.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Easy Web
Imran Ghani
Post New Web Links

Application attempted to perform an operation not allowed by the security policy - medium level trus

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :ASP.Net
 

Sorry about posting this one here but not sure where else to place it, I've read a number of other threads on this but none seem to give the answer I'm looking for...

 

I have done something very simple, added a SqlDataSource ScriptManager and AJAX Update Panel. My database is currently inside App_Data folder.

 

When I run the page I get the following error:

 

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

 

 

Now in the Web.Config file I have set       <trust level="Medium"/>

 

but I don't want to change this because when deployed it is unlikely that I will be able t


View Complete Post


More Related Resource Links

WSS 3.0 FBA Security Issue with "Full Control" in "Policy for Web Application "

  

I just set up form based authentication using Active Directory.  I set the following parameters in the web.config:

  <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://mydomain.com/DC=mydomain,DC=com" />
  </connectionStrings>

    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName"/>
      </providers>

I then open the central admin, select “Policy for Web Application”...and I add the users that I want to give access from the outside.  So I grant “Full Control” and my problem arose:

When I give the user “full control” access....they can now see everything across the entire sharepoint site?

Where are all the windows permissions I set across SharePoint?

In other words, mydomain\user1 ha

Unable to read the security policy file for trust level 'WSS_Minimal' after editing 'Alternate Ac

  

Hi,

This is my first post, so I hope that I have picked the correct forum - it seemed the most appropriate.
I am pretty green when it comes to SharePoint admin, but as it was going so well I got a bit over-confident and tried out the 'Alternate Access Mapping'.  I didn't intend to save any changes, but I must have, because now under:

Central Administration > Operations > Alternate Access Mappings >
Edit Public Zone URLs

the 'Default' is "http://<myServer> : <port>"

and afaik there was no setting there before.  Unfortunately, I can no longer connect to http://myServer : port, although I can connect to the 'Central Administration' site on http://myServer : otherPort.  Apologies in advance for the data dump below, but if anyone has any suggestions on what I could've done (or even better what I could do to fix it before tomorrow :-) I would be very grateful.

Here are the errors that I saw/see in the browser:

Attempted to perform an unauthorized operation Error when customizing theme of a new site

  

I am just trying to change the color of the site.  when I click apply, i get this error.

 

Error

Attempted to perform an unauthorized operation.

 

Troubleshoot issues with Microsoft SharePoint Foundation.

Correlation ID: 6164e755-f413-4e3b-a79b-be7bf7739f42

Date and Time: 11/23/2010 1:18:20 PM

 

Any help will be greatly appreciated


ToggleDebugCompilation fails trying to perform "an unauthorised operation"

  

Hi,

We're having a problem with the Visual Studio 2008 RTW version of the web deployment projects on a colleagues machine. The project works fine if I run it on my machine, but when he tries to run it on his machine he gets:

<SNIP : Most output removed>
  Task "Exec"
    Command:
    if exist ".\TempBuildDir\" rd /s /q ".\TempBuildDir\"
  Done executing task "Exec".
  Using "ToggleDebugCompilation" task from assembly "C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.Tasks.dll".
  Task "ToggleDebugCompilation"
    Updating Web.config <compilation> element debug attribute to 'True'.
    C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(639,7): error : Attempted to perform an unauthorized operation.
    C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(639,7): error MSB4018: The "ToggleDebugCompilation" task failed unexpectedly.
    C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(639,7): error MSB4018: System.ArgumentNullException: Parameter "message" cannot be null.
    C:\Program Files\MSBuild\Microsoft\WebDeployment

PIAB And WCF: Integrating the Policy Injection Application Block with WCF Services

  

Using the PIAB you can enhance WCF services with policies such as validation, performance monitoring, authorization and caching without having to change a line of code.

Hugh Ang and David San Filippo

MSDN Magazine February 2008


WSE Security: Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0

  

This article describes the WSE policy framework, which allows you to describe constraints and requirements a Web service must enforce. Discussions include security scenarios in WSE 3.0 and extending the framework with custom constraints and requirements.

Tomasz Janczuk

MSDN Magazine February 2006


Testing: Perform Code Coverage Analysis with .NET to Ensure Thorough Application Testing

  

When running your tests how do you know which parts of your product code are actually executed and tested? This article presents a complete system called Fundamental Function code coverage that operates at the method level. The author gives an overview of the system so you can understand code coverage principles, explains the key parts of the underlying code, and discusses how code coverage fits into the overall product development cycle. After reading this article you will be able to perform code coverage analysis on any .NET software system.

