Thanks Graham,
Yes, I know that for publish web host, there should have the most
restricted permissions for the cilents. However, for those default provider
settings I think you can leave them there since it just use the SQLExpress
database. And since we can override the "defaultProvider" for those
services in each concrete application's web.config, that should also be the
clients' task to make the configuration for their application.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Graham" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
<iX#
[email protected]>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Wed, 9 Nov 2005 09:49:53 +1300
| Lines: 289
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:137067
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Steven
| I can see why those defaults are there, but in our case we run a shared
| hosting server and making clients change (or letting them access) the
| default settings/providers from their own apps is not something our
hosting
| admin would be happy with (we all know that clients are stupid and
| reckless).
| Thank you for your quick reply.
| Graham
|
| | > Thanks for your response Graham,
| >
| > As for the new problem regarding on the default Membership or other
| > ASP.NET
| > 2.0 service providers in machine.config/global Web.config file, they're
| > all
| > necessary for the default ASP.NET 2.0 setting. By default, all the
| > services
| > use the localSqlServer connection string which point to a SQLExpress
file.
| > And those providers configured at machine level are all the default
| > providers and will be inherited in our ASP.NET 2.0 applications. So at
| > runtime, our concrete application's provider collection will also
contains
| > it due to the hierarchy configuration inheritance. So when we want
| > replace the default one with our custom provider, we can always use the
| > following configuration in our web application's web.config file:
| >
| > eg:
| >
| > =====================
| > <system.web>
| >
| > <membership>
| > <providers>
| > <remove name="AspNetSqlMembershipProvider" />
| >
| > <add name="our custom provider"
| > type="custom t ype , assemly"
| > connectionStringName="xxx"
| > ................
| > />
| >
| > </providers>
| > </membership>
| >
| > .................
| > =========================
| >
| > Also, we can specify our custom provider as the default one. So in
ASP.NET
| > 2.0 all the inheritable configuration in super config file will be added
| > into sub application's configuration collection, we can flexibly remove
or
| > replace them at application level (not necessary modify the
| > machine.config.. or global web.config...)
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure!
www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| > --------------------
| > | From: "Graham" <
[email protected]>
| > | References: <
[email protected]>
| > <
[email protected]>
| > | Subject: Re: Custom MembershipProvider and required trust levels
| > | Date: Tue, 8 Nov 2005 10:05:27 +1300
| > | Lines: 165
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <
[email protected]>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136735
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | That did the trick thanks.
| > | When I ran the permcalc tool, I noticed that the type didnt show up in
| > the
| > | xml output, so I had aplay with the AllowPartiallyTrustedCaller
setting
| > and
| > | then it decided to show up?? Im not sure why it wasnt before. But it
| > does
| > | now. It all seems to work fine.
| > | Another thing I noticed is that you cant have a page in your website
| > called
| > | Login.aspx because it will error when you have published it (only
after
| > you
| > | have published it) and say it cant cast it to be a
| > | System.Web.UI.WebControl.Login. Strange.
| > | Once I had sorted those issues out (i renamed the login page) and got
it
| > | uploaded to the server. I got another error with the default
providers
| > in
| > | the machine.config requiring a "localsqlserver" connectionstring in my
| > | web.config. This is totally not cool, why would a MembershipProvider
| > that
| > is
| > | not being used whatsoever throw an error?
| > | To fix this I went through the machine.config and removed all the
| > default
| > | providers and connectionstrings.
| > |
| > | While I am a big fan of some of the new things included in .Net 2.0,
| > some
| > it
| > | seems to just increase development more that the good things decrease
| > it.
| > | Thanks for your continued support
| > | Graham
| > |
| > | | > | > Hi Graham,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > From your description, you've developed a custom ASP.NET 2.0
| > Membership
| > | > provider , it works well in "Full" trustlevel application , but
fail
| > to
| > | > work in non-Full trustlevel host enviornment, yes?
