Same security issue

mkaiser · January 3, 2006, 4:53am

Dear Support team,

we are facing the same security issue as discussed in this threat. But unfortunatly our provider refuses to add the dll to the CAS policy.

Is there another way getting the componente to work? We are using the Excel and Pdf components.

Thanks for feedback,
Manfred Kaiser

forever · January 3, 2006, 6:31am

Dear Manfred,

Thank you for considering Aspose.

Do you have the same problem for Aspose.Excel? Can you please provide the code and exception message?

mkaiser · January 3, 2006, 7:12am

Dear Tommy,

the following code is used to generate the Excel file:

Aspose.Excel.License license2 = new Aspose.Excel.License();
license2.SetLicense("Aspose.Custom.lic");

ExcelDesigner designer = new ExcelDesigner();

designer.Open(Server.MapPath(System.Configuration.ConfigurationSettings.AppSettings.Get("OfflineOrderLogTemplate")));

designer.SetDataSource(OrderLog);

designer.SetDataSource("ExtractDate",DateTime.Now);

designer.Process();

// *** Send file to client

Response.Clear();

designer.Excel.Save("OfflineOrderLog.xls",Aspose.Excel.SaveType.OpenInBrowser,Aspose.Excel.FileFormatType.Default,Response);

Response.End();

The server returns the following error message:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: System.Security.Permissions.SecurityPermission

This happens already on creating an object from the ExcelDesigner or Excel class without saving doing anything else with the object. Same for Pdf.

We made some testings on the web server settings on our DEV. If we change the machine.config trust entry to the component throws the above exception, on level Full it works fine. Unfortunatly our provider refused to change this setting in the machine.config.

Thanks,
Manfred

Laurence · January 3, 2006, 5:57pm

Hi Manfred,

Aspose.Excel calls some win32 APIs. I think this forces our component to run under full trust environment. You can write a simple dll to call a win32 api and assign "Medium" trust level to see if this dll fails.

KevinZuo · January 3, 2006, 10:56pm

Thanks for considering Aspose.

I'm sorry to tell u that Aspose.Pdf.Kit do need a Full trust level to be allowed to perform operations at present. If you can't get the way to satisfy the condition, unfortunatly it can't work around.