My customer tried to run a pre compiled web application and he gets the following exception

 

Security Exception

 

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

 

Source Error:

 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

 

Stack Trace:

  

[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

   System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0

   System.Reflection.Assembly.GetType(String name, Boolean throwOnError) +36

   System.Web.Compilation.BuildResultCompiledType.GetPreservedAttributes(PreservationFileReader pfr) +54

   System.Web.Compilation.PreservationFileReader.ReadFileInternal(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +496

   System.Web.Compilation.PreservationFileReader.ReadBuildResultFromFile(VirtualPath virtualPath, String preservationFile, Int64 hashCode) +91

   System.Web.Compilation.DiskBuildResultCache.GetBuildResult(String cacheKey, VirtualPath virtualPath, Int64 hashCode) +66

   System.Web.Compilation.BuildManager.GetBuildResultFromCacheInternal(String cacheKey, Boolean keyFromVPP, VirtualPath virtualPath, Int64 hashCode) +176

   System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp) +65

   System.Web.Compilation.BuildManager.CompileGlobalAsax() +51

   System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +337

 

Environment: Windows server 2008 R2, ASP.net 3.5 

 

This is the most common error you would get when you host your content on a UNC share. http://support.microsoft.com/?id=320268 describes the problem, resolution. However in this specific case content is not hosted on UNC share. 

 

Cause

 

This issue would happen when you download a file from Internet or Network Location, etc. Windows now preserves the zone information for file(s). This identifies where the file came from and displays appropriate warning messages, indicating you to be careful.

 

Note: Also when you copy the zip file from network location /Internet and extract the same, all the files contained in the zip file also will get this attribute set.

 

Resolution

You can resolve this issue by following any of the following methods.

Method#1 Go to the properties of precompiled dll’s, check to see if it has following security message (at the bottom of the window): "This file came from another computer and might be blocked to help protect this computer." If present, click "Unblock", "Apply" and "OK".

If you have multiple dlls in your application, you would need to perform this step to all dlls one by one.

Method#2 Run the below caspol command to resolve the issue Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url "file:////c:\mysitecontent\*" FullTrust -exclusive on

Note: Please substitute "c:\mysitecontent\*" with actual path where ASP.net pre compiled dlls are located.

Alternatively, you can use below methods to get around the issue.

To avoid the "This file came from another computer and might be blocked to help protect this computer." You can use one of the following methods depending on your scenario.

1) Move all the files to non NTFS partition i.e. FAT and move them back to NTFS partition. When you move the files to non NTFS partition, it will not maintain zone information.

2) Use the "Strems v 1.56" tool to remove streams

a. Download "Streams v1.56" from http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

b. Execute the following command from command line:

"streams -s -d directory"

3) If you have copied a zip file to your machine that has the above attribute, before you extract, just unblock the zip file( as mentioned in resolution section) and then proceed with extraction.

4) There is a Group Policy, that you can Enable to make sure zone information is not preserved.

a. Run gpedit.msc ( From Run Prompt or CMD prompt)

b. Navigate to Local Security Policy ==> User Configuration ==> Administrative Templates ==>Windows Components ==>Attachment Manager

c. Enable "Do not preserve zone information in file attachments" setting.

This will only make sure that zone information is not present for the files that you copy after the policy is enabled. For Existing files, you would still need to use one of the above methods. Also, please consult with your Administrator, Team before you enable this setting, as this might be needed for other applications and might break those, if you enable it without taking consent from Administrator(s)/your team.