Medium Trust restrictions on ASP.NET - ComponentPro Scam Archive

Subject: Medium Trust restrictions on ASP.NET
Date: 2010-07-13 11:03:45
From: Dmitri Tchikine
Source: medium-trust-restrictions-asp-net
----------------------------------------------------------------------

What should I do if the ASP.NET application that uses Ultiple SAML fails to validate signature when deplyed in Medium Truct environment?

The same assertion validates in local ASP.NET IIS, but in medium truct, the Validate on Assertion failes, because SAML requires full truct during validation.

Below is what I get from error traces:



ComponentPro.Saml.SamlException: Unable to verify the XML signature. ---> System.Security.SecurityException: XmlResolver can be set only by fully trusted code. ---> System.Security.SecurityException: Request failed.

   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)

   at System.Security.PermissionSet.Demand()

   at System.Xml.XmlDocument.set_XmlResolver(XmlResolver value)

The action that failed was:

Demand

The type of the first permission that failed was:

System.Security.PermissionSet

The demand was for:

<PermissionSet class="System.Security.NamedPermissionSet"

version="1"

Unrestricted="true"

Name="FullTrust"/>



...



The assembly or AppDomain that failed was:

UltimateSaml, Version=2.0.519.2200, Culture=neutral, PublicKeyToken=0efede2d78b28dff

The method that caused the failure was:

Boolean Validate(System.Security.Cryptography.Xml.KeyInfo, System.Security.Cryptography.Xml.SignedXml)

The Zone of the assembly that failed was:

Intranet

The Url of the assembly that failed was:

file://fs2-n01/stor1wc2dfw1/417649/originpeoplelink.crmappsondemand.com/web/content/bin/UltimateSaml.DLL

   --- End of inner exception stack trace ---

   at System.Xml.XmlDocument.set_XmlResolver(XmlResolver value)

   at System.Security.Cryptography.Xml.ExcCanonicalXml..ctor(XmlDocument document, Boolean includeComments, String inclusiveNamespacesPrefixList, XmlResolver resolver)

   at System.Security.Cryptography.Xml.XmlDsigExcC14NTransform.LoadInput(Object obj)

   at System.Security.Cryptography.Xml.SignedXml.GetC14NDigest(HashAlgorithm hash)

   at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)

   at System.Security.Cryptography.Xml.SignedXml.CheckSignature()

   at ComponentPro.Saml.SignableSamlObject.Validate(KeyInfo keyInfo, SignedXml signedXml)

The Zone of the assembly that failed was:

MyComputer

   --- End of inner exception stack trace ---

   at ComponentPro.Saml.SignableSamlObject.Validate(KeyInfo keyInfo, SignedXml signedXml)

   at ComponentPro.Saml.SignableSamlObject.Validate()




----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index