| > | >
| > | > Based on my experience, such problem could be caused by two things:
| > | >
| > | > 1. There're some reference assemblies which does not allow Partial
| > Trusted
| > | > caller
| > | >
| > | > 2. There 're some classes in certain referenced assembly which
| > explicitly
| > | > demain certain permission which only available in Full trust level.
| > | >
| > | > For the #1, we can try apply the following Attribute on our custom
| > | > membership provider 's assembly:
| > | >
| > | > AllowPartiallyTrustedCallersAttribute
| > | >
| > | > this will allow partial trusted caller to load our assembly.
| > | >
| > | > If the above not work, there may contains some class which demand
some
| > | > certain permission which is only available in "Full" trust level.
As
| > you
| > | > mentioned that you only have data accessing code (connect to
| > | > sqlserver...),
| > | > are you using the SqlClient or OleDb component? For OleDb
Components
| > it
| > | > require Full Trust level. If you can not figure out the actual
class
| > and
| > | > permission demand that cause the problem, we have to sandbox our
| > assembly
| > | > so as to make it granted FullTrust permission. One approach is to
| > | > strong-named it and put into GAC, all the assemblies in GAC has full
| > trust
| > | > permssionset. You can refer to the following MSDN article on
ASP.NET
| > code
| > | > access:
| > | >
| > | >
| >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html
| > | > /secmod82.asp
| > | >
| > | > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
| > minmal
| > | > required permission set for a given assembly( just like the
| > permview.exe
| > | > in
| > | > net 1.x). You can also use it to have a look at your custom
assembly's
| > | > permission sets.
| > | >
| > | > Hope helps. Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure!
www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | From: "Graham" <
[email protected]>
| > | > | Subject: Custom MembershipProvider and required trust levels
| > | > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | > | Lines: 49
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | > | Message-ID: <
[email protected]>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
| > 222.153.144.207
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet:136471
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > | > |
| > | > | I have created a custom MembershipProvider called
| > | > "LassieMembershipProvider"
| > | > | that derives from "MembershipProvider". This providor is located
in
| > a
| > | > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic".
In
| > one
| > | > of
| > | > | my frontend websites I use this type to authenticate a user who is
| > | > trying
| > | > to
| > | > | login.
| > | > | The following excerpt is from the web.config of the particular
site
| > | > showing
| > | > | the reference to the custom provider, allowing .Net to do most of
| > the
| > | > work
| > | > | for me.
| > | > |
| > | > | <membership defaultProvider="LassieMembershipProvider" >
| > | > | <providers>
| > | > | <add name="LassieMembershipProvider"
| > | > |
| > | >
| > type="Enlighten.LinkMad.Businesslogic.Security.LassieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | </providers>
| > | > | </membership>
| > | > |
| > | > | This all works fine in my test/development environment but when I
| > place
| > | > this
| > | > | on our hosting server i get a nice error when I try and login:
| > | > |
| > | > | Parser Error Message: Attempt to access the method failed.
| > | > |
| > | > | Source Error:
| > | > |
| > | > |
| > | > | Line 40: <providers>
| > | > | Line 41: <add name="LassieMembershipProvider"
| > | > | Line 42:
| > | > |
| > type="Enlighten.LinkMad.Businesslogic.Security.LassieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | Line 43: </providers>
| > | > | Line 44: </membership>
| > | > |
| > | > | After a few hours of frustration I figured out the Provider only
| > works
| > | > when
| > | > | the server/application is running in full trust. This really isnt
a
| > | > | preffered trust level to run in on a shared hosting server. I
tryed
| > | > changing
| > | > | to other trust levels and only Full trust appears to work.
| > | > | I am only using one method in my custom provider and it is
accessing
| > a
| > | > Sql
| > | > | Server Db (no prblem right?).
| > | > | I dont see why a MembershipProvider would require fulltrust in
order
| > to
| > | > run,
| > | > | but in saying that I cant see where I am doing anything wrong
| > (famous
| > | > last
| > | > | words).
| > | > |
| > | > | Any help is always appreciated.
| > | > | Graham
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
