database error on host with medium trust level

Discussion in 'ASP .Net Security' started by Shukri, Nov 18, 2005.

  1. Shukri

    Shukri Guest

    I recently got web hosting for my asp.net applications. The hosting firm runs
    with medium trust level - that cannot be changed.

    All my low-level database accessing code is compiled into a DLL which I link
    to from my asp.net application. The database connection etc is managed in
    this dll. When I try to use that dll, I get the following exception :

    ####################################################

    Description: The application attempted to perform an operation not allowed
    by the security policy. To grant this application the required permission
    please contact your system administrator or change the application's trust
    level in the configuration file.

    Exception Details: System.Security.SecurityException: Security error.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [SecurityException: Security error.]
    SharpGate.GateKeeperCollection.get_Item(Int32 index) +0
    SharpGateWebUI.AccessPanel.OnInit(EventArgs e) +44
    System.Web.UI.Control.InitRecursive(Control namingContainer) +241
    System.Web.UI.Control.InitRecursive(Control namingContainer) +179
    System.Web.UI.Control.InitRecursive(Control namingContainer) +179
    System.Web.UI.Page.ProcessRequestMain() +2112
    System.Web.UI.Page.ProcessRequest() +218
    System.Web.UI.Page.ProcessRequest(HttpContext context) +18

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +87

    ####################################################

    I know the code itself works fine, because if I copy the DLL's database
    accessing code into an aspx page and compile it there, it works without any
    hassles. Clearly the medium trust level on the server doesnt permit DB access
    from a linked assembly. How can I fix this, so I can still work under medium
    trust, and keep my db-accessing routines in a seperate dll ? I've tried
    making the dll strongly-named, and then adding it to my web.config with :

    <compilation defaultLanguage="c#" debug="true">
    <assemblies>
    <add assembly="MyDBAccessDLL, Version=1.0.2140.32652, Culture=neutral,
    PublicKeyToken=5e0f6c2c46c69d83"/>
    </assemblies>
    </compilation>

    but that didnt help. The hosting company are being extremely unhelpful.
    Their attitude is "we're medium trust, here's a link explaining what medium
    trust is, ticket closed". I find it extremely hard to believe there's no
    solution to this, or that Microsoft would have designed security in the .Net
    framework so assemblies cannot be given the necessary permission to perform
    these kinds of operation when used in a medium trust environment. I'm really
    at my wit's end here, so any help would be greatly appreciated.

    Shukri
    Shukri, Nov 18, 2005
    #1
    1. Advertising

  2. Under a properly locked down CAS policy, there should be nothing your
    application can do to elevate its own permissions. However, the default
    medium trust configuration does allow SqlClientPermission so, assuming
    you're using the System.Data.SqlClient types to access your database, you
    probably shouldn't be having this problem. Unfortunately, it's a little
    hard to tell what your original problem may have been since it looks like
    the exception whose details you posted is due to an attempt to call into
    your strongly named assembly from your partially trusted web application
    code. What exception do you get if you remove the strong name signature
    from the DLL?



    "Shukri" <> wrote in message
    news:...
    >I recently got web hosting for my asp.net applications. The hosting firm
    >runs
    > with medium trust level - that cannot be changed.
    >
    > All my low-level database accessing code is compiled into a DLL which I
    > link
    > to from my asp.net application. The database connection etc is managed in
    > this dll. When I try to use that dll, I get the following exception :
    >
    > ####################################################
    >
    > Description: The application attempted to perform an operation not allowed
    > by the security policy. To grant this application the required permission
    > please contact your system administrator or change the application's trust
    > level in the configuration file.
    >
    > Exception Details: System.Security.SecurityException: Security error.
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the current
    > web
    > request. Information regarding the origin and location of the exception
    > can
    > be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [SecurityException: Security error.]
    > SharpGate.GateKeeperCollection.get_Item(Int32 index) +0
    > SharpGateWebUI.AccessPanel.OnInit(EventArgs e) +44
    > System.Web.UI.Control.InitRecursive(Control namingContainer) +241
    > System.Web.UI.Control.InitRecursive(Control namingContainer) +179
    > System.Web.UI.Control.InitRecursive(Control namingContainer) +179
    > System.Web.UI.Page.ProcessRequestMain() +2112
    > System.Web.UI.Page.ProcessRequest() +218
    > System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    >
    > System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
    > +179
    > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously) +87
    >
    > ####################################################
    >
    > I know the code itself works fine, because if I copy the DLL's database
    > accessing code into an aspx page and compile it there, it works without
    > any
    > hassles. Clearly the medium trust level on the server doesnt permit DB
    > access
    > from a linked assembly. How can I fix this, so I can still work under
    > medium
    > trust, and keep my db-accessing routines in a seperate dll ? I've tried
    > making the dll strongly-named, and then adding it to my web.config with :
    >
    > <compilation defaultLanguage="c#" debug="true">
    > <assemblies>
    > <add assembly="MyDBAccessDLL, Version=1.0.2140.32652, Culture=neutral,
    > PublicKeyToken=5e0f6c2c46c69d83"/>
    > </assemblies>
    > </compilation>
    >
    > but that didnt help. The hosting company are being extremely unhelpful.
    > Their attitude is "we're medium trust, here's a link explaining what
    > medium
    > trust is, ticket closed". I find it extremely hard to believe there's no
    > solution to this, or that Microsoft would have designed security in the
    > .Net
    > framework so assemblies cannot be given the necessary permission to
    > perform
    > these kinds of operation when used in a medium trust environment. I'm
    > really
    > at my wit's end here, so any help would be greatly appreciated.
    >
    > Shukri
    Nicole Calinoiu, Nov 20, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Hatcher

    Medium Level Trust and Reflection

    Paul Hatcher, Feb 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    472
    Paul Hatcher
    Feb 25, 2005
  2. Andy
    Replies:
    1
    Views:
    339
  3. Steven Voordijk

    Marshal.Copy (in medium trust level environment)

    Steven Voordijk, Jan 16, 2008, in forum: ASP .Net
    Replies:
    3
    Views:
    702
    Alvin Bruney [ASP.NET MVP]
    Jan 19, 2008
  4. Mr.Cyber
    Replies:
    3
    Views:
    314
    Nicole Calinoiu
    Dec 16, 2005
  5. Linda
    Replies:
    1
    Views:
    534
    Dominick Baier
    Aug 31, 2006
Loading...

Share This Page