A
Atul Thombre
Hello,
I am developing a custom membership provider. For that I built a prototype
that uses a SQL Server 2005 database as a backend store. I implemented the
class System.Web.Security.MembershipProvider and implemented few necessary
methods. The methods use SQL for interacting with the SQL Server database. I
put all this code in a class library.
I also created a simple Website using Visual Studio 2005 and configured the
Web.config to use this custom provider that I have written. Everything
worked fine. I could use the ASP.NET configuration tool and use the custom
provider to add users and view user details. Then I added a login page with
a login control and create user page with create user control and both of
them worked.
Now, I want to run this provider in the partial trust environment since MOSS
2007 runs in Minimal trust mode. I followed instructions provided in some of
the articles that I found on the web. Basically, the steps I took were
- Add a line <trust level="CustomTrust" originUrl=""/> in the Web.Config
for the website I created.
- Add a security policy in the same Web.config. This policy associates the
trust level specified above with the config file.
- I then copied web_minimaltrust.config from the framework CONFIG
directory to the Website directory and renamed it
- I then added [assembly: AllowPartiallyTrustedCallers] and [assembly:
SecurityCritical] in the assemblyInfo file for the custom provider.
- I added a permission set to the custom.config file. It is like this -
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="MyCustomPermissionSet"
Unrestricted="true"
Level="CustomTrust"
Description="My custom permission set">
<IPermission
class="SecurityPermission"
version="1"
Flags="Execution, Assertion"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
- I then created a strong name key pair file and added it to the custom
provider project and referenced it in that project.
- I added a Codegroup section in the custom.config file as follows
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomPermissionSet"
Description="Custom code group for my signed
assembly">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="Public key blob from the
strong name key pair"
/>
</CodeGroup>
- I added [SecurityCritical] in front of all the methods that are
implemented
- I added following code in all the methods
SecurityPermission permission1 = new
SecurityPermission(PermissionState.Unrestricted);
permission1.Assert();
Now I am trying to run the ASP.NET configuration tool and it gives an error
"This feature is not supported at the configured trust
level".
If I raise the trust level to 'Medium', everything works. If I lower it to
'Low', I get a different error, something about mscorlib. "Request for the
permission of type 'System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0.... failed".
First of all, do I have to run the custom provider in the minimal trust
level? I am doing this because I read that MOSS 2007 expects it to run in
partial [minimal] trust mode.
Where am I going wrong? I could not find anything on the web that will help
me solve this problem. So, any help is really appreciated.
Thanks,
Atul.
I am developing a custom membership provider. For that I built a prototype
that uses a SQL Server 2005 database as a backend store. I implemented the
class System.Web.Security.MembershipProvider and implemented few necessary
methods. The methods use SQL for interacting with the SQL Server database. I
put all this code in a class library.
I also created a simple Website using Visual Studio 2005 and configured the
Web.config to use this custom provider that I have written. Everything
worked fine. I could use the ASP.NET configuration tool and use the custom
provider to add users and view user details. Then I added a login page with
a login control and create user page with create user control and both of
them worked.
Now, I want to run this provider in the partial trust environment since MOSS
2007 runs in Minimal trust mode. I followed instructions provided in some of
the articles that I found on the web. Basically, the steps I took were
- Add a line <trust level="CustomTrust" originUrl=""/> in the Web.Config
for the website I created.
- Add a security policy in the same Web.config. This policy associates the
trust level specified above with the config file.
- I then copied web_minimaltrust.config from the framework CONFIG
directory to the Website directory and renamed it
- I then added [assembly: AllowPartiallyTrustedCallers] and [assembly:
SecurityCritical] in the assemblyInfo file for the custom provider.
- I added a permission set to the custom.config file. It is like this -
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="MyCustomPermissionSet"
Unrestricted="true"
Level="CustomTrust"
Description="My custom permission set">
<IPermission
class="SecurityPermission"
version="1"
Flags="Execution, Assertion"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
- I then created a strong name key pair file and added it to the custom
provider project and referenced it in that project.
- I added a Codegroup section in the custom.config file as follows
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomPermissionSet"
Description="Custom code group for my signed
assembly">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="Public key blob from the
strong name key pair"
/>
</CodeGroup>
- I added [SecurityCritical] in front of all the methods that are
implemented
- I added following code in all the methods
SecurityPermission permission1 = new
SecurityPermission(PermissionState.Unrestricted);
permission1.Assert();
Now I am trying to run the ASP.NET configuration tool and it gives an error
"This feature is not supported at the configured trust
level".
If I raise the trust level to 'Medium', everything works. If I lower it to
'Low', I get a different error, something about mscorlib. "Request for the
permission of type 'System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0.... failed".
First of all, do I have to run the custom provider in the minimal trust
level? I am doing this because I read that MOSS 2007 expects it to run in
partial [minimal] trust mode.
Where am I going wrong? I could not find anything on the web that will help
me solve this problem. So, any help is really appreciated.
Thanks,
Atul.