What are the most common, typical things to AVOID coding into my ASP.NET app in order for it to run under Medium Trust on a shared host?

Question

What are the things that Medium Trust stops you from doing? For example, I've already learned that Medium Trust stops you from using System.IO.Path.GetTempPath(). What other things like that?

Answer 1

Who can be sure? That's why you should develop with a trust level of medium set in your web.config.

 <trust level="Full|High|Medium|Low|Minimal" />

Answer 2

Most shared hosts don't use a true medium trust environment because it restricts some things that are just too vital. Others restrict some extra settings for their own anal reasons.

The best thing you can do is ask your host what settings they use for ASPNET. Ask for the specs of the trust level they're using. Find out the memory limits. Once you've got those details you should be able to replicate the scenario at a local level.

If they won't tell you, just set your app to run in medium trust but it (obviously) won't necessarily work if they're using a modified trust level.

Here is some information on setting trust levels in IIS.

In general the only issue I've run into is: If you're pushing assemblies, make sure you allow partially trusted requests (it's an Assembly meta-tag) otherwise you won't be able to use them.

Here's an extract of GoDaddy's Medium Trust information page:

Applications operating under a Medium trust level have no registry access, no access to the Windows event log, and cannot use ReflectionPermission (but can use Reflection). Such applications can communicate only with a defined range of network addresses and file system access is limited to the application's virtual directory hierarchy.

Using a Medium trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound http and https traffic.

That might not map exactly to what you'll have to work around with your host (unless you're with GoDaddy) but it's a typical example.

Answer 3

Make sure any third party libraries/frameworks (Castle comes to mind) are build (or can be built) in medium trust.

Answer 4

Here's how to learn about and resolve trust issues.

1) Search your Windows\Microsoft.NET\Framework[YOUR VERSION]\CONFIG folders for the files:

• web.config (this is the root config file)
• web_mediumtrust.config
• web_hightrust.config

2) Change the web.config to say

<trust level="Medium" originUrl="" />

3) Try your ASP.NET app. Mine failed with a permission error.

4) Diff the web_mediumtrust.config and web_hightrust.config in a diff tool, like WinMerge.

5) Copy settings from the high to the medium one at a time and see how they affect your app. In my case, the error message referred to ConfigurationPermission, so it was easy to diagnose.

If you can pin down the precise lines in the web_mediumtrust.config file that are blocking you, then maybe you can share that with your hosting company and have a better chance of working things out.

More documentation here:
http://msdn.microsoft.com/en-us/library/aa302425.aspx

@Oli, my app IS hosted at GoDaddy and I had to do some workarounds in code when I started using Lucene.NET. I had to modify the Lucene.NET source code to not use GetTempPath and System.IO.FileInfo.

Answer 5

The system.runtime.serialization library is completely unavailable in medium trust.

I coded around this for json serialization/deserialization and found out the hard way. It took a week to get an associate to confirm that medium trust restrictions were to blame. I ended up switching hosting companies as a result.

Answer 6

In medium trust, at least at my host, P/INVOKE calls are unavailable, ie using [DLLImport] to call a COM component is not going to work.

-Edoode