I was trying to set up a virtual directory on my SharePoint 2010 server to run a custom ASP.NET 2.0 application that was created earlier and I kept getting the following Security Exception error:
Server Error in ‘/MyApp Application.
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission, mscorlib, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission, mscorlib, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.]
System.Threading.Thread.set_CurrentCulture(CultureInfo value) +38
MyApp.Global.Application_BeginRequest(Object sender, EventArgs e) in C:ProjectsMyAppMyAppGlobal.asax.cs:54
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
I did a little bit of research and the error seemed to indicate that the custom ASP.NET 2.0 application needed session state to run and this wasn’t enabled in my SharePoint 2010 web application/virtual directory by default.
The temporary fix was that in my SharePoint 2010 web application web.config (but this enables session state for the entire web app which is what I don’t want!):
1) EnableSessionState=”true” in <pages
2) Comment out the <!–remove name=”Session” /—> under <modules runAllManagedModulesForAllRequests=”true”>
3) Set the trust to medium or full , need this for any access to databases
**Update**: I finally got a response on the support forums  for how to fix this for the virtual directory itself:
Add the SessionStateModule to your web.config:
<add name = "Session " type = "System.Web.SessionState.SessionStateModule " />
THEN, you must go into your web application and add the same session state module to the IIS7 managed pipeline.
- Open IIS 7 manager, and find your web application.
- Double click “Modules” in the IIS section.
- Click “Add Managed Module…” on the right hand pane.
- In the Add Managed Module dialog, enter “SessionState” or something like that for the name, and choose the following item from the dropdown:
- System.Web.SessionState.SessionStateModule, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a