SecurityException from ErrorMail Module in Partial Trust Environment on Pages with Compilation Error

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Enable ErrorMail module
2. Request a page which is throwing a Compilation Error exception due to 
invalid code between script tags (<% %>).

What is the expected output? What do you see instead?
ELMAH attempts to produce a log entry and e-mail error report for the 
Compilation Error, but the exception is not captured or logged because of a 
SecurityException incurred by ELMAH while trying to format the e-mail report 
for the Compilation Error. 

After failing to log the Compilation Error due to the SecurityException 
encountered by the ErrorMail module, the SecurityException which was generated 
is correctly logged and emailed by ELMAH.

What version of the product are you using? On what operating system?
Version 1.1

Please provide any additional information below.
It would appear the problem is occurring as result of a failed call to 
get_Results() (Results property getter) in 
System.Web.DynamicCompileErrorFormatter. Specifically, after the 
DynamicCompileErrorFormatter class attempts to compile the page with the 
Compilation Error and fails it is throwing the SecurityException. 

This isn't necessarily an ELMAH issue, but ELMAH ends up suffering the 
consequences in a partial trust environment because it is unable to correctly 
report the original error due to the SecurityException caused while attempting 
to log it.

I have attached an error report from ELMAH showing the SecurityException. I 
have successfully reproduced this on multiple pages in more than one  ASP.NET 
MVC website by adding invalid code between script tags in the view files.

Original issue reported on code.google.com by laka...@gmail.com on 6 Jul 2010 at 6:45

Attachments:

• error-detail.htm

[GoogleCodeExporter]

Here's a more easily read version of the error detail above. I didn't realize 
Google wouldn't process the HTML in the attachment viewer.

System.Security.SecurityException: Request for the permission of type 
'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, 
PublicKeyToken=b77a5c561934e089' failed.
   at System.Web.HttpCompileException.get_Results()
   at System.Web.DynamicCompileErrorFormatter.get_MiscSectionContent()
   at System.Web.ErrorFormatter.GetHtmlErrorMessage(Boolean dontShowSensitiveInfo)
   at System.Web.HttpException.GetHtmlErrorMessage()
   at Elmah.Error..ctor(Exception e, HttpContext context) in c:\builds\ELMAH\src\Elmah\Error.cs:line 110
   at Elmah.ErrorMailModule.OnError(Exception e, HttpContext context) in c:\builds\ELMAH\src\Elmah\ErrorMailModule.cs:line 356
   at Elmah.ErrorMailModule.OnErrorSignaled(Object sender, ErrorSignalEventArgs args) in c:\builds\ELMAH\src\Elmah\ErrorMailModule.cs:line 328
   at Elmah.ErrorSignalEventHandler.Invoke(Object sender, ErrorSignalEventArgs args)
   at Elmah.ErrorSignal.Raise(Exception e, HttpContext context) in c:\builds\ELMAH\src\Elmah\ErrorSignal.cs:line 56
   at Web.Components.Controllers.Filters.HandleErrorAttribute.RaiseErrorSignal(Exception e) in E:\Website\Web.Components\Controllers\Filters\HandleErrorAttribute.cs:line 31
   at Web.Components.Controllers.Filters.HandleErrorAttribute.OnException(ExceptionContext context) in E:\Website\Web.Components\Controllers\Filters\HandleErrorAttribute.cs:line 13
   at System.Web.Mvc.ControllerActionInvoker.InvokeExceptionFilters(ControllerContext controllerContext, IList`1 filters, Exception exception)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
   at System.Web.Mvc.Controller.ExecuteCore()
   at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
   at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__4()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Web.AspNetHostingPermission
The Zone of the assembly that failed was:
MyComputer

Original comment by laka...@gmail.com on 6 Jul 2010 at 6:49

[GoogleCodeExporter]

I really wish they'd let us edit issues... Damn you Google Project Hosting....

I incorrectly said that System.Web.DynamicCompileErrorFormatter.get_Results() 
was throwing the SecurityException when I meant to say 
System.Web.HttpCompileException.get_Results(). 

It looks like the actual call in Elmah is to 
System.Web.HttpException.GetHtmlErrorMessage() on line 113 of Error.cs. Perhaps 
simply wrapping this line in a Try {} Catch(SecurityException) { } would be an 
acceptable solution unless you can think of a better one.

Original comment by laka...@gmail.com on 6 Jul 2010 at 6:57

[GoogleCodeExporter]

Original comment by azizatif on 8 Oct 2010 at 12:00

• Changed state: Accepted
• Added labels: Component-Logic, Milestone-Release1.1

[GoogleCodeExporter]

Original comment by azizatif on 18 Oct 2010 at 6:10

• Added labels: Milestone-Release1.2
• Removed labels: Milestone-Release1.1

[GoogleCodeExporter]

Original comment by azizatif on 3 May 2011 at 9:19

• Changed state: Started

[GoogleCodeExporter]

Fixed in r824.

Original comment by azizatif on 3 May 2011 at 9:25

• Changed state: Fixed