Security Exception: Request failed

This page presents a security problem.

Not yet identified the cause of the error. This page was listing all the files in a folder, it worked perfectly. Now she is listing these same files, but using ajax.

The code is simple: I have a PartialView, which is a WebGrid that lists the files in this folder:

PartialView "_files.cshtml"

@model string[]
@{
    var folderName = Request["FolderName"];

    var columns = new List<WebGridColumn>
                            {
                                { ... }
                            };

    if (Request.IsAuthenticated)
    {
        columns.Add( { ... } );
    }

    var grid = new WebGrid(
        source: Model,
        ajaxUpdateContainerId: folderName + "-grid",
        rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
    headerStyle: "grid-header"
)

The request is made by this javascript funciton:

Index.cshtml

<script type="text/javascript">
    $(window).load(function () {
        loadFiles("Documentos");
  开发者_C百科  });

    function loadFiles(folderName) {
        $.ajax(
                { type: "GET",
                    url: '/Downloads/Files?folderName=' + folderName,
                    success: function (data) {
                        $("#" + folderName + "-grid").html(data);
                    }
                })
    }
</script>

<div id="Documentos-grid"></div>

In the Controller, I call PartialView:

public string[] GetFiles(string folderName)
{
    var locations = Server.MapPath("~/App_Data/Downloads/");
    return Directory.GetFiles(Path.Combine(locations, folderName));
}

public ActionResult Files(string folderName)
{
    return PartialView("_files", GetFiles(folderName));
}

The files are sent to the folder:

/App_Data/Downloads/

Following this article, I put a web.config in the Downloads folder, but the error remains.

Web.Config

<?xml version="1.0"?>
<configuration>
  <location allowOverride="true">
    <system.web>
      <securityPolicy>
        <trustLevel name="Full" policyFile="internal" />
        <trustLevel name="High" policyFile="web_hightrust.config" />
        <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
        <trustLevel name="Low" policyFile="web_lowtrust.config" />
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
      </securityPolicy>
      <trust level="Medium" originUrl="" />
    </system.web>
  </location>
</configuration>

Controller

The error happens at line 3 of the method: GetBoletins

private DataContext db = new DataContext();

public IList<Boletim> GetBoletins()
{
    return (from boletim in db.BoletinsSemanais
            where boletim.Year == DateTime.Now.Year
            orderby boletim.Year, boletim.Week, boletim.Name
            select boletim).Take(5).ToList();
}

Another Assembly

DataContext is a class that is in another assembly.

public class DataContext : DbContext
{
    public DbSet<Boletim> BoletinsSemanais { get; set; }

    public DataContext()
        : base("name=DefaultConnection")
    {

    }

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
        base.OnModelCreating(modelBuilder);
    }
}