I am getting a SecurityException when running my web service which
uses ADOMD to access a cube. This web service works fine on other web
servers, but fails on this one - maybe because this server has Windows
Sharepoint Services installed. Is there any configuration I need to do
so this web service may run on this web server too?

The Security Exception I get is given below.

Please let me know the way out of this.

Thanks

Vani Murarka

-----------------------
System.Security.SecurityException: Security error.
at IGB.DataAccess.DataAccessComponent.OpenAdomdConnec tion()
at IGB.DataAccess.DataAccessComponent..ctor() in
e:\ilumenwebservice\igbwebservice\dataaccess\dataa ccesscomponent.cs:line
43
at IGB.MetricsRetriever.AggregatedMetricsRetriever..c tor() in
E:\iLumenWebService\iGBWebService\MetricsRetriever \AggregatedMetricsRetriever.cs:line
33
at IGB.iGbWebService..ctor() in
E:\iLumenWebService\iGBWebService\iGBWebService.as mx.cs:line 41

The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.EnvironmentPerm ission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"/>
<IPermission class="System.Security.Permissions.FileIOPermissio n,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Read="E:\iLumenWebService\iGBWebService"
Write="E:\iLumenWebService\iGBWebService"
Append="E:\iLumenWebService\iGBWebService"
PathDiscovery="E:\iLumenWebService\iGBWebService"/>
<IPermission class="System.Security.Permissions.IsolatedStorage FilePermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"/>
<IPermission class="System.Security.Permissions.SecurityPermiss ion,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Assertion, Execution, ControlThread,
ControlPrincipal, RemotingConfiguration"/>
<IPermission class="System.Web.AspNetHostingPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Medium"/>
<IPermission class="System.Net.DnsPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="System.Drawing.Printing.PrintingPermission,
System.Drawing, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
version="1"
Level="DefaultPrinting"/>
<IPermission class="Microsoft.SharePoint.Security.SharePointPer mission,
Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c"
version="1"
ObjectModel="True"/>
<IPermission class="System.Data.SqlClient.SqlClientPermission,
System.Data, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="Microsoft.SharePoint.Security.WebPartPermis sion,
Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c"
version="1"
Connections="True"/>
<IPermission class="System.Net.WebPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<ConnectAccess>
<URI uri=""/>
</ConnectAccess>
</IPermission>
<IPermission class="System.Security.Permissions.UrlIdentityPerm ission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Url="file://E:/iLumenWebService/iGBWebService/bin/iGBWebService.DLL"/>
<IPermission class="System.Security.Permissions.ZoneIdentityPer mission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Zone="MyComputer"/>
</PermissionSet>

As soon as someone starts talking about web services, the old NT one-hop
restriction immediately comes to mind. Particularly since SSAS only supports
Windows Integrated security. Is this a two-hop configuration? i.e.
client-machine, web service machine and then a 3rd Analysis server? If so,
then you can't pass the same security credentials across more than one-hop
without kerberous.
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Vani Murarka" <vani.murarka (AT) gmail (DOT) com> wrote

r.cs:line

"Dave Wickert [MSFT]" <dwickert (AT) online (DOT) microsoft.com> wrote

Thank you for your response.

No. I am not testing this from a client machine. I am running the web
service method locally on the local browser (browsing the asmx
directly). The Web service and Analysis Services are on the same
machine.

Also, I do not think think this is an authentication issue because All
Users have been given permission to the OLAP DB I am connecting to. No
username password is required. Is there some special configuration of
that I need to do of the web service considering that it is running on
a machine which has Windows Sharepoint Services? The web service works
fine from other machines.

Thanks

Vani

Ok.. Just a guess.
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Vani Murarka" <vani.murarka (AT) gmail (DOT) com> wrote

I found that if I give the trust level=Full in the web.config in
wwwroot, it works. But that is something that is surely not
desireable. The trust level that is not normally set on the server is
WSS_Medium. On going to the config file for WSS_Medium
(wss_mediumtrust.config), I could not really figure out what entries
to make for Microsoft.AnalysisServices.AdomdClient.

There is an entry for SqlClient -"SqlClientPermission"
Description="System.Data.SqlClient.SqlClientPermis sion ..."

Do I have to make any entry in this file (if so, what entry) or some
configuration somewhere else?

I have also specified the web service path to be excluded in the
Sharepoint Central Administration.

Regards

Vani