Repost: Security exceptions calling a web service
I actually posted this in the security forum without much response, I thought perhaps this forum might generate a little more help.
We're getting a Reflection security exception trying to consume a web service. We're running our application from the intranet zone which is suppose to grant Reflection permission.
This exception only occurs when our control is embedded within an IE web page. The security exception does not occur when we elevate the trust for the "local intranet" group from it's default to full trust. We'd like to be able to deploy this application from within IE without any installation or administration on the client side.
I found these exceptions by switching on the option to*space
space*on the throw of exceptions in the debugger. The actual behaviour exhibitted in our control inside IE is that on an asychronous call to the web service we never receive the callback. These exceptions dont occur when the control is run from a standard winforms exe.
The first exception occurs when we construct the client to the web service. The second exception occurs after the Begin method has been called....
This seems like a bug, I'm wondering if anyone else has encountered something similiar and what they did to get around the problem.
We're a bit stuck here if anyone can help us out please do, it'd be much appreciated.....
1. Construction Exception:-
Message:
A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll
Additional information: Request for the permission of type System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
Stack Trace:
mscorlib.dll!System.Security.CodeAccessPermission::CheckDemand(System.Security.CodeAccessPermission demand) + 0x9e bytes
mscorlib.dll!System.Security.CodeAccessSecurityEngine::CheckHelper(System.Security.PermissionSet grantedSet, System.Security.PermissionSet deniedSet, System.Security.CodeAccessPermission demand, System.Security.PermissionToken permToken) + 0x1ad bytes
system.dll!System.ComponentModel.ReflectPropertyDescriptor::ShouldSerializeValue(System.Object component) + 0xeb bytes
system.data.dll!System.Data.XmlTreeGen::AddXdoProperty(System.ComponentModel.PropertyDescriptor pd = {System.ComponentModel.ReflectPropertyDescriptor}, System.Object instance = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlElement root = {System.Xml.XmlElement}, System.Xml.XmlDocument xd = {System.Xml.XmlDocument}) + 0x147 bytes
system.data.dll!System.Data.XmlTreeGen::AddXdoProperties(System.Object instance = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlElement root = {System.Xml.XmlElement}, System.Xml.XmlDocument xd = {System.Xml.XmlDocument}) + 0xbf bytes
system.data.dll!System.Data.XmlTreeGen::SchemaTree(System.Xml.XmlDocument xd = {System.Xml.XmlDocument}, System.Data.DataSet ds = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}) + 0x43d bytes
system.data.dll!System.Data.XmlTreeGen::Save(System.Data.DataSet ds = {Fusion.PortfolioInsight.Client.Data.CreditPortalWS.Privileges}, System.Xml.XmlWriter xw = {System.Xml.XmlTextWriter}) + 0x45 bytes
system.data.dll!System.Data.DataSet::System.Xml.Serialization.IXmlSerializable.GetSchema() + 0x97 bytes
system.xml.dll!System.Xml.Serialization.SerializableMapping::set_Type(System.Type value) + 0x3a bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportSpecialMapping(System.Type type, System.Xml.Serialization.TypeDesc typeDesc, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context) + 0x64 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1f7 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportAccessorMapping(System.Xml.Serialization.MemberMapping accessor, System.Xml.Serialization.FieldModel model, System.Xml.Serialization.XmlAttributes a, String* ns, System.Xml.Schema.XmlSchemaForm form, System.Type choiceIdentifierType) + 0x20f0 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportFieldMapping(System.Xml.Serialization.StructModel parent, System.Xml.Serialization.FieldModel model, System.Xml.Serialization.XmlAttributes a, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0xb2 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportStructLikeMapping(System.Xml.Serialization.StructModel model, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0x683 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1b9 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeType(System.Type type) + 0x55 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeTypes(System.Reflection.ICustomAttributeProvider provider) + 0x7b bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportStructLikeMapping(System.Xml.Serialization.StructModel model, String* ns, System.Xml.Schema.XmlSchemaForm form) + 0x8ec bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::ImportTypeMapping(System.Xml.Serialization.TypeModel model, String* ns, System.Xml.Serialization.XmlReflectionImporter.ImportContext context, String* dataType, System.Xml.Schema.XmlSchemaForm form, bool repeats) + 0x1b9 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeType(System.Type type) + 0x55 bytes
system.xml.dll!System.Xml.Serialization.XmlReflectionImporter::IncludeTypes(System.Reflection.ICustomAttributeProvider provider) + 0x7b bytes
system.web.services.dll!System.Web.Services.WebMethodReflector::IncludeTypes(System.Web.Services.Protocols.LogicalMethodInfo[] methods = {Length=51}, System.Xml.Serialization.XmlReflectionImporter importer = {System.Xml.Serialization.XmlReflectionImporter}) + 0x53 bytes
system.web.services.dll!System.Web.Services.Protocols.SoapClientType::SoapClientType(System.Type type = {"Fusion.PortfolioInsight.Client.Data.CreditPortalWS.CreditPortalService"}) + 0x213 bytes
system.web.services.dll!System.Web.Services.Protocols.SoapHttpClientProtocol::SoapHttpClientProtocol() + 0xc9 bytes
2. Exception on web service callback:-
Message:
A first chance exception of type 'System.Security.SecurityException' occurred in system.web.services.dll
Additional information: Security error.
Stack Trace:
system.web.services.dll!System.Web.Services.Protocols.WebClientAsyncResult::Complete() + 0xd8 bytes
system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ProcessAsyncResponseStreamResult(System.Web.Services.Protocols.WebClientAsyncResult client = {System.Web.Services.Protocols.WebClientAsyncResult}, System.IAsyncResult asyncResult = {System.Net.NestedSingleAsyncResult}) + 0x121 bytes
system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ReadAsyncResponseStream(System.Web.Services.Protocols.WebClientAsyncResult client = {System.Web.Services.Protocols.WebClientAsyncResult}) + 0x138 bytes
system.web.services.dll!System.Web.Services.Protocols.WebClientProtocol::ReadResponseAsyncCallback(System.IAsyncResult asyncResult = {System.Net.NestedSingleAsyncResult}) + 0xb3 bytes
system.dll!System.Net.ConnectStream::ReadCallback(System.IAsyncResult asyncResult) + 0xb1 bytes
system.dll!System.Net.Sockets.OverlappedAsyncResult::CompletionPortCallback(unsigned __int32 errorCode, unsigned __int32 numBytes, System.Threading.NativeOverlapped* nativeOverlapped) + 0xec bytes
TIA
Michael
