Run in Medium Trust?

Jul 9, 2010 at 12:20 AM

Because my clients typically use GoDaddy hosting, I'm usually forced to set everything to Medium trust by adding the following to web.config:

 

<system.web>

     <trust level="Medium" originUrl=""/>

</system.web>

 

Unfortunately, this results in the following error on Validate() 

See line 30 of CaptchaValidatorAttribute.cs (var recaptchaResponse = captchaValidtor.Validate();)

Server Error in '/' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +61
System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) +147
System.Net.HttpRequestCreator.Create(Uri Uri) +26
System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) +216
System.Net.WebRequest.Create(String requestUriString) +44
Recaptcha.RecaptchaValidator.Validate() +348
MvcReCaptcha.CaptchaValidatorAttribute.OnActionExecuting(ActionExecutingContext filterContext) +342
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +47
System.Web.Mvc.<>c__DisplayClassc.<InvokeActionMethodWithFilters>b__9() +19
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +254
System.Web.Mvc.<>c__DisplayClassc.<InvokeActionMethodWithFilters>b__9() +19
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +192
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +399
System.Web.Mvc.Controller.ExecuteCore() +126
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +27
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +7
System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext) +151
System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext) +57
System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext) +7
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75



Version Information: Microsoft .NET Framework Version:2.0.50727.4927; ASP.NET Version:2.0.50727.4927

What do I need to change in order for this to run under Medium trust?

Oct 12, 2010 at 10:55 AM

where you able to find a solution to the above query

May 17, 2011 at 8:33 PM

Hi, I have the same issue with

<trust level="Medium"/>

in web.config

The problem is definitely here.

private const string VerifyUrl = "http://www.google.com/recaptcha/api/verify";
HttpWebRequest
 request = (HttpWebRequest)WebRequest.Create(VerifyUrl);

 Is anyone solved such problem?

Jul 13, 2011 at 5:38 PM

I had the same issue. Seems that WebPermission is not allowed by the Medium Trust configuration. Phil Haack has  an old post about it here.

There are two workarounds:

  • Get your host to allow WebPermission in a custom trust configuration (unlikely).
  • Use a proxy.

I use 1&1, and their help section showed exactly what I needed to put in the web.config. Worked like a charm, and was easy to implement.

Jul 13, 2011 at 8:12 PM

ismyrnow, thank you for your feedback.

There is one more workaround I found - add originUrl attribute to trust node of your Web.config file. Here it is

<trust level="Medium" originUrl="http://www\.google\.com/recaptcha/api/.*" />

enjoy :)

Jul 13, 2011 at 8:24 PM

True. I, however, wasn't able to even put the <trust> element in my web.config, because it is locked by my shared host.