test your medium trust config

Discussion in 'Knowledge Base' started by Stephen, Jul 31, 2006.

  1. Stephen

    Stephen US Operations Staff Member

    Attached is the medium trust config that we run, test your ASP.NET 2 applications locally against this.

    You need to set in your machine web.config to disallow override, and to use this file as the medium trust, then set the ASP.NET to run in medium trust, I will post a web.config sample shortly.

    Attached Files:

  2. Stephen

    Stephen US Operations Staff Member

    Here is what the system web.config found in:
    %sysdir%\microsoft.net\framework\v2.0.50727\config\web.config should have in the section(that look just like this only portions modified):

    <location allowOverride="false">
    <system.web>
    <securityPolicy>
    <trustLevel name="Full" policyFile="internal" />
    <trustLevel name="High" policyFile="web_hightrust.config" />
    <trustLevel name="Medium" policyFile="mediumtrust.config" />
    <trustLevel name="Low" policyFile="web_lowtrust.config" />
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
    </securityPolicy>
    <trust level="Medium" originUrl="" />
    </system.web>
    </location>
  3. gsaunders

    gsaunders Perch

    Stephen,

    For those of us who haven't jumped into the
    ASP.NET much yet, could you give a brief description of what this is about and why we would use it.

    I think it would be helpful for the newere .NET folks.

    Thanks
  4. Stephen

    Stephen US Operations Staff Member

    Well it allows you to test in the same enviroment that is run on the servers here(and many hosts, but maybe not exactly this config).

    ASP.NEt allows some options to be disabled to prevent hacking, kernel debugging, etc. And this is an example template with those features disabled to test against.
  5. soludev

    soludev Guppy

    I assume that the .zip file contains your actual medium trust configuration for use in testing. Unfortunately whenever I try to download the file I find that the .zip is corrupted. I've tried from a couple different machines.

    If it is indeed corrupted can you please repost. Otherwise can you email it to me at sthamilton\@/comcast.net (remove slashes)

    Thanks!
  6. Stephen

    Stephen US Operations Staff Member

    I did not know of this, thanks for making me aware. I don't have the files I bundled in their with me now as I am in Miami on my laptop. I will repost it for you after I get back to Texas.
  7. soludev

    soludev Guppy

    Thanks for the reply. I'm hoping you will be back in Texas sooner rather than later. I'm still fighting a Commerce Starter Kit site that was due two weeks ago due to this medium trust issue.
  8. Stephen

    Stephen US Operations Staff Member

    I will be back in Texas by 11:45pm tomorrow night :)
  9. Stephen

    Stephen US Operations Staff Member

    Here is the file in Text form:
    Code:
    <configuration>
        <mscorlib>
            <security>
                <policy>
                    <PolicyLevel version="1">
                        <SecurityClasses>
                            <SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="ConfigurationPermission" Description="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
                            <SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
                            <SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
                            <SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                            <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    			<SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    			<SecurityClass Name="OdbcPermission" Description="System.Data.Odbc.OdbcPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    			<SecurityClass Name="OraclePermission" Description="System.Data.OracleClient.OraclePermission, System.Data.OracleClient, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                        </SecurityClasses>
                        <NamedPermissionSets>
                            <PermissionSet
                                    class="NamedPermissionSet"
                                    version="1"
                                    Unrestricted="true"
                                    Name="FullTrust"
                                    Description="Allows full access to all resources"
                            />
                            <PermissionSet
                                    class="NamedPermissionSet"
                                    version="1"
                                    Name="Nothing"
                                    Description="Denies all resources, including the right to execute"
                            />
                            <PermissionSet
                                    class="NamedPermissionSet"
                                    version="1"
                                    Name="ASP.Net">
                                <IPermission
                                        class="AspNetHostingPermission"
                                        version="1"
                                        Level="High"
                                />
                                <IPermission
                                        class="ConfigurationPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="DnsPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="EnvironmentPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="FileIOPermission"
                                        version="1"
                                        Read="$AppDir$"
                                        Write="$AppDir$"
                                        Append="$AppDir$"
                                        PathDiscovery="$AppDir$"
                                />
                                <IPermission
                                        class="IsolatedStorageFilePermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="PrintingPermission"
                                        version="1"
                                        Level="DefaultPrinting"
                                />
                                <IPermission
                                        class="ReflectionPermission"
                                        version="1"
                                        Flags="ReflectionEmit"
                                />
                                <IPermission
                                        class="RegistryPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="SecurityPermission"
                                        version="1"
                                        Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
                                />
                                <IPermission
                                        class="SmtpPermission"
                                        version="1"
                                        Access="Connect"
                                />
                                <IPermission
                                        class="SocketPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="SqlClientPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
                                <IPermission
                                        class="WebPermission"
                                        version="1"
                                        Unrestricted="true"
                                />
    			    <IPermission class="OleDbPermission" 
                      		    version="1" 
    				    Unrestricted="true"
    			    />
    
    			    <IPermission class="OdbcPermission"
    				    version="1"
    				    Unrestricted="true"
    			    />
    
    			    <IPermission class="OraclePermission"
    				    version="1"
    				    Unrestricted="true"
    			    />
                            </PermissionSet>
                        </NamedPermissionSets>
                        <CodeGroup
                                class="FirstMatchCodeGroup"
                                version="1"
                                PermissionSetName="Nothing">
                            <IMembershipCondition
                                    class="AllMembershipCondition"
                                    version="1"
                            />
                            <CodeGroup
                                    class="UnionCodeGroup"
                                    version="1"
                                    PermissionSetName="ASP.Net">
                                <IMembershipCondition
                                        class="UrlMembershipCondition"
                                        version="1"
                                        Url="$AppDirUrl$/*"
                                />
                            </CodeGroup>
                            <CodeGroup
                                    class="UnionCodeGroup"
                                    version="1"
                                    PermissionSetName="ASP.Net">
                                <IMembershipCondition
                                        class="UrlMembershipCondition"
                                        version="1"
                                        Url="$CodeGen$/*"
                                />
                            </CodeGroup>
                            <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
                            	<IMembershipCondition
                                    class="ZoneMembershipCondition"
                                    version="1"
                                    Zone="MyComputer" />
                                <CodeGroup
                                        class="UnionCodeGroup"
                                        version="1"
                                        PermissionSetName="FullTrust"
                                        Name="Microsoft_Strong_Name"
                                        Description="This code group grants code signed with the Microsoft strong name full trust. ">
                                    <IMembershipCondition
                                            class="StrongNameMembershipCondition"
                                            version="1"
                                            PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
                                    />
                                </CodeGroup>
                                <CodeGroup
                                        class="UnionCodeGroup"
                                        version="1"
                                        PermissionSetName="FullTrust"
                                        Name="Ecma_Strong_Name"
                                        Description="This code group grants code signed with the ECMA strong name full trust. ">
                                    <IMembershipCondition
                                            class="StrongNameMembershipCondition"
                                            version="1"
                                            PublicKeyBlob="00000000000000000400000000000000"
                                    />
                                </CodeGroup>
                            </CodeGroup>
                        </CodeGroup>
                    </PolicyLevel>
                </policy>
            </security>
        </mscorlib>
    </configuration>
    
    

    Attached Files:

  10. fischermx

    fischermx Perch

    I think I need a little bit instructions.
    Should I replace that file for the one here? :
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config

    How do I configure "ASP.NET to run in medium trust" ?
  11. Stephen

    Stephen US Operations Staff Member

    You got it, I think you got it function as well from the replies in the other thread :)
  12. p32megaj

    p32megaj Guppy

    HEllo, i have a .Net 2.0 app running in other server, but when i install in my account in Jodohost (prueba.arte12.es) don?t work.

    Neeraj from Jodo host say to me that i must compiled my application in medium trust, but i don know what i mus modify in web.config (Below) for this method.

    Can you help me please?

    Thanks in advanced

    I had to remove your web.config it had passwords all over it. It was not letting me just edit the password out.
  13. Stephen

    Stephen US Operations Staff Member

    p32megaj,

    I saw your web.config, it had a numberof items but posting the web.config doesn't help a lot. What was the error you were getting?
    The most likley thing is you have a DLL not compiled to "AllowPartiallyTrustCallers"
  14. p32megaj

    p32megaj Guppy

    Sorry for the inconveniece, but i try during a lot of time install my app in the server, and i can?t.

