Subject: Medium Trust restrictions on ASP.NET
Date: 2010-07-13 11:03:45
From: Dmitri Tchikine
Source: medium-trust-restrictions-asp-net
----------------------------------------------------------------------

What should I do if the ASP.NET application that uses Ultiple SAML fails to validate signature when deplyed in Medium Truct environment?
The same assertion validates in local ASP.NET IIS, but in medium truct, the Validate on Assertion failes, because SAML requires full truct during validation.
Below is what I get from error traces:

ComponentPro.Saml.SamlException: Unable to verify the XML signature. ---> System.Security.SecurityException: XmlResolver can be set only by fully trusted code. ---> System.Security.SecurityException: Request failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.PermissionSet.Demand()
   at System.Xml.XmlDocument.set_XmlResolver(XmlResolver value)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.PermissionSet
The demand was for:
<PermissionSet class="System.Security.NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"/>

...

The assembly or AppDomain that failed was:
UltimateSaml, Version=2.0.519.2200, Culture=neutral, PublicKeyToken=0efede2d78b28dff
The method that caused the failure was:
Boolean Validate(System.Security.Cryptography.Xml.KeyInfo, System.Security.Cryptography.Xml.SignedXml)
The Zone of the assembly that failed was:
Intranet
The Url of the assembly that failed was:
file://fs2-n01/stor1wc2dfw1/417649/originpeoplelink.crmappsondemand.com/web/content/bin/UltimateSaml.DLL
   --- End of inner exception stack trace ---
   at System.Xml.XmlDocument.set_XmlResolver(XmlResolver value)
   at System.Security.Cryptography.Xml.ExcCanonicalXml..ctor(XmlDocument document, Boolean includeComments, String inclusiveNamespacesPrefixList, XmlResolver resolver)
   at System.Security.Cryptography.Xml.XmlDsigExcC14NTransform.LoadInput(Object obj)
   at System.Security.Cryptography.Xml.SignedXml.GetC14NDigest(HashAlgorithm hash)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature()
   at ComponentPro.Saml.SignableSamlObject.Validate(KeyInfo keyInfo, SignedXml signedXml)
The Zone of the assembly that failed was:
MyComputer
   --- End of inner exception stack trace ---
   at ComponentPro.Saml.SignableSamlObject.Validate(KeyInfo keyInfo, SignedXml signedXml)
   at ComponentPro.Saml.SignableSamlObject.Validate()

---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index