Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Issue:
Client app: Console Application running with Partial Trust
Functionality broken: Add Service Reference for SSL hosted web service
Error:
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed"
Important condition:
Affected box has the following KB installed: KB 2938782
Comparison with working box:
In the “Working” trace, we found that the SchUseStrongCrypto is set to 0, however for the failing trace it is set to 1
SchUseStrongCrypto:
https://blogs.msdn.com/b/tdevere/archive/2014/11/11/ssl-handshake-clienthello-receives-encrypted-alert.aspx
SchUseStrongCrypto
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
Instructs Schannel to disable known weak cryptographic algorithms, ciphersuites, and SSL/TLS protocol versions that may be otherwise enabled for better interoperability.
STACK TRACE captured from failure IDNA:
0:000> kc
Call Site
kernelbase!RaiseException
clr!RaiseTheExceptionInternalOnly
clr!IL_Throw
mscorlib_ni!System.Security.CodeAccessSecurityEngine.ThrowSecurityException(System.Reflection.RuntimeAssembly, System.Security.PermissionSet, System.Security.PermissionSet, System.RuntimeMethodHandleInternal, System.Security.Permissions.SecurityAction, System.Object, System.Security.IPermission) mscorlib_ni!System.Security.CodeAccessSecurityEngine.CheckHelper(System.Security.PermissionSet, System.Security.PermissionSet, System.Security.CodeAccessPermission, System.Security.PermissionToken, System.RuntimeMethodHandleInternal, System.Object, System.Security.Permissions.SecurityAction, Boolean) clr!CallDescrWorkerInternal clr!CallDescrWorkerWithHandler clr!DispatchCallDebuggerWrapper clr!DispatchCallSimple clr!SecurityStackWalk::CheckPermissionAgainstGrants
clr!DemandStackWalk::CheckGrant
clr!DemandStackWalk::WalkFrame
clr!Thread::StackWalkFrames
clr!DemandStackWalk::DoStackWalk
clr!SecurityStackWalk::Check_StackWalk
clr!SecurityStackWalk::Check_PLS_SW
clr!SecurityStackWalk::SpecialDemand
clr!SecurityDeclarative::DoDeclarativeActions
clr!DoDeclarativeActionsForPInvoke
clr!StubHelpers::DemandPermission
system_configuration!DomainBoundILStubClass.IL_STUB_PInvoke()
system!System.Net.RegistryConfiguration.GetAppConfigValueName()
system!System.Net.RegistryConfiguration.AppConfigReadString(System.String, System.String)
system!System.Net.ServicePointManager.EnsureStrongCryptoSettingsInitialized()
system!System.Net.TlsStream.ProcessAuthentication(System.Net.LazyAsyncResult)
Workaround:
- Setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto to 0.
- Migrate to .Net Framework 4.6.
- If above two version not possible, request for hot fix from MS, refer following internal hot fix number: 3064715
Hope this help !