Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > database error on host with medium trust level

Reply
Thread Tools

database error on host with medium trust level

 
 
Shukri
Guest
Posts: n/a
 
      11-18-2005
I recently got web hosting for my asp.net applications. The hosting firm runs
with medium trust level - that cannot be changed.

All my low-level database accessing code is compiled into a DLL which I link
to from my asp.net application. The database connection etc is managed in
this dll. When I try to use that dll, I get the following exception :

################################################## ##

Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Security error.]
SharpGate.GateKeeperCollection.get_Item(Int32 index) +0
SharpGateWebUI.AccessPanel.OnInit(EventArgs e) +44
System.Web.UI.Control.InitRecursive(Control namingContainer) +241
System.Web.UI.Control.InitRecursive(Control namingContainer) +179
System.Web.UI.Control.InitRecursive(Control namingContainer) +179
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87

################################################## ##

I know the code itself works fine, because if I copy the DLL's database
accessing code into an aspx page and compile it there, it works without any
hassles. Clearly the medium trust level on the server doesnt permit DB access
from a linked assembly. How can I fix this, so I can still work under medium
trust, and keep my db-accessing routines in a seperate dll ? I've tried
making the dll strongly-named, and then adding it to my web.config with :

<compilation defaultLanguage="c#" debug="true">
<assemblies>
<add assembly="MyDBAccessDLL, Version=1.0.2140.32652, Culture=neutral,
PublicKeyToken=5e0f6c2c46c69d83"/>
</assemblies>
</compilation>

but that didnt help. The hosting company are being extremely unhelpful.
Their attitude is "we're medium trust, here's a link explaining what medium
trust is, ticket closed". I find it extremely hard to believe there's no
solution to this, or that Microsoft would have designed security in the .Net
framework so assemblies cannot be given the necessary permission to perform
these kinds of operation when used in a medium trust environment. I'm really
at my wit's end here, so any help would be greatly appreciated.

Shukri
 
Reply With Quote
 
 
 
 
Nicole Calinoiu
Guest
Posts: n/a
 
      11-20-2005
Under a properly locked down CAS policy, there should be nothing your
application can do to elevate its own permissions. However, the default
medium trust configuration does allow SqlClientPermission so, assuming
you're using the System.Data.SqlClient types to access your database, you
probably shouldn't be having this problem. Unfortunately, it's a little
hard to tell what your original problem may have been since it looks like
the exception whose details you posted is due to an attempt to call into
your strongly named assembly from your partially trusted web application
code. What exception do you get if you remove the strong name signature
from the DLL?



"Shukri" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I recently got web hosting for my asp.net applications. The hosting firm
>runs
> with medium trust level - that cannot be changed.
>
> All my low-level database accessing code is compiled into a DLL which I
> link
> to from my asp.net application. The database connection etc is managed in
> this dll. When I try to use that dll, I get the following exception :
>
> ################################################## ##
>
> Description: The application attempted to perform an operation not allowed
> by the security policy. To grant this application the required permission
> please contact your system administrator or change the application's trust
> level in the configuration file.
>
> Exception Details: System.Security.SecurityException: Security error.
>
> Source Error:
>
> An unhandled exception was generated during the execution of the current
> web
> request. Information regarding the origin and location of the exception
> can
> be identified using the exception stack trace below.
>
> Stack Trace:
>
> [SecurityException: Security error.]
> SharpGate.GateKeeperCollection.get_Item(Int32 index) +0
> SharpGateWebUI.AccessPanel.OnInit(EventArgs e) +44
> System.Web.UI.Control.InitRecursive(Control namingContainer) +241
> System.Web.UI.Control.InitRecursive(Control namingContainer) +179
> System.Web.UI.Control.InitRecursive(Control namingContainer) +179
> System.Web.UI.Page.ProcessRequestMain() +2112
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>
> System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
> +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously) +87
>
> ################################################## ##
>
> I know the code itself works fine, because if I copy the DLL's database
> accessing code into an aspx page and compile it there, it works without
> any
> hassles. Clearly the medium trust level on the server doesnt permit DB
> access
> from a linked assembly. How can I fix this, so I can still work under
> medium
> trust, and keep my db-accessing routines in a seperate dll ? I've tried
> making the dll strongly-named, and then adding it to my web.config with :
>
> <compilation defaultLanguage="c#" debug="true">
> <assemblies>
> <add assembly="MyDBAccessDLL, Version=1.0.2140.32652, Culture=neutral,
> PublicKeyToken=5e0f6c2c46c69d83"/>
> </assemblies>
> </compilation>
>
> but that didnt help. The hosting company are being extremely unhelpful.
> Their attitude is "we're medium trust, here's a link explaining what
> medium
> trust is, ticket closed". I find it extremely hard to believe there's no
> solution to this, or that Microsoft would have designed security in the
> .Net
> framework so assemblies cannot be given the necessary permission to
> perform
> these kinds of operation when used in a medium trust environment. I'm
> really
> at my wit's end here, so any help would be greatly appreciated.
>
> Shukri



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Marshal.Copy (in medium trust level environment) Steven Voordijk ASP .Net 3 01-19-2008 06:52 PM
ASP.NET 1.1 app breaks when moved to shared webhosting with medium trust level Andy ASP .Net 1 12-21-2006 05:40 PM
Full trust and medium trust in .net and websites Linda ASP .Net Security 1 08-31-2006 05:16 AM
Hosting, ASP.NET, medium trust level, metafile - Problem!!! Mr.Cyber ASP .Net Security 3 12-16-2005 12:39 PM
Medium Level Trust and Reflection Paul Hatcher ASP .Net 0 02-25-2005 02:12 PM



Advertisments