In a shared hosting environment ASP.NET has been restricted for security reasons. These restrictions are based on the .NET feature Code Access Security (CAS). In dedicated hosting (e.g. 1&1 Server Windows) these restrictions are not necessary, as ASP.NET Code can work FullTrust.
CAS will grant ASP.NET only access to the following critical resources that hold particular CAS permissions:
If ASP.NET code tries to access restricted resources or to use restricted functions that required more than the given permissions, an exception will be raised. To receive a detailed error message, set the option "CustomErrors" to value "off" in file "web.config".
CAS error messages will be raised as "SecurityException: The application attempted to perform an operation not allowed by the security policy." The item "Exception Details" will refer to the missing permission: "Request for the permission of type XYZ failed".
"Stack Trace" indicates which part of the code caused the exception. Use .NET Framework Documentation to check which CAS Permission the respective code will require. There are alternatives like using a relative path within application directory instead of an absolute path.
The .NET Framework that will only work in a FullTrust environment, an environment that has no restrictions with CAS permissions. This function is not used in a protected environment.
The following functionality will not be available in a protected environment:
With "System.Security.SecurityException: Security error", the item "Exception Details" will wrongly indicate that debugging should be activated.
To access SQL Server, use the specialised classes from System.Data.SqlClient. To use a component that carries a strong name, you can apply the attribute "AllowPartiallyTrustedCallers" or remove the strong name before compiling your own version.
Use the .NET Framework tool "secutil.exe" to determine if an Assembly carries a StrongName: secutil -s [Assembly.dll]
If an Assembly is marked with declarative Security Attributes, you can express the special CAS permissions with the .NET Framework tool "permview.exe": permview /decl [Assembly.dll]
If the stated permissions cannot be granted, the respective Assembly will not be loaded. The resulting error message misleadingly points to the global configuration file "machine.config".
The real cause is the declarative Security Attributes. The removal of those attributes followed by recompiling normally will not help. The functionality inside the component must be changed to work without the critical permissions.