Security problem with UploadHttpModule in Web.config

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Security problem with UploadHttpModule in Web.config

Jon Gard
If I test my site locally with a medium trust everything works fine. When I uploade the site to networksloutins I get a security error and it is from the  add name "UploadHttpModule" in <httpModules> im my web.config. I called NS and they say no need for them to add the dll to the GAC, it should work fine. Am I missing something?
Reply | Threaded
Open this post in threaded view
|

Re: Security problem with UploadHttpModule in Web.config

Dean Brettle
Administrator
You aren't missing anything.  Network Solutions does need to add the dll to the GAC (or otherwise configure their installation to trust it) in order for it to work under medium trust.  They probably think that they don't need to add it to the GAC because many 3rd-party components will work under medium trust without installing them in the GAC.  However, that is not the case for NeatUpload or any other ASP.NET component that can display upload progress without Flash.  To access the upload while it is occuring, upload progress controls needs the UnmanagedCode permission, which is only available to fully trusted assemblies like those in the GAC. 

I assume to get your site working locally under medium trust, you needed to add the dll to the GAC.  Correct?

Feel free to point Network Solutions to this thread or have them email me (dean at brettle dot com) if they have questions.

--Dean