5
votes

I've downloaded the recaptcha.dll in both 1.0.1.0 and 1.0.4.0. When trying to render the control, I get the following exception:

Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Stack Trace:[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0 System.Web.UI.NamespaceTagNameToTypeMapper.GetControlType(String tagName, IDictionary attribs, Boolean throwOnError) +209

The solution to this, as provided by a quick Googling, is to use caspol.exe to add full trust to the recaptcha.dll assembly.

C:\%path%\caspol -af C:\inetpub\wwwroot\%path%\bin\recaptcha.dll

At this point, I get the following error:

ERROR: This assembly is not strong name signed

Short of downloading the source code and recompiling it locally, is there any other way to get this working?

5

5 Answers

3
votes

I ran into the same problem and your solution helped me. I also had to perform the following steps on the reCAPTCHA ASP.NET source code.

1) Open the AssemblyInfo.cs file of the DLL project and add following using statement.

using System.Security;

2) Add following line to AssembleInfo.cs.

[assembly: AllowPartiallyTrustedCallers()]

3) Recomiple the dlls and redeploy your projects. This error should be solved.

NOTE: The website I am working on is using 1and1.com as their hosting company. I also had to set the Proxy property in the code-behind to avoid a timeout exception during the HttpWebRequest.

recaptcha.Proxy = new WebProxy("http://ntproxyus.lxa.perfora.net:3128");

Hope this helps someone but now I have reCAPTCHA up and running on an ASP.NET site hosted on 1and1.com.

2
votes

I had this same issue. After some headbanging, I realized that I had downloaded the recaptcha.dll from a zip file. So, I right-clicked on the dll, went to properties and clicked the unblock button.

That solved the issue for me.

1
votes

I ran into two different security issues while trying to deploy Google's reCAPTCHA to our production server in a shared hosting environment on hostmysite.com

1) First, I couldn't get the form to display at all. Instead, I would see an error message that said "That assembly does not allow partially trusted callers." That was fixed by downloading a DLL that someone recompiled from source code with the addition of [assembly: AllowPartiallyTrustedCallers]. The DLL download and more details are here: https://code.google.com/p/recaptcha/issues/detail?id=100

2) After deploying that DLL I was able to get the reCAPTCHA to initially display on the form, but submitting the form resulted in the same security error listed in the original post:

"Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. "

I submitted a ticket to our hosting support and they were able to fix that problem, with this explanation:

"It was probably working on your computer because you have it set to a Full Trust environment whereas the web server that the site is on is set to Medium Trust. It therefore has a restricted set of trusted URIs. I have now added the URI for Google's Recaptcha to the trusted list and your form is now working on the site. If you have any further issues, do let us know."

0
votes

Being unable to get this to work using the unsigned dll that is made available for download, I got hold of the source, compiled and signed it myself and this works fine.

It would have been great if something, somewhere along the way, had indicated that I might have to do this...

0
votes

In the IIS go to the Application Pool, there got to your project, right click and select Advanced Properties and set LoadUserProfile to True.