    I running this app in another servers, but i put my app here i only get error.

    My clients are a bit angry, they don?t undestand why i rent this server if .NET not run.

    Please i need compiled in "AllowPartiallyTrustCallers", but when i put this code (below) in my web.config, i can't complie

    Again sorry for my awkwardness

    Best regard, and happy new year



    <location allowOverride="false">
    <system.web>
    <securityPolicy>
    <trustLevel name="Full" policyFile="internal" />
    <trustLevel name="High" policyFile="web_hightrust.config" />
    <trustLevel name="Medium" policyFile="mediumtrust.config" />
    <trustLevel name="Low" policyFile="web_lowtrust.config" />
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
    </securityPolicy>
    <trust level="Medium" originUrl="" />
    </system.web>
    </location>
  15. Stephen

    Stephen US Operations Staff Member

    I understand what you are saying, but I am asking what is the error?
    What you are giving is just config, not the error itself. Seeing the stack trace of the error will help greatly.
  16. efactorial

    efactorial Guppy

    I can't create new folders and files from asp.net pages on the server. I have created tickets and chatted with the support team for days and couldn't get it to work. My ticket number is [JH #FHX-15414-314]: permission to folders. So I decided to post it here. The support member told me that all I have to do is set my app to compile in medium trust and upload it, but it didn't work.

    This is what I did:
    I set up my environment as recommended to run it in medium trust level by changing the machine.config. In this security level, as expected I couldn't create folders from asp.net pages. The error message is listed below.

    I did some research and found that "in medium trust, FileIOPermission is restricted. This means I can only access files in my application's virtual directory hierarchy" from MSDN. So, I asked the support to make sure a virtual directory is created for my app, but this also didsn't work.

    Another way to get around is to create a custom trust configuration that enables file i/o, but support wouldn't do.

    There must be a very common problem in shared host environment, but I just couldn't find a solution. Can anyone help?

    Thanks in advance.


    Security Exception
    Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
  17. Stephen

    Stephen US Operations Staff Member

    the most likely cause for this the the mthod you re using, if you have specified in code d:\hshome\user\domain.com anywhere it won't work, you need to use virtual pathing.

    also we don't and won't do the custom trust, sorry.

    as long as you are in the domain root folder, you are an application folder by default, all subdomains and domain are by default an application folder.



  18. efactorial

    efactorial Guppy

    not sure if I understand what you meant by "virtual path" and d:\hshome\user\domain.com.

    Here is the code for the test:

    protected void Page_Load(object sender, EventArgs e)
    {
    try
    {
    string LocalVideoDir = "./Videos/Users";
    string VideoDirOnServer = Server.MapPath(LocalVideoDir);
    // change to video directory
    Directory.SetCurrentDirectory(VideoDirOnServer);
    // create a new directory
    Directory.CreateDirectory("FileCreation");
    }
    catch (Exception ex)
    {
    Response.Write(ex.Message);
    }
    }

    can you explain what I am doing wrong?
  19. tetranz

    tetranz Perch

    I had a play and reproduced your problem. It seems to be related to Directory.SetCurrentDirectory(). I don't think you really need to use that.

    Directory.CreateDirectory() works just fine if you give it an absolute path. Its also nice that you can give it a long path and it creates the directories in-between. You don't need to create each level.

    Try something like this: Before I run this, Videos does not exist. After it runs, Videos/Users/FileCreation exists.

    string LocalVideoDir = "./Videos/Users";
    string VideoDirOnServer = Server.MapPath(LocalVideoDir);

    string fileCreatePath = Path.Combine(VideoDirOnServer, "FileCreation");

    if (!Directory.Exists(fileCreatePath))
    {
    Directory.CreateDirectory(fileCreatePath);
    }

    Cheers
    Ross
  20. efactorial

    efactorial Guppy

    Hey Ross,

    I don't know how to thank you. All along I thought it was medium trust issue and spent too many days on this :( I couldn't believe the problem was so simple. Thanks to you my asp.net user controls/role managers are working correctly.

    You're awesome.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services