdir_internal' failed policy check.
RESOLUTION:
As the content was no longer local to the machine, a code group needed to be added with sufficient permissions code from the UNC share to execute. ASP.NET permissions can only be restricted at the Application Domain level, so code-groups at any other levels that include the ASP.NET code will need to run with Full trust. The steps to configure this are:
1. From the .NET Framework 1.1 Configuration tool (Administrative Tools), expand the Runtime Security Policy section
2. Navigate to Machine\Code Groups\, right-click on All_Code, and select New to create a new code group
3. Give the code group a name, click Next
4. Select URL as the Condition type from the drop-down list
5. Specify the URL path as:
file://machine2/share/*
6. Click next. For the Permission set, specify Full Trust
7. Click next, then click finish.
Code Access Security restrictions can be added for ASP.NET by modifying the securityPolicy element in the system.web section. The different policy config files for the trust levels are specified in this section. If you want to create a custom policy file for ASP.NET, you can reference it here, with the name of the custom trust level, and the policy file to be applied. This policy file must be added to the \WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG folder
The trust level to be used is specified in <trust level element. Note that this can be included in location tag so it can be specified for individual applications.
The answer to getting answered -- faq855-2992
I'm putting this out there as sort of a knowledge base article so that the next person won't have to pay Microsoft $250 to solve the problem. There are alot of questions out there on the net with no answers.
After setting IIS (applies to both 5 & 6) to run at "A share located on another computer", rather than "A directory on this computer", a third party assembly I've been using successfully for over a year now began to throw the following configuration exception:
Unverifiable Assembly 'AssemblyName' failed policy check
The problem was that a UNC path is in a different security zone than "My Computer", but furthermore, setting "Local Intranet" and "Trusted Sites" to a "Full Trust" security policy failed to solve the problem (which I still don't completely understand, since that's the zone where my share resides, but I digress).
What eventually had to happen was to open up the .NET framework configuration utility, go under the "Runtime Security Policy" at the "Machine" level, and expand code groups.
Right click the parent code group node, and make a new code group.
Name it something (anything).
Set the definition to "URL"
Specify the url as the root of your website. In my case, it was:
Code:
file://iiscluster/wwwrootSet the new code group to be "Full Trust"
Voila. Problem solved. Please find below some more detailed descriptions of the process and some other miscellaneous information from an extremely helpful person out of their ASP.NET developer support group.
Here's hoping this saves someone some cash down the road somewhere, and happy coding!
-----------------------------------------------
ISSUE:
After moving web content to a UNC share, the following error started to occur:
Configuration Error
Parser Error Message: Unverifiable assembly 'netchartdir_internal' failed policy check.
RESOLUTION:
As the content was no longer local to the machine, a code group needed to be added with sufficient permissions code from the UNC share to execute. ASP.NET permissions can only be restricted at the Application Domain level, so code-groups at any other levels that include the ASP.NET code will need to run with Full trust. The steps to configure this are:
1. From the .NET Framework 1.1 Configuration tool (Administrative Tools), expand the Runtime Security Policy section
2. Navigate to Machine\Code Groups\, right-click on All_Code, and select New to create a new code group
3. Give the code group a name, click Next
4. Select URL as the Condition type from the drop-down list
5. Specify the URL path as:
file://machine2/share/*
6. Click next. For the Permission set, specify Full Trust
7. Click next, then click finish.
Code Access Security restrictions can be added for ASP.NET by modifying the securityPolicy element in the system.web section. The different policy config files for the trust levels are specified in this section. If you want to create a custom policy file for ASP.NET, you can reference it here, with the name of the custom trust level, and the policy file to be applied. This policy file must be added to the \WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG folder
The trust level to be used is specified in <trust level element. Note that this can be included in location tag so it can be specified for individual applications.
The answer to getting answered -- faq855-2992