Thank you for the time you spend to my problem.
I found that the permission in my web.config is in deed set to full trust - so this pointing more to the property value 'IsAdmin' you detected. Since this seems to be part of the Westwind.Ajax.Toolkit.dll my question is obviously if you plan to modify this library?

Aloha, Peter

I was intending for:

<trust level="Full" />

in web.config to ensure that the control's properties can be accessed with reflection. But that actually works as long as you're talking to the page and you have a this reference to it in which case protected reflection works.

But it turns out there's a bug in the code. Specifically for some reason I can't quite figure out, there's a hardcoded value of "IsAdmin" instead of the actually property value used in ScriptVariables.RenderClientScript:

// *** It's a dynamic key
string[] tokens = entry.Key.Split(new char[1] { '.' }, StringSplitOptions.RemoveEmptyEntries);
string varName = tokens[0];
string property = tokens[1];

object propertyValue = null;
if (entry.Value != null)
    propertyValue = ReflectionUtils.GetPropertyEx(entry.Value, "IsAdmin");

It should be:

// *** It's a dynamic key
string[] tokens = entry.Key.Split(new char[1] { '.' }, StringSplitOptions.RemoveEmptyEntries);
string varName = tokens[0];
string property = tokens[1];

object propertyValue = null;
if (entry.Value != null)
    propertyValue = ReflectionUtils.GetPropertyEx(entry.Value, property);

Not sure how this happened (looks like some sort of accidental replace occurred).

This should fix the problem.

+++ Rick ---