Hi Davide,

I've been working toward understanding and configuring Easy Help to get it ready to roll out to my clients. One of the last elements I needed was the POP3 mailbox scanning. Unfortunately, I have run into a Medium Trust issue, which I have been attempting to resolve via a customized web.config file, but have made no progress.

It involves the permission request for "System.Net.SocketPermission" as shown in the error below.

First, I know this is a Trust level issue because if I change the site to Full Trust, the problem goes away. If I change to High Trust, the error changes to a FileIOpermission error, which does not make sense.

I've done research and found some articles relating to "System.Net.SocketPermission" and how to grant access in a non-full trust environment via a customized web.config, but this has not helped.

I found a post at Afterlogic.com (mailbee) which talked about this issue in September 2008.

http://www.afterlogic.com/forum/forum_posts.asp?TID=1481&TPN=1

Elsewhere, I found reference on how to modify a custom web.config file, which I have done, but again, it does not help. (this is not the DNN web.config, but a customized config file that DNN web.config references.)

Add:
SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

And:
IPermission class="SocketPermission" version="1" Unrestricted="true"

Note: There are other values besides unrestricted="true" that can be set, but I thought I would start with the most liberal, then back down.

I also found this article on MSDN site:

http://msdn.microsoft.com/en-us/library/system.net.socketpermission.aspx

There must be a way to overcome this problem without resorting to full trust.

Maybe you can provide me a version that creates a debug log file which would give us more specific information?

Also, for reference from below: "The Zone of the assembly that failed was: MyComputer" I don't think any web app should be requesting the zone of MyComputer. This is a very high trust zone and gives unlimited access to a computer.
___________________________________________________
AssemblyVersion: 04.09.04
PortalID: 0 PortalName: SilverBullet Technologies LLC UserID: 4 UserName:
ActiveTabID: 120 ActiveTabName: Support RawURL: /Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx AbsoluteURL: /Default.aspx AbsoluteURLReferrer: https://www.silverbullettech.com/Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) DefaultDataProvider:

DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider ExceptionGUID: 18b7db7b-7358-4384-9beb-0b5a00e075d2 InnerException: Request for the permission of type 'System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. FileName: FileLineNumber: 0

FileColumnNumber: 0 Method: System.Security.CodeAccessSecurityEngine.Check StackTrace:

Message:
DotNetNuke.Services.Exceptions.PageLoadException: Request for the permission of type 'System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. ---> System.Security.SecurityException: Request for the permission of type 'System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.Net.Sockets.Socket.CheckCacheRemote(EndPoint& remoteEP, Boolean isOverwrite) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at cp.a(IPEndPoint A_0) at cs.a(IPEndPoint A_0) at bm.a(IPHostEntry A_0, Int32 A_1) at az.a(String A_0, Int32 A_1, Boolean A_2, EndPoint A_3) at az.y() at bs.a5() at cf.a(Boolean A_0, String A_1, Int32 A_2, Boolean A_3) at MailBee.Pop3Mail.Pop3.Connect(String serverName, Int32 port) at OldTurtle_BizSuite_EasyHelp2.Pages.Administration_POP3_Edit.b(Object A_0, EventArgs A_1) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) The action that failed was: Demand The type of the first permission that failed was: System.Net.SocketPermission The Zone of the assembly that failed was: MyComputer --- End of inner exception stack trace ---

Thank you for your help.

Rob

Hi Rob,

I just googled a bit, when I run into this:

http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx
http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx#552917g

and following comments. Would you think that

http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx#553189

this could worth a try?

Excuse me if I'm maybe missing the topic, I just had a very busy Sunday!

Let's speak tomorrow about this, thanks.

Davide

Hi Davide,

That post may be related, but it appears to be more from the point of view of a client machine, running an application that uses IE, and associated Trust issues if the application is an exe and dlls on a network share.

Note: Just so you know, I used Outlook Express to connect to the POP3 mailbox, using the same credentials and SSL on port 995 without any problem.

I have also tried testing via module UI without SSL, just specifiying port 110 and the Server FQDN, and I still get the same .NET error exception.

Even though I cannot test the POP3 connection via the module's UI, as a test, I enabled the connector anyway, to see what would happen when the DNN scheduler task ran (OldTurtle_BizSuite_EasyHelp2.Business.POP3_Schedule, OldTurtle_BizSuite_EasyHelp2)

The scheduler history shows it runs, but with a failure, as expected:
OldTurtle_BizSuite_EasyHelp2.Business.POP3_Schedule, OldTurtle_BizSuite_EasyHelp2 POP3 polling failed: System.Exception: Cannot find POP3 Server: wml.silverbullettech.com at OldTurtle_BizSuite_EasyHelp2.Business.POP3_Schedule.DoWork()

The related DNN Event log messages say the same thing, no other helpful information.

