Please help how can i mutiple security policies in my web project. currently if i enable this below all my rdlc reports switly but if i use trust level full security my rdlc report can take an hour to open please help
<trust legacyCasModel="true" level="Full"/>
How to use multple security polcies, within the same web project
If user will invokes an invent which will result into generation of rdlc report, then e need to apply
security policy
<trust legacyCasModel="true" level="Full"/>
otherwise for normal operations, use security policy
<trust level="Full" />
both to be set in web.config file
Is this possible? how dow we implement it?
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<!-- <add name="WAMATOVUMUSLIMConnectionString" connectionString="Data Source=SMIS;Initial Catalog=SMIS;Integrated Security=True" providerName="System.Data.SqlClient"/>
-->
<add name="WAMATOVUMUSLIMConnectionString" connectionString="Data Source=(local);Initial Catalog=WAMATOVUMUSLIM;Persist Security Info=True; User Id=sa;Password=kcc" providerName="System.Data.SqlClient" />
<add name="Excel03ConString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0};
 Extended Properties='Excel 8.0;HDR={1}'" />
<add name="Excel07ConString" connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source={0};
 Extended Properties='Excel 8.0;HDR={1}'" />
</connectionStrings>
<system.web>
<httpHandlers>
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" validate="false" />
</httpHandlers>
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" />
<add assembly="Microsoft.ReportViewer.Common, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</buildProviders>
</compilation>
<httpRuntime targetFramework="4.5" executionTimeout="500000" />
<identity impersonate="true" />
<!--
<authentication mode="Windows"/>
-->
<!-- FROM HERE******************************************* -->
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="WAMATOVUMUSLIMConnectionString" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" applicationName="WAMATOVUMUSLIM"/>
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="WAMATOVUMUSLIMConnectionString" applicationName="WAMATOVUMUSLIM" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<!-- TO ********************* HERE ****************** -->
<!-- NKABIRWA08-05-18 , now blocked on 21/10/22 -->
<!-- For report printing -->
<!-- <trust legacyCasModel="true" level="Full"/> -->
<!-- For normal processing -->
<trust level="Full" />
<!-- NKABIRWA 21/10/2022 to allow systems to run on smisafrica -->
<!--
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
-->
</system.web>
<location path="SimplefeesV2.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Accountsmenu.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="academicsmenu.aspx">
<system.web>
<authorization>
<allow roles="ACADEMICS,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="EntermarksV2.aspx">
<system.web>
<authorization>
<allow roles="ACADEMICS,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="ADMIN,ADMIN ACADEMICS" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="admintasks.aspx">
<system.web>
<authorization>
<allow roles="ADMIN,ADMIN ACADEMICS" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="deletetrans.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS SUPERVISER" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="deletetransactionrange.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS SUPERVISER" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="timedposting.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS SUPERVISER" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="executiveposting.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS SUPERVISER" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="endoftermclosing.aspx">
<system.web>
<authorization>
<allow roles="ACCOUNTS SUPERVISER" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="PRSMenu.aspx">
<system.web>
<authorization>
<allow roles="ADMIN,PAYROLL" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Procurement.aspx">
<system.web>
<authorization>
<allow roles="PROCUREMENT,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="feesbankedV3.aspx">
<system.web>
<authorization>
<allow roles="INCOME,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="CashfeesV3.aspx">
<system.web>
<authorization>
<allow roles="INCOME,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="VoucherdatesV2.aspx">
<system.web>
<authorization>
<allow roles="EXPENDITURE,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="PaymentvoucherfileV2.aspx">
<system.web>
<authorization>
<allow roles="EXPENDITURE,ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<globalization uiCulture="en-GB" culture="en-GB" enableClientBasedCulture="false" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</handlers>
<defaultDocument>
<files>
<add value="introduction.aspx" />
</files>
</defaultDocument>
</system.webServer>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
<add key="C:\WAMATOVUMUSLIM" value="Files/" />
</appSettings>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="Service">
<endpoint address="" behaviorConfiguration="ServiceAspNetAjaxBehavior" binding="webHttpBinding" contract="Service" />
</service>
</services>
</system.serviceModel>
</configuration>