How to resolve a System.Security.SecurityException with custom code in SSRS

reporting-servicessecurityexception

I've created an assembly and referenced it in my Reporting Services report. I've tested the report locally (works), and I then uploaded the report to a report server (doesn't work).

Here is the error that is thrown by the custom code I've written.

System.Security.SecurityException:
Request for the permission of type
'System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089'
failed. at
System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken
permToken, CodeAccessPermission
demand, StackCrawlMark& stackMark,
Int32 unrestrictedOverride, Int32
create) at
System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission
cap, StackCrawlMark& stackMark) at
System.Security.CodeAccessPermission.Assert()
at [Snipped Method Name] at
ReportExprHostImpl.CustomCodeProxy.[Snipped Method Name] The action that failed was:
Demand The type of the first
permission that failed was:
System.Security.Permissions.SecurityPermission
The Zone of the assembly that failed
was: MyComputer

This project is something I inherited, and I'm not intimately familiar with it. Although I do have the code (now), so I can at least work with it 🙂

I believe the code that is failing is this:

    Dim fio As System.Security.Permissions.FileIOPermission = New System.Security.Permissions.FileIOPermission(Security.Permissions.PermissionState.Unrestricted)
    fio.Assert()

However, this kind of stuff is everywhere too:

Private Declare Function CryptHashData Lib "advapi32.dll" (ByVal hhash As Integer, ByVal pbData As String, ByVal dwDataLen As Integer, ByVal dwFlags As Integer) As Integer

I can see either of these being things that Reporting Services would not accommodate out of the box.

Best Solution

<system.web>

<trust level="Full"/>

</system.web>

try this in web.config

Related Question