IIS7 Does Not Allow Cross Domain Calls In Full Trust Mode By Default – The Fix!

I have been working on a project recently where I have been making cross domain web requests to twitter using the Yedda.Net library.  Everything was working correctly when executing the source using Visual Studio and Cassini (Visual Studios built in web server) but when I made a trial deployment I ran into a security exception.

I found this very strange as when I deployed the source to a server running IIS6 everything functioned as expected but when deploying to a server running IIS7 I was faced with the following exception.

SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, 
PublicKeyToken=b77a5c561934e089' failed.

Both sites on the two different servers running IIS6 and IIS7 were set up to run in full trust so it didn’t make any sense that IIS7 would not allow the cross domain web request.

image

When the application was making the WebRequest the stack trace was showing that the application did not have enough permissions to execute the cross domain call to twitter. But I am running in full trust so now I am super confused (below is the source where the exception was thrown)!

        public TweetServiceModel GetLatestTweet()
                    {
                        Yedda.Twitter twitter = new Yedda.Twitter();
                        XmlDocument document = twitter.ShowAsXML(TwitterConfiguration.Username, 
                                                     TwitterConfiguration.Password,
                                                                 TwitterConfiguration.Username);
                        try
                        {
                            // ReSharper disable PossibleNullReferenceException
                            string tweet = XDocument.Parse(document.InnerXml).Element("user")
                                                                 .Element("status")
                                                                 .Element("text").Value;
                            return new TweetServiceModel(tweet);
                            // ReSharper restore PossibleNullReferenceException
                        }
                        catch (Exception)
                        {
                            return new TweetServiceModel();
                        }
                    }


The Fix!

It seems that the default behaviour for IIS7 is not to allow the WebRequest to execute even when running in full trust. To enable this behaviour go to yours sites application pool and click on advanced settings. Then change the Load User Profile setting to True instead of False.

imageimage

Sunday, 28th February, 2010 By Daniel Watson (iis7)
Tweet Me | Link To Facebook

Month List

Tag Cloud