Debugging Trust Levels - Oledb

B

Ben Sudbury

Hi There,

I want to configure a custom trust level for asp.net that will essentially
be the same as low trust except that it adds the ability to run oledb
connections.

When setting this up, it doesn't seem to be as simple as just adding

<SecurityClass Name="OleDbPermission"
Description="System.Data.OleDb.OleDbPermission, System.Data,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

and

<IPermission class="OleDbPermission"
version="1" Unrestricted="true"/>

to the named permission set "ASP.Net" in my custom policy file.

I have created a simple webform that returns an oledb recordset from an
access database stored within the folder containing the application starting
point.

When the machine.config is set to FullTrust, everything works beautifully,
when I switch to a lower level of trust, the application doesn't return the
recordset or any errors.

Is this normal behaviour?

How do people normally debug OLEDB Trust levels from an Administrative point
of view?

Ben.
 
M

[MSFT]

Hi Ben,

The OLE DB .NET data provider demands full-trust callers. If your ASP.NET
app needs to access OLE DB data sources while running at a custom trust,
use the sandboxing approach. Place your data access code in a separate
assembly, strong name it, and install it in the GAC, which gives it full
trust. For more information, you may refer to this article:

Using Code Access Security with ASP .NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/THCMCh09.asp

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
M

[MSFT]

Hi Ben,

Is my answer make sense to you, or you need more information on this?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
B

Ben Sudbury

Hi Luke,

Thanks for this information.

This does help me in debugging permissions somewhat.

There are 2 remaining questions for me.

1. Why does the code calling oledb just fail without an error when running
in a medium trust environment? (I have tested this on two machines now and
get the same behaviour)

2. In our environment we are happy to trust oledb access, and would like
anyone running an application on our server to be able to use oledb, while
maintaining a general level of medium trust, so I want to explore the
options that are available to us.

a) Get each application programmer to wrap their database calls in it's own
class with assert statements and sign it and register it with the GAC. (Not
very good as it requires extra code to be written by each and every
programmer and extra admin to register all the classess with the GAC.

b) Write a wrapper class that wraps all of the oledb classes and their
methods using assert statements to call the original properties and methods,
sign and register with the GAC. (Not bad, because each programmer would only
need to replace their imports statements from system.data.oledb to
mywrapper.oledb and all of their code would work - correct?)

c) Is there another option of maybe signing the system.data class again
without the requirement for Full Trust access? Are there any other options
that allow me to set it up so that each of the programmers has the minimum
changes required in their code but still retains the security of a partial
trust environment?

Regards,

Ben.
 
M

[MSFT]

Hi Ben,

Regarding the question 1, can you let me know the code you use. I may check
them to find the reason

for question, I think the approuch b should be better for the programmer.

regards,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
B

Ben Sudbury

Hi There,

Below is the code that I am using. It's just a down and dirty proof of
concept

----- Webform1.aspx.cs ------
using System;

using System.Collections;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Web;

using System.Web.SessionState;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.HtmlControls;

using System.Security;

using System.Security.Permissions;

using System.Data.OleDb;

using System.IO.IsolatedStorage;

namespace SecurityTest

{

/// <summary>

/// Summary description for WebForm1.

/// </summary>

public class WebForm1 : System.Web.UI.Page

{

protected System.Data.OleDb.OleDbConnection oleDbConnection1;

protected System.Web.UI.WebControls.DataGrid DataGrid1;

protected System.Data.OleDb.OleDbDataAdapter oleDbDataAdapter1;

protected System.Data.OleDb.OleDbCommand oleDbSelectCommand1;

protected System.Data.OleDb.OleDbCommand oleDbInsertCommand1;

protected System.Data.OleDb.OleDbCommand oleDbUpdateCommand1;

protected System.Data.OleDb.OleDbCommand oleDbDeleteCommand1;

protected System.Data.DataSet dataSet1;

protected System.Data.SqlClient.SqlConnection sqlConnection1;

protected System.Web.UI.WebControls.Button Button1;


private void Page_Load(object sender, System.EventArgs e)

{

// Put user code to initialize the page here

}

#region Web Form Designer generated code

override protected void OnInit(EventArgs e)

{

//

// CODEGEN: This call is required by the ASP.NET Web Form Designer.

//

try

{

InitializeComponent();

}

catch(SecurityException ex)

{

/* String exDetails = ex.GrantedSet;

exDetails += ex.PermissionState;

exDetails += ex.PermissionType;

exDetails += ex.RefusedSet;

Response.Write(exDetails);

*/

}

base.OnInit(e);

}


/// <summary>

/// Required method for Designer support - do not modify

/// the contents of this method with the code editor.

