Debugging Security Exceptions
One of the horrible things about SecurityException is just how little information you are given.
For example, let us take a look at:
Yes, that is informative. The real problem is that most security analysis is done at the method level, which means that _something_ in this method caused this problem. Which meant that in order to debug this, I have to change my code to be like this:
Which gives me this:
Just to point out, the first, second, etc are purely artificial method names, meant just to give me some idea about the problem areas for this purpose only.
Then we need to go into the code in the First method and figure out what the problem is there, and so on, and so forth.
Annoying, and I wish that I knew of a better way.
Doesn't the stack trace give you the detail you need to find the offending statement by line #?
The culprit from the original code was Line 166 inside DocumentDatabase.cs After your changes to track it down, the line was 185.
Or was the point that Line 166 was merely pointing at the constructor declaration, not the line that triggered the security exception?
Side note: never ever put anything that could remotely fail in a static constructor. Failing a static constructor causes the entire application to be effectively permanently unavailable until someone recycles the process. Only pure computations are suited for cctors. Use a static threadsafe lazy for anything else (but not the default one because it stores the exception! what an evil design choice).
Attach to web app, throw on exception?
Steve, Nope, the line number was actually the function header, not any line in the method itself
Tobi, With the exception of things that are actually "if this fails, a restart is required"
Damien, Try that :-) It wouldn't get into the method / line that is causing it. It would stop when the JIT processed the method, not when executing it.
Can you catch the exception and use that to help you find the bug?
SecurityException has several properties which should help you to find out why it was raised. This is turn may point to the code which caused it.
It doesn't tell me what caused the error (what line of code in the method)
Hmm, at least from a debugging scenario, could CodeAccessPermissions.Assert possibly loosen up the restrictions enough to get a stack-trace without compromising the security restriction causing the exception? Really not something I've ever been in this situation.
Isn't this by design?
As it is a security exception it could be the result of someone probing trying to footprint the code.
Not giving any details might be annoying but it ticks the securtiy box.
Dirk, Not giving me details means _I can't fix this_. It is incredibly hard to figure out what is going on
I had a similar problem in a Sharepoint project. The SecurityException was thrown because of a missing permission. In order to find the permission I did the following:
I've surrounded the code that caused the error with a try catch block and caught the security exception. Then I've set a breakpoint in the catch block and had a look at the exception object in the quickwatch window.
The security Exception has a private field called m_demanded (among some other interesting fields), which finally told me what the missing permission was.
Maybe this helps in your case, too.