Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Partially Trusted Callers error - even with FullTrust given!

Status
Not open for further replies.
zenenigma

zenenigma

Programmer
Apr 23, 2001
119
US
Background:

My team has a web app that is used by dozens of client companies. Our latest version includes a .NET assembly used for encryption/transfer. Our installation includes an executable that allows the client to enter a server site name and it will add full trust to that site on the client PC.

Usually when there is an error it's one of the following:

- They don't have enough admin rights to add (not machine level)
- Incorrect spelling of site
- They added multiple entries for the same site


However today I was working with one that has me baffled. From my workstation - I am able to access the client server and download the assembly without issue, so it doesn't seem to be a server configuration issue.

I've checked his caspol, the entry looked identical to my own when i successfully connected. The site is listed in his IE Trusted sites as well (even though he's on IE6 and it shouldn't need it to be). I've tried the following:

- Had him reset caspol and add the code group entry for the site
- Had him remove the site code group entry and add a caspol entry that gives "FullTrust" to the "Trusted" sites IE zone (works with other clients).
- Had him close out of IE every time we make a change and attempt to re-enter the part of our web app that requires the assembly download.

Every time he attempts to access the area where the assembly would download he gets the old "Object doesn't support this property or method" error. I have him check his fusion bind errors in IE history and it tells him that the "assembly does not allow partially trusted callers".

BTW, allowing partially trusted callers is not an option. I have hundreds of users as dozens of locations using this same setup - so I don't believe it is a code issue.


Are there IE security settings that would prohibit .NET from looking at the caspol settings?

He's having to work around the group policy that runs every few hours to change settings. But doing a "caspol -lg" lists the machine level code entries correctly.

I realize it could be some kind of firewall issue at the client location, but we haven't run into that type of thing yet.

Any help would be appreciated.

-ZE

 
Sort by date Sort by votes
Thanks for the reply.

Yes I've seen that error message plenty of times. In our most recent version of our project we've actually trapped it and have a more descriptive error (".NET Security settings may not be properly set"). I believe the more telling clue is the "Partially Trusted Callers" FusionBind errors.

The "partially trusted callers" message I see in the fusion bind errors I've seen before. But to this point only when an IE7/IE8 user has their caspol entry correctly configured, but are missing the site from their IE "Trusted Sites" zone.


 
Upvote 0 Downvote
you stated this particular user was running IE6. do other users running IE6 have this problem? if so it may be specific to IE6, if not it's specific to the user.

I am confused about getting "partially trusted callers" exceptions on the client machine. usually asp.net apps are server based. the client is dealing strictly with html, css and js. the .net errors occur on the server not the client.

If the user is running IE6 what is the version of IIS? this may also be a factor.

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190
faq732-7259
 
Upvote 0 Downvote
Thanks for the reply.

I'm not sure which version of IIS - I'll see if I can find out.

The client encountering the error hitting this particular site is using IE6. In our office we have connected to the same site using both IE6 and IE7 and not run into the error.

As for where the errors should be occurring (client/server) - your guess is as good as mind. I stumbled upon the fusion bind suggestion when searching forums to resolve a previous issue.

On the clients PC a Fusion Bind Error in the Temporary Internet Files folder has helped me narrow down issues in the past. Last week it contained a "More than one exclusive group is not allowed" message that helped me determine the problem was with multiple caspol codegroups conflicting.

I'm going to work with the client tomorrow to determine his version of IIS, etc so I can have more info to show.

Any further help/suggestions from anyone would be great.
 
Upvote 0 Downvote
Just as a follow up - we were able to determine the issue.

Evidently the client had an enterprise level code policy that was level final - so it wouldn't even look at the machine level policy. We had the client add our code policy to the enterprise and it worked perfectly.

So that is now going into our troubleshooting guide in case this nastiness pops up again.

Thanks jmeckley for your help.

-ZE
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
364
gmmastros
gmmastros
JohnB33
  • Locked
  • Question
int type causes error
Replies
0
Views
303
JohnB33
JohnB33
weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
347
weberm
weberm
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
130
jbenson001
jbenson001
baran121
  • Locked
  • Question
Sending data with bluetooth on webproject
Replies
1
Views
123
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top