I have a web client that sends a request in the form of XML to my web server. The web server creates a (rather large) file and saves it in a cached directory and returns it to the web client through the response stream. This worked fine the first couple times I tried it, but all of the sudden it stopped working and reported the following exception (wrapped in XML):
<error type="System.Security.SecurityException">
<message>Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.</message>
<stack-trace><![CDATA[ at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at Ionic.Zip.SharedUtilities.CreateAndOpenUniqueTempFile(String dir, Stream& fs, String& filename)
at Ionic.Zip.ZipFile.get_WriteStream()
at Ionic.Zip.ZipFile.Save()
at Ionic.Zip.ZipFile.Save(String fileName)
at MyApplication.UpdateItemFiles.GetUpdateContent(XDocument a_xManifest, Stream[] a_arrExtraContent) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 265
at MyApplication.UpdateItemFiles.Page_Load(Object sender, EventArgs e) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 31]]></stack-trace>
</error>
I don't know much about Code Access Security. I've even tried to give full control on the directory to Everybody. This isn't a problem as this is a development server and not a public machine. I don't understand why this would work the first couple times, but stop working now.
I'm using Visual Studio 2008 on Windows 7 64-bit for both server and client (which are the same machine). I'm using IIS 7.0 and the .Net Framework 3.5.
Edited 2010/12/13 16:05 EST:
I'm getting this error because I'm using the DotNetZip library from Codeplex. Is there a way to add an Assembly to IIS or my configuration?
Rather than modify the security settings of your ASP.NET application's user itself, I'd suggest creating a new file access application (maybe Windows service accessible via remoting, maybe WCF), that does the file access. This application can run using the context it needs for file access.
The ASP.NET application only needs to be able to talk to the file access application. This way, your concerns are separated out, security is stronger, and you don't have to worry about what account the ASP.NET app is using, or impersonating users, etc.