Security Exception, AspNetHostingPermission Error ...

Problem

You get this error when running your application:

Security Exception

Description:  The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission, please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request failed.

When using Microsoft SharePoint

This error can occur when your server runs Microsoft SharePoint Services.  Try disabling the SharePoint service and make sure your server is running .NET Framework 1.1 or 2.0.

Please also review:

http://blogs.msdn.com/pandrew/archive/2004/05/09/128569.aspx

If you are not running SharePoint, then this issue reflects the security policy of your computer.

Virtual Directory on Microsoft IIS is not set to allow anonymous access

See Virtual Directory on Microsoft IIS Does Not Allow Anonymous Access for instructions on allowing anonymous access.

The ASPNET user is not configured properly

Check to make sure the ASPNET account has permissions to the folder containing your application.  Your ASPNET user needs full permissions in order for your application to run properly.

See ASP.NET User Does Not Have Permissions to Your Application Folder for instructions on granting access permissions.

Application properly deployed

Make sure that you have followed the instructions in Part VI:  Deploying Applications Into Production.

Running under medium trust level in .NET

This condition frequently arises when ASP hosting providers run under .NET’s ‘medium trust’ level.  Update your .NET Framework’s Web.config file to permit operation under the ‘medium trust’ level.  This Web.config file is not the same as your application’s Web.config file.  It is typically located in your .NET Framework’s installation folder, e.g.:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config

Here is an example of an updated Web.config file set to allow ‘medium trust’ operation:

<location allowOverride="true">

<system.web>

<securityPolicy>

<trustLevel name="Full" policyFile="internal" />

<trustLevel name="High" policyFile="web_hightrust.config" />

<trustLevel name="Medium" policyFile="web_mediumtrust.config" />

<trustLevel name="Low" policyFile="web_lowtrust.config" />

<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />

</securityPolicy>

<trust level="Medium" originUrl="" />

</system.web>

</location>

Check event viewer

Look in the Event Viewer on the machine, specifically at the Application section.  If you see multiple errors or warnings within a short period of time, look at the first one to see the root cause.  Sometimes errors have a cascading impact, so always looking at the first one will give you information about the root cause.

See Also

Part VII:  Troubleshooting Applications

Application Will Not Run

Application Runs But No Data is Displayed

Application Error Messages