tags:

views:

910

answers:

3
Q: 

Running ASP.Net websites in Medium Trust environments

Hi,

Disclaimer: I have limited ASP.Net skills

I have a couple of websites which I am transferring from my current hosting onto the Mosso hosting service. When I tried transferring one of the websites, I got the error "System.Security.SecurityException: That assembly does not allow partially trusted callers.", which appears to have to do with the fact that Mosso runs on Medium Trust for ASP.Net apps, and the code in the website appears to require full-trust.

Unfortunately, I don't have access to the full source code for the app, and the original developer is not available. Is there any easy workaround to porting these websites? I tried adding in web.config but that didn't work.

I don't think asking Mosso to adjust the security level is an option, because they had refused when I asked them.

Does anybody have any ideas?

A: 

Sorry to say but unless they allow you to set the trust level, you could have big issues. You could have a look here. Professional ASP.NET 2.0 Security, Membership, and Role Management

Almost exactly the same thing happened to me, except the my hosting company changed their trust policy after I a number of websites running on their servers for a couple of years. In the end I had to give up and move to DiscountASP as they overrode <trust level="Full" /> in my congfig file.

Here was my original question. ASP.NET WebPermission Security Exception

Good luck

Skittles  2009-04-28 06:12:35
Thanks for your reply Skittles. I don't think they'll allow me to set the trust level, as they are a cloud hosting company. I can understand why they'd want to run the website on Medium trust...I also tried changing web.config and changing the trust level to full, but they've locked down that as well. I will probably need to either change the hosting provider, or see if I can get the code edited...
 2009-04-28 06:19:12
+1  A: 

Is your assembly strong named? Does it call strong named assemblies?

You should apply the 'AllowPartiallyTrustedCallers` attribute to the Assembly. More information about this attribute is available here.

From the docs:

By default, a strong-named assembly that does not explicitly apply this attribute at assembly level to allow its use by partially trusted code can be called only by other assemblies that are granted full trust by security policy. This restriction is enforced by placing a LinkDemand for FullTrust on every public or protected method on every publicly accessible class in the assembly. Assemblies that are intended to be called by partially trusted code can declare their intent through the use of the AllowPartiallyTrustedCallersAttribute.

See this MSDN article for more information.

Edit:

Some information that confirms my suspicions that the APTCA attribute is a possible solution to the problem:

https://support.isqsolutions.com/article.aspx?id=10334
http://bloggingabout.net/blogs/rick/archive/2006/04/07/11929.aspx

Cerebrus  2009-04-28 06:18:59
Looks promising Cerebrus. The only worry that I would have is that Don said he has not got access to all the source code and had limited ASP.NET experience. Good links though, thanks..
Skittles  2009-04-28 06:26:50
Hi Cerebrus, Thanks for the answer. Yes, Skittles is correct - I don't have access to all the source code. However, I tried creating a file called AssemblyInfo.cs which only had one line: [assembly:AllowPartiallyTrustedCallers]Will this work? Is there another way of applying this attribute to all the assemblies of the website (forgive me if this is a stupid question!)?
 2009-04-28 06:34:14
If you do not have access to the source code, it does create a problem. And yes, the APTC attribute is applied at the assembly level. That's correct.
Cerebrus  2009-04-28 07:04:57
Cerebrus, can you confirm if adding this attribute to Assemblyinfo.cs the way I've done is the way to go? It doesn't seem to have any effect - still getting the error. Oh, btw, my assemblyinfo.cs now looks like this:using System.Security;[assembly:AllowPartiallyTrustedCallers]
 2009-04-28 07:29:47
A: 

I know this is old, but I thought I'd add something to it that might help. Mosso's change to Medium trust caused us some issues as well.

We use BlogEngine.NET and access MySQL for its backend. We had the MySQL dll in our bin directory and that was causing issues with medium trust. Once Mosso added a MySQL dll to the GAC, we were able to use it successfully.

Obviously, I don't know your particular details and what you are trying to do, but if it is related to MySQL, let me know.

Micky McQuade  2009-06-15 22:11:10

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps