This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 81%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)
Hello,
My web host is Fasthosts. My server: Windows OS and ASP.Net 4.8
I created a simple dynamic web page using ASP.Net and vb. The web application is just adding two inputs.
The program works well locally.
When I try to view the web page, I get an error. I have tried to trouble shoot all weekend, with no success. I contacted Fasthosts; they said that my ASP.Net pages would not run because security reasons (my privilege is not Full, I presume). Please find below the error message and my codes. I would appreciate any advise on how to get my little test .aspx run.
http://apps.surgicalneurology.org.WebForm1.aspx
Error message:
Server Error in '/' Application.
Security Exception
__Description:__The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. __Exception Details:__System.Security.SecurityException: Request failed. Source Error:
| An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
|---|
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
|[SecurityException: Request failed.]
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +83
System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +295
System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) +73
System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type) +0
System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName) +71
System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +41
System.Type.GetType(String typeName) +31
System.CodeDom.Compiler.CompilerInfo.get_IsCodeDomProviderTypeValid() +13
System.Web.Compilation.CompilationUtil.GetRecompilationHash(CompilationSection ps) +2130
System.Web.Configuration.CompilationSection.get_RecompilationHash() +110
System.Web.Compilation.BuildManager.CheckTopLevelFilesUpToDateInternal(Int64 cachedHash) +497
System.Web.Compilation.BuildManager.CheckTopLevelFilesUpToDate(Int64 cachedHash) +53
System.Web.Compilation.BuildManager.ExecutePreAppStart() +142
System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException) +590|
| -------- |
|[SecurityException: Request failed.] System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100 System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) +83 System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +295 System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) +73 System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type) +0 System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName) +71 System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +41 System.Type.GetType(String typeName) +31 System.CodeDom.Compiler.CompilerInfo.get_IsCodeDomProviderTypeValid() +13 System.Web.Compilation.CompilationUtil.GetRecompilationHash(CompilationSection ps) +2130 System.Web.Configuration.CompilationSection.get_RecompilationHash() +110 System.Web.Compilation.BuildManager.CheckTopLevelFilesUpToDateInternal(Int64 cachedHash) +497 System.Web.Compilation.BuildManager.CheckTopLevelFilesUpToDate(Int64 cachedHash) +53 System.Web.Compilation.BuildManager.ExecutePreAppStart() +142 System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException) +590|
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4770.0
My .aspx:
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="WebForm1.aspx.vb" Inherits="multiply.WebForm1" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
a:
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
b:
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
<br />
<asp:Button ID="Button1" runat="server" Text="Button" />
<br />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
My .vb file:
Public Class WebForm1
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim ab As Decimal
Dim cd As Decimal
ab = TextBox1.Text
cd = TextBox2.Text
Dim c As Decimal
c = ab + cd
Label1.Text = c
End Sub
End Class
My web.config file:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.8" />
<httpRuntime targetFramework="4.8" />
<customErrors mode="Off"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
</configuration>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
You vb compiler setting is truncated
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008,40000,40008 /define:_MYTYPE="Web" /optionInfer+" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
Sorry. Please find the .vb file code below
***interestingly all works well ASP.net 2. Fasthosts mentioned their current ASP.Net is 4.8
Public Class WebForm1
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim ab As Decimal
Dim cd As Decimal
ab = TextBox1.Text
cd = TextBox2.Text
Dim c As Decimal
c = ab + cd
Label1.Text = c
End Sub
End Class
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 62%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETT%3C/text%3E%3C/svg%3E)
I reviewed your error and code, and it seems your VB/ASPX code is fine. The issue is not with IIS or your logic, it’s about how your hosting environment runs ASP.NET.
The error:
System.Security.SecurityException: Request failed
appears during application startup, before your button click code runs. The stack trace shows:
System.CodeDom.Compiler.CompilerInfo.get_IsCodeDomProviderTypeValid() System.Web.Compilation.BuildManager.ExecutePreAppStart()
This means ASP.NET is trying to compile your page dynamically using the Roslyn compiler (added by default in modern ASP.NET 4.8 apps). Roslyn needs Full Trust to run because it launches compiler executables from bin\roslyn.
However, Fasthosts told you they run your site with restricted permissions (Medium Trust) for security. Under Medium Trust, Roslyn cannot execute, so the app fails immediately.
Why did it work on your PC? Your local machine runs under Full Trust by default, so Roslyn works fine there.
Older ASP.NET 2.0 apps didn’t use Roslyn, which is why they still work on the same host.
I managed to find three options you could try:
1. Precompile your site (recommended)
Precompiling removes the need for runtime compilation, so Roslyn never runs.
Publish → Settings → Precompile during publishing → ConfigureReference: Precompiling ASP.NET Web Forms
2. Remove Roslyn and use the legacy compiler
If you can’t precompile:
<system.codedom> section from your web.config.bin\roslyn folder from your deployment.This forces ASP.NET to use the older CodeDOM compiler, which usually works under Medium Trust.
3. Ask Fasthosts for Full Trust
If your hosting plan allows, request Full Trust for your app pool. Many shared hosts don’t allow this, so Options 1 or 2 are safer.
References:
Bottom line is this is a hosting trust-level issue. Precompiling or removing Roslyn usually solves it.
Once you have tried these options out, please let me know - I'd be more than happy to help!
@Tom Tran Thank you! I have tried (1) and (2). I just get the following error:
502 Bad Gateway
nginx/1.27.4
After removing the section of the web.config file relating to Rosyl and uninstalling NuGet and clearing any traces of Rosyl through Rosyn VS prompt and converting it into a web application and then rebuilding, there was no Rosyl folder. I uploaded to my web hosting (www.childneurosurgery.org/WebForm1.aspx and I get the following error (however, a simple webpages, /test.html works fine):
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(String virtualPath, IPrincipal user, String verb) +43
Microsoft.AspNet.FriendlyUrls.Abstractions.UrlAuthorizationModuleWrapper.CheckUrlAccessForPrincipal(String virtualPath, IPrincipal user, String verb) +15
Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.GetWebObjectFactory(HttpContextBase httpContext, String modifiedVirtualPath) +159
Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.Resolve(HttpContextBase httpContext, IList`1 extensions, String virtualPathOverride, IFriendlyUrlRouteSupportFunctions supportFunctions) +220
Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.Microsoft.AspNet.FriendlyUrls.Abstractions.IFriendlyUrlRouteSupportFunctions.Resolve(HttpContextBase httpContext, IList`1 extensions, String virtualPathOverride) +16
Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.GetRouteData(HttpContextBase httpContext, String pathOverride, IFriendlyUrlRouteSupportFunctions supportFunctions) +140
Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.GetRouteData(HttpContextBase httpContext) +8
System.Web.Routing.RouteCollection.GetRouteData(HttpContextBase httpContext) +237
System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +63
System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +85
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +144
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +50
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +73
Thanks for the follow-up! I really appreciate you've taken the time to try out the options I provided.
The error you are seeing:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] Microsoft.AspNet.FriendlyUrls.FriendlyUrlRoute.Resolve(...)
shows that the failure is happening inside the FriendlyUrls package, not your VB code. This occurs because FriendlyUrls uses features that require Full Trust, while your hosting environment (Fasthosts) enforces Medium Trust for security. Under Medium Trust, operations like reflection and dynamic routing are blocked, which triggers this SecurityPermission error.
Bruce (SqlWork.com) also made a great point: since your site is running on ASP.NET 4.8, it falls under the ASP.NET 4.5+ family where Partial Trust (Medium Trust) is no longer fully supported or guaranteed to isolate apps. Many modern ASP.NET features, including FriendlyUrls, were designed assuming Full Trust. That’s why this issue persists even after removing Roslyn, the root cause is that FriendlyUrls itself isn’t compatible with restricted environments.
You could try:
1. Remove FriendlyUrls Completely
Even without Roslyn, FriendlyUrls will still trigger SecurityPermission errors under Medium Trust:
Microsoft.AspNet.FriendlyUrls.routes.EnableFriendlyUrls() in RouteConfig.cs.bin folder.While Microsoft no longer actively maintains FriendlyUrls, you can find its archived documentation here: ASP.NET Friendly URLs – Microsoft Learn (Archived)
2. Use Classic ASP.NET Routing Instead
You can still achieve clean URLs using MapPageRoute() in Global.asax, which works under Medium Trust and doesn’t rely on FriendlyUrls.
Example:
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
RouteTable.Routes.MapPageRoute("AddRoute", "add", "~/WebForm1.aspx")
End Sub
This lets you use URLs like /add without breaking under restricted permissions.
For more details: ASP.NET Web Forms Routing – Wingtip Toys Tutorial
3. If That Still Fails
If even classic routing doesn’t work, it likely means Fasthosts enforces very strict Medium Trust. In that case:
I hope this helps! Please let me know how it goes!