Submit a ticketCall us

WebinarVisual Monitoring Tactics: Getting More Log Search Value from SolarWinds Log & Event Manager with nDepth Webcast

Do things seem to make more sense when they are visualized? Are you an IT professional or security expert with a wish for more cybersecurity tools that provide an intuitive visual experience? Join Alexis Horn and Jamie Hynds from SolarWinds as they demonstrate how the nDepth feature in LEM can help make visualizing log search results a reality.

Register now.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > The production website must configure the Global .NET Trust Level.

The production website must configure the Global .NET Trust Level.

Table of contents
Created by William.Jackson, last modified by Gerald.Prado on Jun 06, 2018

Views: 288 Votes: 2 Revisions: 7

Updated June 6th, 2018

Overview

A customer is concerned if they can set the Global .NET Trust level to medium instead of high. The reason a customer would make this change is for compliance with STIG Vulnerability V-26034 (for IIS 7.0) or V-76805 (IIS 8.5). Both call for changing the IIS .NET Trust rules from Full to Medium. Changing this from Full to any other level breaks the Web Console.

Environment

  • All versions of Orion; IIS 7.0 & 8.5 only

Detail

 

An application's trust level determines the permissions granted by the ASP.NET Code Access Security (CAS) policy. An application with full trust permissions may access all resource types on a server and perform privileged operations, while applications running with partial trust have varying levels of operating permissions and access to resources. The CAS determines the permissions granted to the application on the server.

For Orion however, full security level is necessary. If this is changed to something lower than full, then errors such as this example may occur:

 

'UnauthorizedAccessLocalizedException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overridden.

 

Or this page may be seen as well, with no access to the Web Console in any form. This was after changing from Full to High.
 
NET Trust setting Full to High3.jpg

Suggested Tags:  

 

Reason for Rework or Feedback from Technical Content Review:

Edited "For Orion however, high security level is necessary. If this is changed to something lower than high, then errors such as this example may occur:"

so it now reads "For Orion however, full security level is necessary. If this is changed to something lower than full, then errors such as this example may occur:"

 

This was changed in direct correlation to my finds when testing in my VM labs. Also added screenshot of error page

 

 

Last modified

Tags

Classifications

Public