It seems evident it cannot find the POP3 server, because the .NET security exception is preventing the MailBee code from running.

List of posts I have found to be relevant:
http://www.afterlogic.com/forum/forum_posts.asp?TID=1481&TPN=1

This next one talks about MySQL, but more importantly, it is in the context of the 'System.Net.SocketPermission' error:
http://www.aspcode.net/Getting-MySQL-to-function-in-medium-trust.aspx

http://msdn.microsoft.com/en-us/library/system.net.socketpermission.aspx

http://msdn.microsoft.com/en-us/library/system.net.socketpermission_members.aspx

http://skysigal.xact-solutions.com/...tings.aspx

Also, when I was tested in Full Trust, then switched to High Trust (one step away from Full), I got this exception, rather than the "Socket" exception:

AssemblyVersion: 04.09.04
PortalID: 0
PortalName: SilverBullet Technologies LLC
UserID: X
UserName: xxxxx
ActiveTabID: 120
ActiveTabName: Support RawURL: /Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx AbsoluteURL: /Default.aspx
AbsoluteURLReferrer: https://www.silverbullettech.com/Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider ExceptionGUID: 73db629a-3265-4c3e-b7a1-ba2afd13bf59

InnerException: System.Security.Permissions.SecurityPermission
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: .es.b StackTrace:

Message: DotNetNuke.Services.Exceptions.PageLoadException: System.Security.Permissions.SecurityPermission ---> System.Security.SecurityException: System.Security.Permissions.SecurityPermission at es.b(Int32 A_0, Int32 A_1) at cz.a(SecurityProtocol A_0) at az.a() at az.a(String A_0, Int32 A_1, Boolean A_2, EndPoint A_3) at az.y() at bs.a5() at cf.a(Boolean A_0, String A_1, Int32 A_2, Boolean A_3) at MailBee.Pop3Mail.Pop3.Connect(String serverName, Int32 port) at OldTurtle_BizSuite_EasyHelp2.Pages.Administration_POP3_Edit.b(Object A_0, EventArgs A_1) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer --- End of inner exception stack trace ---

So, perhaps the Sockets exception is actully a subsequent failure due to a previous security exception in the MailBee code.

Maybe the folks at AfterLogic can give you some insight to how to correct this in a Mediumt Trust environment.

Thank you,
Rob

Rob,

that link you posted, from mailbee component's forum, sadly ends like:

Update. After resetting trust levels to dfeaults we found that sockets are indeed disabled at Medium Trust level.

The reason they are usually enabled at shared hostings is that the most popular setting there is High, not Medium, and some hosting providers set Medium but additionally enable sockets.

Regards,
Alex

... so that means (unfortunatly!) that we should try to play around with that socket permissions class you mentioned... or else it will never work on medium. No chanches that you run it in full, uh ?

BETA 01.00.27 was a version that is recompiled with no 2.0 .NET direct references. That should help those people having problems running BizSuite in .NET 3.5.

Davide,

No. No chance I will run in Full Trust. It is a security consideration.

I disagree with AfterLogic that Full Trust is the most popular. Most hosting companies that care about security force Medium Trust.

I saw that last statement in the post, so I know it is a .NET security issue, but they also state: "...and some hosting providers set Medium but additionally enable sockets."

So, I was thinking, maybe they know some step in the procedure to enable Sockets in .NET under Medium Trust, that I have not discovered. The only information I have found is what I posted previously.

I also want to re-state that I am concerned about the security error that occurs in High Trust, which might be a top level issue, with the Sockets error being a symptom.

Anyway, perhaps you can contact MailBee/AfterLogic to see if they can help.

Thank you.
Rob

Yes we are emailing them now.

I'll keep you updated.

I have opened a ticket yesterday with them, still waiting for updates.

Rob,

This is what afterlogic wrote me:

Hello,

Trust levels are just sets of rules in files like:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config

You can create a custom trust level based on Medium Trust which would allow/prohibit what you need. The following article sheds some light on all trust levels:

http://msdn.microsoft.com/en-us/library/tkscy493.aspx

The following one is about Medium Trust in ASP.NET:

http://msdn.microsoft.com/en-us/library/ms998341.aspx

Please pay your attention to "Step 3. Optionally Create a Custom Policy Based on Medium Trust" section:
http://msdn.microsoft.com/en-us/library/ms998341.aspx#paght000020_step3

Maybe you could try play around with the file mentioned:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config

??

