I just installed VS 2012 RTM which also installs the in-place upgrade of .Net framework v 4.0 to v 4.5.  All of my DNN module development sites (DNN v 5.6.7, v 6.1.5 and v 6.2.2) running on IIS 7.5 that are associated with ASP.Net 4.0 application pools (integrated pipeline) now throw the following unhandled server error:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   Telerik.Web.UI.RadUploadHttpModule.CaptureWorkerRequest(Object sender, EventArgs e) +0
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

If I change the Trust Level set in web.config from "Medium" to "Full" the error does not occur and each site appears to fuction as it did prior to the .Net 4.5 upgrade.

I've done extensive Google searches and checked the Telerik forums but have found no other mention of this requirement of elevating trust level for the Telerik RadUploadHttpModule following upgrade to ASP.Net 4.5.

Has anyone else run across this issue?

So far all I can tell is that it seems to be something in ASP .NET 4.5 pipeline is throwing an exception whenever instantiating an object that inherits from HttpWorkerRequest. In the stacktrace you'll see the reference to Telerik.Web.UI.RadUploadHttpModule.CaptureWorkerRequest. This creates their "ProgressWorkerRequest" which inherits from System.Web.HttpWorkerRequest. Simply creating the object seems to trigger the exception, but still not sure why.

I was able to recreate the behavior via a simple implementation of IHttpModule and then in a simple ASP .NET web forms app. You can create your own type that inherits from HttpWorkerRequest have it implement the abstract class, then in your app simply create that type and you'll get the SecurityException. I also validated that this behavior does ~not~ occur pre-4.5.

-Mike

Thanks, Mike, for your work in investigating this and reproducing the same error.

I just upgraded my DNN v 6.2.2 module development install to DNN v 6.2.3 which also updates Telerik.Web.UI.dll to v 2012.2.724.35. After changing the trust level from "Full" back to "Medium" in web.config the same security exception re-occurs. So, the Telerik.Web.UI assembly upgrade is of no help.

And, there's still no mention of this issue in the Telerik forums.