/// </summary>

private void InitializeComponent()

{

this.oleDbConnection1 = new System.Data.OleDb.OleDbConnection();

this.oleDbDataAdapter1 = new System.Data.OleDb.OleDbDataAdapter();

this.oleDbDeleteCommand1 = new System.Data.OleDb.OleDbCommand();

this.oleDbInsertCommand1 = new System.Data.OleDb.OleDbCommand();

this.oleDbSelectCommand1 = new System.Data.OleDb.OleDbCommand();

this.oleDbUpdateCommand1 = new System.Data.OleDb.OleDbCommand();

this.dataSet1 = new System.Data.DataSet();

this.sqlConnection1 = new System.Data.SqlClient.SqlConnection();

((System.ComponentModel.ISupportInitialize)(this.dataSet1)).BeginInit();

this.Button1.Click += new System.EventHandler(this.Button1_Click);

//

// oleDbDataAdapter1

//

this.oleDbDataAdapter1.DeleteCommand = this.oleDbDeleteCommand1;

this.oleDbDataAdapter1.InsertCommand = this.oleDbInsertCommand1;

this.oleDbDataAdapter1.SelectCommand = this.oleDbSelectCommand1;

this.oleDbDataAdapter1.TableMappings.AddRange(new
System.Data.Common.DataTableMapping[] {

new System.Data.Common.DataTableMapping("Table", "test", new
System.Data.Common.DataColumnMapping[] {

new System.Data.Common.DataColumnMapping("testField", "testField"),

new System.Data.Common.DataColumnMapping("testid", "testid")})});

this.oleDbDataAdapter1.UpdateCommand = this.oleDbUpdateCommand1;

//

// oleDbDeleteCommand1

//

this.oleDbDeleteCommand1.CommandText = "DELETE FROM test WHERE (testid = ?)
AND (testField = ? OR ? IS NULL AND testField" +

" IS NULL)";

this.oleDbDeleteCommand1.Connection = this.oleDbConnection1;

this.oleDbDeleteCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testid",
System.Data.OleDb.OleDbType.Integer, 0,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testid", System.Data.DataRowVersion.Original, null));

this.oleDbDeleteCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testField",
System.Data.OleDb.OleDbType.VarWChar, 50,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testField", System.Data.DataRowVersion.Original,
null));

this.oleDbDeleteCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testField1",
System.Data.OleDb.OleDbType.VarWChar, 50,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testField", System.Data.DataRowVersion.Original,
null));

//

// oleDbInsertCommand1

//

this.oleDbInsertCommand1.CommandText = "INSERT INTO test(testField) VALUES
(?)";

this.oleDbInsertCommand1.Connection = this.oleDbConnection1;

this.oleDbInsertCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("testField",
System.Data.OleDb.OleDbType.VarWChar, 50, "testField"));

//

// oleDbSelectCommand1

//

this.oleDbSelectCommand1.CommandText = "SELECT testField, testid FROM test";

this.oleDbSelectCommand1.Connection = this.oleDbConnection1;

//

// oleDbUpdateCommand1

//

this.oleDbUpdateCommand1.CommandText = "UPDATE test SET testField = ? WHERE
(testid = ?) AND (testField = ? OR ? IS NULL " +

"AND testField IS NULL)";

this.oleDbUpdateCommand1.Connection = this.oleDbConnection1;

this.oleDbUpdateCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("testField",
System.Data.OleDb.OleDbType.VarWChar, 50, "testField"));

this.oleDbUpdateCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testid",
System.Data.OleDb.OleDbType.Integer, 0,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testid", System.Data.DataRowVersion.Original, null));

this.oleDbUpdateCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testField",
System.Data.OleDb.OleDbType.VarWChar, 50,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testField", System.Data.DataRowVersion.Original,
null));

this.oleDbUpdateCommand1.Parameters.Add(new
System.Data.OleDb.OleDbParameter("Original_testField1",
System.Data.OleDb.OleDbType.VarWChar, 50,
System.Data.ParameterDirection.Input, false, ((System.Byte)(0)),
((System.Byte)(0)), "testField", System.Data.DataRowVersion.Original,
null));

//

// dataSet1

//

this.dataSet1.DataSetName = "NewDataSet";

this.dataSet1.Locale = new System.Globalization.CultureInfo("en-AU");

//

// sqlConnection1

//

this.sqlConnection1.ConnectionString = "workstation id=KICKASS;packet
size=4096;user id=ben;data source=\"data.ico.com.au\"" +

";persist security info=False;initial catalog=liveAllens";

this.sqlConnection1.InfoMessage += new
System.Data.SqlClient.SqlInfoMessageEventHandler(this.sqlConnection1_InfoMes
sage);

this.Load += new System.EventHandler(this.Page_Load);

((System.ComponentModel.ISupportInitialize)(this.dataSet1)).EndInit();

}

#endregion

private void Button1_Click(object sender, System.EventArgs e)

{

oleDbDataAdapter1.Fill(dataSet1);

DataGrid1.DataBind();

}

private void sqlConnection1_InfoMessage(object sender,
System.Data.SqlClient.SqlInfoMessageEventArgs e)

{


}

}

}
 
M

[MSFT]

Hi Ben,

I tested your code and it throw a SecurityException with Medium trust level.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trust level required for AppDomain.CurrentDomain.UnhandledExcept 2
still probs ::: how to use microsoft application blocks ent libjune 2005 3
how to use microsoft application blocks ent lib june 2005 3
Permissions for access to Active Directory (CAS) 0
Still the same problem with embedding Windows Control 0
trust level problem 1
Custom membership provider in partial trust mode 0
GetCompiledPageInstance and Medium trust application level 1

Members online

No members online now.
Total: 41 (members: 1, guests: 40)
Robots: 448

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,053
Latest member
billing-software

Latest Threads

Top