locked
System.Security.SecurityException: That assembly does not allow partially trusted callers. RRS feed

  • Question

  • Hi, I'm developing a solution to integrate Constant Contact and Dynamics CRM 2011. By now, I'been successfully developing this solution in an on-premise deployment of Dynamics CRM, but now I also need to deploy this solution on a On-line deployment of CRM. Here is when the security problem comes up. I'm getting this exception from the web client of CRM:

    System.Security.SecurityException: That assembly does not allow partially trusted callers.

       at ConstantContactUtility.Utility.SearchContactByEmail(AuthenticationData authenticationData, IEnumerable`1 emailAddresses, String currentChunkId, String& nextChunkId)

       at ConstantContactUtility.Utility.SearchContactByEmail(AuthenticationData authenticationData, IEnumerable`1 emailAddresses, String& nextChunkId)

       at MSCRMtoConstantContact.Plugin.Execute(IServiceProvider serviceProvider)

    The action that failed was:

    LinkDemand

    The Zone of the assembly that failed was:

    MyComputer

    First of all, My solution is compound of 2 proyects, one with the third party API provided by Constant Contact and My Plugins project. This exception is generated in the Execute method of one of the plug-ins and is referred to a member of one class of the API.

    I know that when my plugin runs into sandbox, it has partial-trust instead of full-trust, so I have added this attribute to AssemblyInfo.cs : [assembly: AllowPartiallyTrustedCallers] in the API proyect, but I'm still having this exception.

    I don`t know what can I do to solve this, since as far as I know adding the APTCA attribute should solve this issue.

     

    Thanks in advance.

     

    Nicolas Brandl.

    Thursday, September 15, 2011 6:19 PM

Answers

  • The issue is that the plug-in is being deployed to the Sandbox. Since the plug-in is in the Sandbox, it is running as a partially trusted caller. There are certain limitations about which assemblies partially trusters callers can take advantage of. Any assembly that is callable by a partially trusted caller must be decorated with the AssemblyAllowsPartiallyTrustedCallersAttribute (APTCA). If the assembly that you are calling does not have this attribute, you will see the "Assembly does not allow partially trusted callers" error.

    Most assemblies in the .NET framework do have APTCA set so that you can utilize portions of the assembly. You'll need to take a look at what assemblies your plug-in is utilizing to track down the error. You should add some ITracingService.Trace calls to help track that one down.

    Michael

    Monday, September 19, 2011 6:50 PM
  • You are correct, HttpUtility is not supported in partial trust.
    • Marked as answer by Nicolas Brandl Friday, September 23, 2011 2:07 PM
    Tuesday, September 20, 2011 2:39 PM

All replies

  • I had this same issue yesterday and I could not understand, under the hood it was looking for a missing assembly. You might get lucky.

    this error is not just specific to CRM custom applications, it can be caused by ASP.NET (because I have also seen this error with SharePoint and general ASP.NET web app).

    hope it helps,


    cheers, S.Khan MCTS
    Thursday, September 15, 2011 11:32 PM
  • Friday, September 16, 2011 1:19 AM
  • Thanks for your kind reply. I am doing the request to the web service according what David had recommended in one of his links http://intergr8it.net/?p=161 and think that this is not the problem. I also added the [assembly: AllowPartiallyTrustedCallers] attribute and since the plug-in it's going to be running under sandbox in a CRM On-line I can't add the assembly to the GAC because I don't have access to it.

    So the problem still remains.

     

    Thanks.

     

    Nicolas Brandl


    Nicolas Brandl Microsoft Dynamics Developer
    Friday, September 16, 2011 12:51 PM
  • Can you try to get the access to GAC ? it might be easier if you can access GAC.
    cheers, S.Khan MCTS
    Sunday, September 18, 2011 11:14 PM
  • I can't access GAC since access to it is restricted on CRM On-line. -

    Nicolas Brandl Microsoft Dynamics Developer
    Monday, September 19, 2011 12:54 PM
  • The issue is that the plug-in is being deployed to the Sandbox. Since the plug-in is in the Sandbox, it is running as a partially trusted caller. There are certain limitations about which assemblies partially trusters callers can take advantage of. Any assembly that is callable by a partially trusted caller must be decorated with the AssemblyAllowsPartiallyTrustedCallersAttribute (APTCA). If the assembly that you are calling does not have this attribute, you will see the "Assembly does not allow partially trusted callers" error.

    Most assemblies in the .NET framework do have APTCA set so that you can utilize portions of the assembly. You'll need to take a look at what assemblies your plug-in is utilizing to track down the error. You should add some ITracingService.Trace calls to help track that one down.

    Michael

    Monday, September 19, 2011 6:50 PM
  • Thanks Michael, I agree with you and I think that this is the problem. Yesterday I found out that a member of the third party API calls to httputlity.urlencode. I have replaced it with a call to System.Uri.EscapeDataString(text) and now I am still having the exception, but in other part of my code. I guess that perhaps this class (httputility) is not supported for partial-trust environments. I will continue debugging my application and if I have some news I will post it here.
    Thanks a lot.

    Nicolas Brandl Microsoft Dynamics Developer
    Tuesday, September 20, 2011 1:07 PM
  • You are correct, HttpUtility is not supported in partial trust.
    • Marked as answer by Nicolas Brandl Friday, September 23, 2011 2:07 PM
    Tuesday, September 20, 2011 2:39 PM