"Assembly <AssemblyName> Security Permission Grant Set Is Incompatible Between App Domains" Error Message Occurs with Strong-Named Assemblies (822526)


The information in this article applies to:

  • Microsoft Windows SharePoint Services
  • Microsoft Office SharePoint Portal Server 2003

SYMPTOMS

If you have a strong-named assembly (for example an ASP.NET Web Part) that is used by your Microsoft Windows SharePoint Services (WSS) or Microsoft SharePoint Portal Server (SPS) site, you may receive the following error message after you change the trust level in the Web.config file:
Assembly AssemblyName security permission grant set is incompatible between app domains

CAUSE

In ASP.NET programs, strong-named assemblies are loaded in a neutral domain. These assemblies are not unloaded until the process is stopped. Therefore, if the security policy for a strong-named assembly is altered, the common language runtime will cause an error message to appear when it detects that differing grant sets have been applied to the same assembly. This behavior typically occurs in scenarios where the trust level for a strongly-named assembly has been changed. For example, this behavior may occur if you set the trust level in the site's Web.config file to Full without using the IISRESET command. By default, the trust level in the site's Web.config file is set to WSS_Minimal.

RESOLUTION

To resolve this behavior in Windows SharePoint Services (WSS) or SharePoint Portal Server (SPS) programs do one of the following:
  • Type iisreset at the command prompt, and then press ENTER.

    -or-
  • Manually recycle the site's associated application pool in the Internet Services Manager for IIS. To do this, in IIS Manager, expand the local computer, expand Application Pools, right-click the application pool, and then click Recycle.
Note This article describes scenarios that are related to Windows SharePoint Services and SharePoint Portal Server but the core issue revolves around how strong-named assemblies are loaded in a neutral AppDomain in ASP.NET. For more information, see the "References" section of this article.

STATUS

This behavior is by design.

REFERENCES

For more information about trust levels and Code Access Security (CAS) in Windows SharePoint Services, and strong-named assemblies in ASP.NET Web programs, visit the following Microsoft Web sites:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnspts/html/sharepoint_northwindwebparts.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnspts/html/sharepoint_wsscodeaccesssecurity.asp

For additional information about this topic, click the following article numbers to view the articles in the Microsoft Knowledge Base:

302340 How To: Create an Assembly with a Strong Name in .NET Framework SDK

815808 How To: Install an Assembly into the Global Assembly Cache in Visual C# .NET

813833 PRB: "Access Denied" Error Messages When You Do Not Put Strong-Named Assemblies in the Global Assembly Cache

MORE INFORMATION

For additional information about how to use the IISRESET command, click the following article number to view the article in the Microsoft Knowledge Base:

202013 Internet Information Services 5.0 Command-Line Syntax for Iisreset.exe

Modification Type:MinorLast Reviewed:7/27/2006
Keywords:kbinfo KB822526 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.