Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security problem in asp.net

Status
Not open for further replies.
amzar

amzar

Programmer
Aug 5, 2008
2
IL
hi! i am trying to upload asp net web site to goddady ...the site works good locally but than i upload it and try to brows i get :

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

i understand that the application at goddady hosting run at <trust ="medium">level so it's prevents from my dal.cs to execute queries to the data base

how do i configure my classes to run at medium security level (how do i set premissions) i tried to use OdbcPermission class no succses ,i think i just do not know to work with it correctly







the dal.cs code is :

public delegate void errorWorkingOnDbHandler ( Exception e);

public class Dal

{

#region datamembers

public event errorWorkingOnDbHandler errorWorkingOnDb;

OdbcConnection connection;

OdbcCommand command;

#endregion

string cstr;

public Dal( string ConnectionStr)


{

cstr = ConnectionStr;

connection = new OdbcConnection (ConnectionStr);

}

public void OpenConection()

{



try

{

connection.Open();

}

catch ( Exception ex)

{

if (errorWorkingOnDb != null )

errorWorkingOnDb(ex);

return ;

}

}

public void CloseConection()

{



connection.Close();

}

public OdbcDataReader ExecuteReader( string SQLcommand)

{



try

{

command = new OdbcCommand (SQLcommand, connection);

return command.ExecuteReader();

}

catch ( Exception e)

{


onErrorWorkingOnDB(e);

OdbcDataReader o = null ;

return o;

}

}

public void ExecuteNonQuery( string SQLCommand)

{



try

{

command = new OdbcCommand (SQLCommand, connection);

command.ExecuteNonQuery();

}

catch ( Exception e)

{


onErrorWorkingOnDB(e);


}

}



public void onErrorWorkingOnDB( Exception e)

{





File .AppendAllText( @"c:\inetpub\ , e.Message + DateTime .Now.ToLongDateString() + " " + DateTime .Now.ToLongTimeString());

File .AppendAllText( @"c:\inetpub\ , Environment .NewLine);

if (errorWorkingOnDb != null )

{


errorWorkingOnDb(e);

}

}

public object ExecuteScalar( string SQLCommand)

{



try

{

command = new OdbcCommand (SQLCommand, connection);

return command.ExecuteScalar();

}

catch ( Exception e)

{


onErrorWorkingOnDB(e);

return null ;

}

}

public void ExecuteTransaction( params string [] SQLCommandStr)

{



OdbcCommand SQLcommand = connection.CreateCommand();

OdbcTransaction transaction = null ;

try

{

// connection.Open();

transaction = connection.BeginTransaction();

SQLcommand.Transaction = transaction;

foreach ( string CommandStr in SQLCommandStr)

{

SQLcommand.CommandText = CommandStr;

SQLcommand.ExecuteNonQuery();

}

transaction.Commit();

}

catch ( Exception e)

{

if (transaction != null )

transaction.Rollback();

if (errorWorkingOnDb != null )

errorWorkingOnDb(e);

}

finally

{

connection.Close();

}


}


}
 
Sort by date Sort by votes
the problem isn't the odbc connection the problem is where you're logging your exceptions.
c:\inetpub\ exists on you're local box (which is both the server and client when testing) but in production your website is stored somewhere totally different.

To be precise the odbc connection is failing, but the logging is throwing another exception. to swallows the odbc exception.

you cannot set a cs file to partial trust. the cs file is just text. you set the compile assembly's trust level. right now that will not make a difference.

you need to provide a way to dynamically configure the logging at runtime. The fastest solution is to use the web.config AppSettings to store the path to the log. then call ConfigurationManger.AppSettings["log.file"] for the append text.

in the future I would recommend replacing your logging code with a logging library like log4net, nlog or ent.lib. logging block.

logging the exception.message alone will not tell you where the error occured. only what the error was. You need the stack trace as well. Exceptions override the tostring properity. I would recommend exepction.ToString() instead of exception.message. this will provide the type, message and stack trace.

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
i Appreciate your help, i did what told me...now i have another error i will try to solve it (db error)...
thank you verry much!!!!!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
302
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
345
snakehips2000
snakehips2000
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
112
WIREMESH
WIREMESH
JohnB33
  • Locked
  • Question
int type causes error
Replies
0
Views
337
JohnB33
JohnB33
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
140
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top