Davide,

I am very familiar with creating custom Medium Trust files, and am already using one for my site. However, I have reviewed the included links to see if they give me any more insight on setting permissions for "System.Net.SocketPermission", beyond what I have already done. The links have no further information. I was hoping AfterLogic knew the exact requirements to make this work.

But again, please ask them why I get the different Security exception I documented above, when I set the trust level to "High", which is less restrictive than "Medium".

Below is a copy/paste of what I posted earlier about High Trust, where I get a different error. Can they explain this?:

AssemblyVersion: 04.09.04
PortalID: 0
PortalName: SilverBullet Technologies LLC
UserID: X UserName: xxxxx
ActiveTabID: 120
ActiveTabName: Support RawURL: /Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx AbsoluteURL: /Default.aspx AbsoluteURLReferrer: https://www.silverbullettech.com/Support/ctl/administration_POP3_edit/mid/542/itemid/1.aspx UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider ExceptionGUID: 73db629a-3265-4c3e-b7a1-ba2afd13bf59

InnerException: System.Security.Permissions.SecurityPermission
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: .es.b
StackTrace:
Message:
DotNetNuke.Services.Exceptions.PageLoadException: System.Security.Permissions.SecurityPermission ---> System.Security.SecurityException: System.Security.Permissions.SecurityPermission at es.b(Int32 A_0, Int32 A_1) at cz.a(SecurityProtocol A_0) at az.a() at az.a(String A_0, Int32 A_1, Boolean A_2, EndPoint A_3) at az.y() at bs.a5() at cf.a(Boolean A_0, String A_1, Int32 A_2, Boolean A_3) at MailBee.Pop3Mail.Pop3.Connect(String serverName, Int32 port) at OldTurtle_BizSuite_EasyHelp2.Pages.Administration_POP3_Edit.b(Object A_0, EventArgs A_1) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer --- End of inner exception stack trace ---

Thanks for digging into this.
Rob

Davide,

Some important new information. I have been chasing this to isolate the real problem. First, for the record, I found I had an error in my modified Medium Trust file, which did not allow the Socket permission statement to function as intended. That has been corrected.

Now we are down to the "System.Security.Permissions.SecurityPermission" problem which I have isolated:

The MailBee code requires the "UnmanagedCode" flag for the Permission set "SecurityPermission" in the custom trust file.

This is considered a very dangerous flag to have set. From MSDN:
http://msdn.microsoft.com/en-us/library/system.security.permissions.securitypermissionflag.aspx

Description of "UnmanagedCode"
"Ability to call unmanaged code. Since unmanaged code potentially allows other permissions to be bypassed, this is a dangerous permission that should only be granted to highly trusted code. It is used for such applications as calling native code using PInvoke or using COM interop"

Note: This flag is not even set in the "High Trust" web.config file. It is only allowed in the Full Trust mode.

Many time developers "demand" permissions in their code which really aren't required. Would you please go back to AfterLogic with this new information and ask if they can review the requirement for the "UnmanagedCode" flag?

Thank you.
Rob

Davide,

I just went to AfterLogic's site to look at MailBee POP3 information and found this, indicating Full Trust is no longer required:

(your included component "MailBee.NET.dll" is version 4.0.2.105)

version 5.0
•.NET Compact Framework support (for Windows Mobile devices)
•BounceMail component for handling and parsing bounced messages and delivery reports
•DomainKeys class which can be used to verify DomainKeys signatures of e-mails
•Improved "POP3 over TLS/SSL" support on .NET 2.0/3.0/3.5 Framework (better performance, Full Trust no longer required)
•Better MIME parsing
•Improved support of Visual Studio 2008
•A lot of other fixes and improvements (see Version History for details)

Hello,

yeah I could download the version 5 of the assembly right now.

Do you want me to email to you? I think a file replace in the bin is enough, the reference from BizSuite is a normal assembly reference...

Yes, please. If you email the dll, please zip it first or my AV server will delete it.

Thanks.
Rob

To let everyone know, Davide and his team worked swiftly with me yesterday morning and provided a recompiled version of EasyHelp, using the new version 5.x of the MailBee library, which no longer suffers from the Full Trust requirement. I assume there will be a general release of this in the near future.

If interested, I posted a blog at my site outlining the details of how to modify your Medium Trust config file to allow EasyHelp Mail Collector to work in a Medium Trust environment.

https://www.silverbullettech.com/Tech_Blog/EntryId/16/EasyHelp-Helpdesk-POP3-Mail-Collector-in-a-Medium-Trust-Environment.aspx

I hope this helps someone else.

Thanks, Davide.

Rob

Thank you for the blog article and link!

Yes, we are coming out next week with 01.00.28, containing this new mailbee version, and hopefully all the other points you kindly reported via email these days.

Davide