I am bringing up my first asp web site and running into security issues, specifically, a SecurityException when I try to create a text file in App_Data from my code.
After going back and forth with my web hosting tech support, it developed that my host will only allow a trust level of "medium", and I am not permitted to change it (the host is godaddy but that does not matter). I am further told that what I want to do is legal under the host configuration (I hope so, I ain't asking for much), but that I need to change the *app* to conform to the *server's* security policy. The question is, how to do that? I have already been here with my web.config:
<system.web><trust level="medium"></trust></system.web>
My host barks at this and tells me I am not allowed to change trust levels in the server, which is what I am doing.
So, how to change the trust level in the app?
Here is some debug spew from the exception:
"The application attempted to perform an operation
not allowed by the security policy. To grant this application the required permission please contact your system administrator or
change the application's trust level in the configuration file. "
[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +644
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) +65
System.IO.StreamWriter.CreateFile(String path, Boolean append) +62
System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) +58
System.IO.StreamWriter..ctor(String path, Boolean append) +33
System.IO.File.CreateText(String path) +37
_Default.SaveUserInfo() +65
_Default.Page_Load(Object sender, EventArgs e) +13
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) in App_Web_mu23d-ig.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75