James McCaffrey

MSDN Magazine April 2004


ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S

  

The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004


Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets

  

As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003


Security in .NET: The Security Infrastructure of the CLR Provides Evidence, Policy, Permissions, and

  

The common language runtime of the .NET Framework has its own secure execution model that isn't bound by the limitations of the operating system it's running on. In addition, unlike the old principal-based security, the CLR enforces security policy based on where code is coming from rather than who the user is. This model, called code access security, makes sense in today's environment because so much code is installed over the Internet and even a trusted user doesn't know when that code is safe.In this article, Don Box explains how code access security works in the CLR. He discusses the kinds of evidence required by policy, how permissions are granted, and how policy is enforced by the runtime.

Don Box

MSDN Magazine September 2002


Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET

  

Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002


Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr

  

This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000


Error "user does not have permission to perform this operation" with User Instance = True.

  

I setup SQL Server 2005 / SQL Express. All works fine in SQL Server 2005.

I am connecting to a SQL Database from VS 2005,  Tools/Connect to Database. I set the Data Source to "Microsoft SQL Server Database File (SqlClient)" (meaning SQL Server Express) and User Instance = True, and Integrated Security = True.

The above is working successfully on all machines except my Laptop. On my Laptop, I am getting this error "user does not have permission to perform this operation". On my Laptop, if I change User Instance = False, it works fine. Also, If I connect to SQL Server 2005 it works fine only if User Instance = False.

I tried all kind of security changes, nothing worked. For example, I setup Everyone as Full Control for the Folder and the MDF File of SQL Server. I gave my user ID as sysadmin role in SQL Server Express. Also, I enabled creating User Instance form SQL Server Express, Nothing is working.

Appreciate your help.

Tarek.


Can not perform this operation.The file is no longer checked out or has been deleted?

  
In my sharepoint designer 2007, when I try to check in a file, it give me the following errors:

Can not perform this operation.The file is no longer checked out or has been deleted.

Please advise me how to fix this problem?

Thanks.

Password / Application Security.

  

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?


Error "user does not have permission to perform this operation" with User Instance = True.

  
I setup SQL Server 2005 / SQL Express. All works fine in SQL Server 2005. I am connecting to a SQL Database from VS 2005,  Tools/Connect to Database. I set the Data Source to "Microsoft SQL Server Database File (SqlClient)" (meaning SQL Server Express) and User Instance = True, and Integrated Security = True. I am using Windows Authentication mode in SQL Server Express. The above is working successfully on all machines except my Laptop. On my Laptop, I am getting this error "user does not have permission to perform this operation". On my Laptop, if I change User Instance = False, it works fine. Also, If I connect to SQL Server 2005 it works fine only if User Instance = False. I tried all kind of security changes, nothing worked. For example, I setup Everyone as Full Control for the Folder and the MDF File of SQL Server. I gave my user ID as sysadmin role in SQL Server Express. Also, I enabled creating User Instance form SQL Server Express, Nothing is working. I am already added to the Administrator Group locally on my Laptop. Still same problem. Checked this article: http://msdn.microsoft.com/en-us/library/ms254504.aspx, same problem. I enabled User Instances and also tried to Disable User Instances. When I disable user instances, and then try to connect from VS, I get a different error, which is asking to enable user instances.

Managing business object locks on application level

  
Today I worked out simple application side object locking solution for one server scenario. My motivation came from ASP.NET architecture forum thread How to solve concurrent site issue where one user asks for locking solution that works without changing database. Here is my simple and primitive solution that should help this guy out. I added also sample solution to this posting. My solution is simple: Create class for locked items. Create manager class that holds locks and manages them. Clear locks when session ends. Create page to release all locks. If you need something more serious then you should keep locks information in database or better than that - use some lock server. Also you may consider developing WCF service. LockItem class As a first thing let's create class that keeps lock information. I call this class as LockItem. This class doesn't hold references to locked objects - only type and ID as there are many business layers that doesn't use globally unique identifiers for objects. public class LockItem {     public Type ObjectType { get; set; }     public int ObjectId { get; set; }     public string SessionId { get; set; }     public DateTime LockedAt { get; set; } } LockItem class also contains property for session because otherwise it is not possible to kno
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend