Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Missing required tag <CodeGroup>

161 views
Skip to first unread message

Trapulo

unread,
Feb 8, 2010, 7:27:01 AM2/8/10
to
I have this error, calling every aspx file, when I switch the app pool from
64 to 32 bit.
I've tested the same web site on an other similar server, and I haven't any
error, so I think there is something wrong on the server config, but I can
understand what. I have many other web sites, 64 and 32 bit, and they run
without problem.
I've tried to switch to full trust the web site, but still the same.

someone can help me?
I'm running Win Server 2008 x64

thanks

System.ArgumentException: Invalid XML. Missing required tag <CodeGroup> for
type 'System.Security.Policy.PolicyLevel'


[ArgumentException: Invalid XML. Missing required tag <CodeGroup> for type
'System.Security.Policy.PolicyLevel'.]
System.Security.Policy.PolicyLevel.FromXml(SecurityElement e) +1350
System.Security.SecurityManager.LoadPolicyLevelFromStringHelper(String
str, String path, PolicyLevelType type) +207
System.Security.SecurityManager.LoadPolicyLevelFromString(String str,
PolicyLevelType type) +37
System.Web.HttpRuntime.CreatePolicyLevel(String configFile, String
appDir, String binDir, String strOriginUrl, Boolean& foundGacToken) +420
System.Web.HttpRuntime.SetTrustLevel(TrustSection trustSection,
SecurityPolicySection securityPolicySection) +8922526
System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags)
+186

[HttpException (0x80004005): Invalid XML. Missing required tag <CodeGroup>
for type 'System.Security.Policy.PolicyLevel'.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8894031
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +85

System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +333

Alexey Smirnov

unread,
Feb 8, 2010, 8:18:00 AM2/8/10
to

It sounds like it's an error with Code Access Security configuration
(CAS). CAS is used to protect application by restricting the resources
the application can access and the privileged operations it can
perform. For example, if you need to run a component with a full trust
(high privileges), then you need to add an entry in its security
configuration file (web.config, or other *.config) to grant full trust
to its assembly. If you don't know what all this about, then check if
other ASP.NET sites are working, it's either somethig wrong with your
application, or you did install something recently.

Message has been deleted

Trapulo

unread,
Feb 8, 2010, 11:17:01 AM2/8/10
to

"Alexey Smirnov" wrote:

> It sounds like it's an error with Code Access Security configuration
> (CAS). CAS is used to protect application by restricting the resources
> the application can access and the privileged operations it can
> perform. For example, if you need to run a component with a full trust
> (high privileges), then you need to add an entry in its security
> configuration file (web.config, or other *.config) to grant full trust
> to its assembly. If you don't know what all this about, then check if
> other ASP.NET sites are working, it's either somethig wrong with your
> application, or you did install something recently.

> .
>

Yes, I know CAS. However this is just a "stupid" web sites, with some aspx
an not other. No dll, no bin, etc. I've tried a full trust with a simple page
aspx without code (and without web.config), and still this error.
I've a lot of other Webs on this server, with x64 or x86 threads, and all
they are working well.

Is there any way to know whitch is the file where it finds this "error"?

thanks


Alexey Smirnov

unread,
Feb 8, 2010, 1:18:35 PM2/8/10
to

Check if asp.net has been correctly registered for this website. Try
aspnet_regiis or similar

Vince Xu [MSFT]

unread,
Feb 12, 2010, 12:56:59 AM2/12/10
to
Hi,

Did you resolve this issue? I didn't see your response for a time.

--
Sincerely,

Vince Xu

Microsoft Online Support

Trapulo

unread,
Feb 12, 2010, 11:31:06 AM2/12/10
to
On 12/02/2010 6.56, Vince Xu [MSFT] wrote:
> Hi,
>
> Did you resolve this issue? I didn't see your response for a time.
>

No: it seems all ok either on the Web server, (all other sites running with
same settings) and on ther Web Site (running on an other similar serer).. :(

I cannot find what configuration has an error in ASP.NET environment,
according to the error message it reports.

Trapulo

unread,
Feb 14, 2010, 12:30:01 PM2/14/10
to

"Vince Xu [MSFT]" wrote:

> Hi,
>
> Did you resolve this issue? I didn't see your response for a time.
>

I've found.
In fact I had an xml syntax error in my custom trust.config file. I didn't
notice that, because all webs that I run in 32 bit mode are classic asp and
not aspx. However there is a trouble with IIS admin that make difficult to
find this. If I swtich app pool to 32 bit, ASP.NET uses the config file under
\framework and not under \framework64 folder. But if I change trust mode to
full, as diagnostic test, the console will update the web.config file in the
64 bit folder (with a location tag), and my selection will not be used! The
32 bit aspnet Web will run with standard trust setting.

Now I've a last trouble: this Web site requires an OLEDB connection. I've
allowed it in my medium-custom trust config file, as described here:
http://msdn.microsoft.com/en-us/library/ms998341.aspx#paght000020_oledbpermission

But running the site still have an error that reports that OLEDB is not
allowed ... :(
What can be?

thanks

Vince Xu [MSFT]

unread,
Feb 15, 2010, 3:22:17 AM2/15/10
to
Hi,

It looks still the permisstion of OLED. Could you please post the entire
information of the error you got?

--
Regards,
Vince
Microsoft Support Online

--------------------
| Thread-Topic: Missing required tag <CodeGroup>
| thread-index: Acqtm1a2lWTecqt6RLWuND/i67I6sg==
| X-WBNR-Posting-Host: 88.149.225.73
| From: Trapulo <nonscr...@nospam.nospam>
| References: <BABB653C-94BF-43B7...@microsoft.com>
<956afb24-1927-4ed4...@b10g2000yqa.googlegroups.com>
<940A855F-9059-44FC...@microsoft.com>
<55mf3g6q...@TK2MSFTNGHUB02.phx.gbl>
| Subject: Re: Missing required tag <CodeGroup>
| Date: Sun, 14 Feb 2010 09:30:01 -0800
| Lines: 35
| Message-ID: <897D9A7A-F230-427D...@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:96443
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Trapulo

unread,
Feb 15, 2010, 12:17:58 PM2/15/10
to
On 15/02/2010 9.22, Vince Xu [MSFT] wrote:
> Hi,
>
> It looks still the permisstion of OLED. Could you please post the entire
> information of the error you got?
>

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the
permission of type 'System.Data.OleDb.OleDbPermission, System.Data,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.


It seems that OleDB is not permitted, but I'm sure the config file has
permission defined as I read in that page, and I'm sure that ASP.NET is
using that file (I tried to insert an XML error, and the page reported that
error).

thanks

Vince Xu [MSFT]

unread,
Feb 17, 2010, 2:17:08 AM2/17/10
to
Hi,

What's trust level you set in web.config. Did you give it Full Trust?

<system.web>
<trust level="Full" />
</system.web>

Please make sure you used relative reference for the datasource file,
instead of an absolute reference.

Alexey Smirnov

unread,
Feb 17, 2010, 4:27:44 AM2/17/10
to
On Feb 14, 6:30 pm, Trapulo <nonscrive...@nospam.nospam> wrote:
> "Vince Xu [MSFT]" wrote:
> > Hi,
>
> > Did you resolve this issue? I didn't see your response for a time.
>
> I've found.
> In fact I had an xml syntax error in my custom trust.config file. I didn't
> notice that, because all webs that I run in 32 bit mode are classic asp and
> not aspx. However there is a trouble with IIS admin that make difficult to
> find this. If I swtich app pool to 32 bit, ASP.NET uses the config file under
> \framework and not under \framework64 folder. But if I change trust mode to
> full, as diagnostic test, the console will update the web.config file in the
> 64 bit folder (with a location tag), and my selection will not be used! The
> 32 bit aspnet Web will run with standard trust setting.
>
> Now I've a last trouble: this Web site requires an OLEDB connection. I've
> allowed it in my medium-custom trust config file, as described here:http://msdn.microsoft.com/en-us/library/ms998341.aspx#paght000020_ole...

>
> But running the site still have an error that reports that OLEDB is not
> allowed ... :(
> What can be?
>
> thanks

Glad it works now for you, I thought it must be something like this.

Regarding your new problem. It seems you are running in medium trust
and your app only has permission to read, write, etc. in its own
directory only. Where is your database located? Check what you have C:
\WINDOWS\Microsoft.NET\Framework\xxx\CONFIG for .NET, you'll see
something like this

<IPermission
class="FileIOPermission"
version="1"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>

This is where you have an access for oledb.
For more please read http://msdn.microsoft.com/en-us/library/ms998341.aspx#paght000020_oledbpermission

Hope this helps

Trapulo

unread,
Feb 23, 2010, 7:16:27 AM2/23/10
to
On 17/02/2010 8.17, Vince Xu [MSFT] wrote:
> Hi,
>
> What's trust level you set in web.config. Did you give it Full Trust?
>
> <system.web>
> <trust level="Full" />
> </system.web>
>
> Please make sure you used relative reference for the datasource file,
> instead of an absolute reference.
>

Sure not full! As I write, I'm using a custom medium level defined as
described in msdn.


Here's my runing config.

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition"
Description="System.Security.Policy.AllMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission"
Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="DnsPermission"
Description="System.Net.DnsPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission"
Description="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission"
Description="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup"
Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission"
Description="System.Security.Permissions.IsolatedStorageFilePermission,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet"
Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="PrintingPermission"
Description="System.Drawing.Printing.PrintingPermission, System.Drawing,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="SecurityPermission"
Description="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SmtpPermission"
Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission"
Description="System.Data.SqlClient.SqlClientPermission, System.Data,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition"
Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UIPermission"
Description="System.Security.Permissions.UIPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup"
Description="System.Security.Policy.UnionCodeGroup, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition"
Description="System.Security.Policy.UrlMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission"
Description="System.Net.WebPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition"
Description="System.Security.Policy.ZoneMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ReflectionPermission"
Description="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OleDbPermission"
Description="System.Data.Oledb.OleDbPermission, System.Data,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>

<NamedPermissionSets>
<PermissionSet class="NamedPermissionSet" version="1"
Unrestricted="true" Name="FullTrust" Description="Allows full access to all
resources"/>
<PermissionSet class="NamedPermissionSet" version="1" Name="Nothing"
Description="Denies all resources, including the right to execute"/>
<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
<IPermission class="AspNetHostingPermission" version="1" Level="Medium"/>
<IPermission class="DnsPermission" version="1" Unrestricted="true"/>
<!--
<IPermission class="EnvironmentPermission" version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"/>
-->


<IPermission class="FileIOPermission" version="1" Read="$AppDir$"
Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>

<IPermission class="IsolatedStorageFilePermission" version="1"
Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807"/>
<!--
<IPermission class="PrintingPermission" version="1"
Level="DefaultPrinting"/>
-->
<IPermission class="SecurityPermission" version="1" Flags="Assertion,
Execution, ControlThread, ControlPrincipal, RemotingConfiguration"/>
<IPermission class="SmtpPermission" version="1" Access="Connect"/>
<IPermission class="SqlClientPermission" version="1"
Unrestricted="true"/>
<IPermission class="WebPermission" version="1" Unrestricted="true">
<!--
<ConnectAccess>
<URI uri="$OriginHost$"/>
</ConnectAccess>
-->
</IPermission>
<IPermission class="ReflectionPermission" version="1"
Flags="RestrictedMemberAccess"/>
<IPermission class="OleDbPermission" version="1" Unrestricted="true"/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup class="FirstMatchCodeGroup" version="1"
PermissionSetName="Nothing">
<IMembershipCondition class="AllMembershipCondition" version="1"/>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1"
Url="$AppDirUrl$/*"/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1"
Url="$CodeGen$/*"/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition class="ZoneMembershipCondition" version="1"
Zone="MyComputer"/>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust" Name="Microsoft_Strong_Name" Description="This
code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust" Name="Ecma_Strong_Name" Description="This code
group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1" PublicKeyBlob="00000000000000000400000000000000"/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>


Vince Xu [MSFT]

unread,
Feb 25, 2010, 4:22:28 AM2/25/10
to
Hi,

This error refers to the Full trust deplyment. I'm not sure you can use
medium level to resolve it.


Regards,

Vince Xu

Microsoft Online Support

--------------------
| Date: Tue, 23 Feb 2010 13:16:27 +0100
| From: Trapulo <nonscr...@nospam.nospam>
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7)
Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1
| MIME-Version: 1.0


| Subject: Re: Missing required tag <CodeGroup>
| References: <BABB653C-94BF-43B7...@microsoft.com>
<956afb24-1927-4ed4...@b10g2000yqa.googlegroups.com>
<940A855F-9059-44FC...@microsoft.com>
<55mf3g6q...@TK2MSFTNGHUB02.phx.gbl>

<897D9A7A-F230-427D...@microsoft.com>
<MFPrFghr...@TK2MSFTNGHUB02.phx.gbl>
<#HRIXLmr...@TK2MSFTNGP04.phx.gbl>
<J0Uw$E6rKH...@TK2MSFTNGHUB02.phx.gbl>
| In-Reply-To: <J0Uw$E6rKH...@TK2MSFTNGHUB02.phx.gbl>
| Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <O4$RHIItK...@TK2MSFTNGP05.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 88-149-225-170.dynamic.ngi.it 88.149.225.170
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:96645
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Trapulo

unread,
Mar 3, 2010, 10:28:01 AM3/3/10
to

"Vince Xu [MSFT]" wrote:

> Hi,
>

> This error refers to the Full trust deplyment. I'm not sure you can use
> medium level to resolve it.

It MAY be possibile!
There also is an official MS procedure to make this...


Vince Xu [MSFT]

unread,
Mar 5, 2010, 2:51:05 AM3/5/10
to
Hi,

The problem is that using an OLE DB database requires that the Unmanged
Code flag of the SecurityPermission be set, since OLE DB is a COM-based
component. I experienced that the OleDbPermission requires full trust to
run. If you want to set truct to Medium, the only option is to sandbox your
data access code. Put it in a separate assembly that you grant full trust
to, decorating it with the AllowPartiallyTrustedCallers attribute, then
call into it from your main application.
Please check this thread
http://forums.asp.net/p/1148017/1864917.aspx#1864955

--
Regards,
Vince Xu - MSFT
Microsoft Online Support

--------------------
| Thread-Topic: Missing required tag <CodeGroup>

| thread-index: Acq65hxL8V2219sXSzKLCHMo/WTS5A==
| X-WBNR-Posting-Host: 88.149.225.170
| From: Trapulo <nonscr...@nospam.nospam>


| References: <BABB653C-94BF-43B7...@microsoft.com>
<956afb24-1927-4ed4...@b10g2000yqa.googlegroups.com>
<940A855F-9059-44FC...@microsoft.com>
<55mf3g6q...@TK2MSFTNGHUB02.phx.gbl>
<897D9A7A-F230-427D...@microsoft.com>
<MFPrFghr...@TK2MSFTNGHUB02.phx.gbl>
<#HRIXLmr...@TK2MSFTNGP04.phx.gbl>
<J0Uw$E6rKH...@TK2MSFTNGHUB02.phx.gbl>

<O4$RHIItK...@TK2MSFTNGP05.phx.gbl>
<c7UbWwft...@TK2MSFTNGHUB02.phx.gbl>


| Subject: Re: Missing required tag <CodeGroup>

| Date: Wed, 3 Mar 2010 07:28:01 -0800
| Lines: 13
| Message-ID: <5104FFFD-745F-4FF3...@microsoft.com>


| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl

microsoft.public.dotnet.framework.aspnet:96819
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

0 new messages