Security problems with Aspose.Words in a hosted environment

Mike101 · October 2, 2022, 9:57am

I am using GoDaddy for hosting, and I am having difficulty with the Aspose.Words component. Any assistance you could provide would be greatly appreciated. Here is my code:

private static byte[] ConvertDoc(Stream FileToConvert)
{
    Aspose.Words.Document srcDoc = new Aspose.Words.Document(FileToConvert);
    MemoryStream xmlDoc = new MemoryStream();
    srcDoc.Save(xmlDoc, Aspose.Words.SaveFormat.AsposePdf);
    xmlDoc.Position = 0;
    Aspose.Pdf.Pdf destDoc = new Aspose.Pdf.Pdf();
    destDoc.BindXML(xmlDoc, null);
    destDoc.IsImagesInXmlDeleteNeeded = false;
    MemoryStream sPDF = new MemoryStream();
    destDoc.Save(sPDF);
    return sPDF.ToArray();
}

Here is the error:
Server Error in ‘/’ Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

**Exception Details:** System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.

**Source Error:**

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a “Debug=true” directive at the top of the file that generated the error. Example:

<%@ Page Language=“C#” Debug=“true” %>

or:

2) Add the following section to the configuration file of your application:

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

**Stack Trace:**

[SecurityException: Request for the permission of type ‘System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.]
``System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
``System.Security.CodeAccessPermission.Demand() +59
``System.IO.Path.GetTempPath() +54
``ᓬ.ᓫ.ቑ(Document ዾ, String م, Boolean ᓑ) +246
``⩩.⩨.ᓎ(ᗆ ᓏ) +48
``Aspose.Words.Document.Save(Stream stream, SaveFormat saveFormat) +163
``mPDF.Default.ConvertDoc(Stream FileToConvert) +204
``mPDF.Default.btnSubmit_Click(Object sender, EventArgs e) +439
``System.EventHandler.Invoke(Object sender, EventArgs e) +0
``System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
``System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
``System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
``System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
``System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
``System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
``System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
``System.Web.UI.Page.ProcessRequest() +86
``System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
``System.Web.UI.Page.ProcessRequest(HttpContext context) +49
``ASP.default_aspx.ProcessRequest(HttpContext context) +4
``System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +358
``System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

**Version Information:** Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434

Klepus · October 2, 2022, 9:58am

Hello!
Thank you for your inquiry.
When you convert a document to PDF format all images need to be saved to some folder. By default it’s the Windows temporary folder returned by System.IO.Path.GetTempPath(). In your case this function call fails due to lack of permission. You can specify temporary folder explicitly by setting SaveOptions.ExportImagesFolder property. Temporary folder can be a subfolder of the root site path. (It should exist before you run the application.) In this case try the following code:

Server.MapPath(@".\temp");
srcDoc.Save(xmlDoc, Aspose.Words.SaveFormat.AsposePdf);

Please also note that you probably need to enforce deletion of temporary images:

destDoc.IsImagesInXmlDeleteNeeded = true;

Please let us know whether this helps in your environment or not.
Regards,

Mike101 · October 2, 2022, 9:59am

Well this did help out, the conversion is getting farther now, but I am still getting an error. Here is the updated code:

private static byte[] ConvertDoc(Stream FileToConvert, string TempPath)
{
     Aspose.Words.Document srcDoc = new Aspose.Words.Document( FileToConvert );
     MemoryStream xmlDoc = new MemoryStream();
     srcDoc.SaveOptions.ExportImagesFolder = TempPath;
     srcDoc.Save( xmlDoc, Aspose.Words.SaveFormat.AsposePdf );
     xmlDoc.Position = 0;
     Aspose.Pdf.Pdf destDoc = new Aspose.Pdf.Pdf();
     destDoc.BindXML( xmlDoc, null );
     destDoc.IsImagesInXmlDeleteNeeded = true;
     MemoryStream sPDF = new MemoryStream();
     destDoc.Save( sPDF );
     return sPDF.ToArray();
}

