I have a .Net 4 site that is hosted a shared server. It works fine until I access the membership provider by trying to log in, in which I get the following error:
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
It gives me the hint that it's probably because of a trust level setting in web.config:
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Unfortunately, I can't change the trust level because the host disabled that. But I'm not sure that I really need to have FileIOPermission access because I don't think I need to write to the file system.
My Membership Provider is an override of the default MembershipProvider with nothing out of the ordinary that would write to a file that I'm aware of. The changes made were just adding some parameters to the Users table.
So is there a way to disable the need for FileIOPermission?
Stack Trace:
[SecurityException: Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission
cap, StackCrawlMark& stackMark) +31
System.Security.CodeAccessPermission.Demand() +46
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share,
Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs,
String msgPath, Boolean bFromProxy, Boolean useLongPath) +597
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +83
System.Configuration.Internal.InternalConfigHost.StaticOpenStreamForRead(String
streamName) +79
System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String
streamName, Boolean assertPermissions) +124
System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String
streamName) +10
System.Configuration.Internal.DelegatingConfigHost.OpenStreamForRead(String
streamName) +13
System.Configuration.UpdateConfigHost.OpenStreamForRead(String
streamName) +38
System.Configuration.BaseConfigurationRecord.InitConfigFromFile()
+450
Are you accessing the Web.Config at all from your code? See this answer: https://stackoverflow.com/a/2488591/69742 on how to access it without throwing a FileIOPermissionException