System.Web.AspNetHostingPermission when using third-party assembly

When downloading third-party-product to include in your project, you can easily get this error: System.Web.AspNetHostingPermission.

When downloading third-party component to include in your project, you can easily get this error: System.Web.AspNetHostingPermission. This often occur when un-zipping files that has been downloaded from the internet. Ted wrote an article about this not long ago related to PageTypeBuilder, but I thought I would write it again since it does happen quite often. Also some background information on why it happens.

The first thing you will see is this nice error message:

  1:  Exception information: System.Security.SecurityException: 
Request for the permission of type 'System.Web.AspNetHostingPermission, System, 
  2: Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

  3: Stacktrace
  4: [SecurityException: Request for the permission of type 
  5: 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] 
  6: System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0 
  7: System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assembliesCollection, String typeName, Boolean ignoreCase) +227 
 10: System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +362 System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +64

What you want to check is if the file has been blocked, which is very common in Windows 7 and even Vista I think. This is actually a security feature so nothing wrong with that. To make the file runnable, if you trust it of course is to unblock it.

You do that by right-clicking on the file in question. Then select Properties and at the bottom of the pop-up-window you will see these options:

image

The choice to make is relatively easy, choose Unblock, then press OK!

Finally just reset the application pool and you should be out of this problem :), for now at least!

Source of the problem

For those who are interested of the source and the reason for the error. It can be found here on the blogs.msdn.com. In short it can be said that when IIS 7 was released the default Identity of the application pool was changed from Network Identity to ApplicationPoolIdentity, which can been seen in the image below. This new Identity has even greater restrictions than the Network Identity had. So if you compile a source in a different zone, than what the third-party module was, this could be a zone that doesn't have the same trust-level and therefore throws a security exception.

Other times this error message can occur

This can also be related to the level of trust that your application requires in relation to what the hosting environment is supporting. So if you are using reflexion this might cause a problem if you are not running on required trust level.

References and other tips

To find out what the error message actually comes from, read more about it here on MSDN.

Another great tip if the above mentioned doesn't work. Set the application pool to load the user profile. image

 

More about this can be found on this post. What this enables you to do, is to make it possible to isolate each application pool further. If you set it to true the application pool won't use the c:\windows\temp to store information, but will use the userprofiles temporary folder. This can be used to reduce the risk of two application pools affecting each other. More information about this on IIS.net.