And here is the error being generated:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

Add a “Debug=true” directive at the top of the file that generated the error. Example:

<%@ Page Language=“C#” Debug=“true” %>

or:

Add the following section to the configuration file of your application:

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:

[SecurityException: Request for the permission of type ‘System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +59
System.Environment.GetEnvironmentVariable(String variable) +66 Aspose.Pdf.PdfText.ᅭ.ᅹ() +157
Aspose.Pdf.PdfText.ۯ.ܦ(String ܧ, String ܨ, Int32 ܩ, Boolean ܪ, Boolean ܫ, String ܬ, Boolean ܭ) +488 Aspose.Pdf.Xml.ᝨ.ᝮ(Pdf Ӛ, Section ᄬ, Table Ӫ, Row ဥ, Cell ։, Text ֏, Ӷ Ԣ, ᅣ ᅍ) +2981
Aspose.Pdf.Xml.ᗤ.ᗦ(Pdf Ӛ, Section ᄬ, Table Ӫ, Row ဥ, Cell ։, Text ֏, Ӷ Ԣ, ᅣ ᅍ, Boolean ᑀ) +19373 Aspose.Pdf.Xml.ᘐ.ᘒ(Pdf Ӛ, Section ᄢ, Ӷ Ԣ) +5497
Aspose.Pdf.Xml.ݰ.Ⴠ(Pdf Ӛ) +3965 Aspose.Pdf.Xml.᧊.᧏(ӷ ش, Pdf Ӛ) +751
Aspose.Pdf.Pdf.Save(Stream stream) +537 mPDF.Default.ConvertDoc(Stream FileToConvert, String TempPath) +334
mPDF.Default.btnSubmit_Click(Object sender, EventArgs e) +471 System.EventHandler.Invoke(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213 System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18 System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) +4 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +358
``System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

Version Information: Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434

alexey.noskov · October 2, 2022, 9:56am

Hi

Thanks for your inquiry. I think the error occurs because Godaddy running the sites in Medium Trust. As I see for the stack trace you provided the error occurs in Aspose.Pdf. So you should consult with Aspose.Pdf team.
Best regards.

sangeetahuja6 · October 2, 2022, 10:00am

Could you actually use Aspose.Words for .net on Go Daddy Shared hosting ???
I am getting an exception as soon as I try to save doc as PDF.

Code

Aspose.Words.Document doc = new Aspose.Words.Document(docTemplateFileStream);
doc.Range.Replace("NAMETOBEREPLACED", name, false, true);

PdfSaveOptions saveOptions = new PdfSaveOptions();
saveOptions.TempFolder = Server.MapPath("~/TempPic");

MemoryStream docStream = new MemoryStream();
doc.Save(docStream, saveOptions); <--- Error.

Exception:

Date: 8/3/2013 12:47:16 AM Error Message: The type initializer for 'xc23bef7190ca8f55.x6412d0c71c34c05c' threw an exception. Detail: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.Environment.GetEnvironmentVariable(String variable) at xf9a9481c3f63a419.xed747ca236d86aa0.x0f5d18019ab06bc5() at xf9a9481c3f63a419.xed747ca236d86aa0.x3eaacfcf484aabf1() at xc23bef7190ca8f55.x6412d0c71c34c05c.x74f5a1ef3906e23c() at xc23bef7190ca8f55.x6412d0c71c34c05c..cctor() The action that failed was: Demand The type of the first permission that failed was: System.Security.Permissions.EnvironmentPermission The Zone of the assembly that failed was: MyComputer

awais.hafeez · October 2, 2022, 9:56am

Hi Sangeet,

Thanks for your inquiry. I think this is a server security setting issue. Aspose.Words rendering on a server will typically not work in an ASP.NET application configured to run under the Medium Trust level because it prohibits access to registry and limits access to the file system. To solve this issue you can need to specify your own folders filled with the appropriate fonts as shown below:
https://docs.aspose.com/words/net/specifying-truetype-fonts-location/

I hope, this helps.

Best regards,