There is a definite flaw or restriction for writing ASP.NET 2.0 apps for shared hosters using Medium Trust or even a custom Medium trust policy. My apps just don't always work.
I've read just about everything on this issue and the documentation always says that common ASP.NET apps will work just fine in Medium Trust. Well that just isn't true! I don't know of anyone that has a simple ASP.NET app that simply uses SQL Server and
that's it. Most apps now a days are trying to be as rich as possible which includes web services, AJAX, even the use of MySql and the .Net Connector.
I've spent months writing an e-commerce app that uses SQL Server, and web services and JSON via javascript and they are work like a dream... in Full trust. When I change my Vista Framework/CONFIG/web.config to use a custom medium trust policy, JSON breaks.
Another app I'm writing uses the MySql .Net connector to connect an ASP.NET 2.0 app with a MySql database. It too works like a dream in Full trust. And it also breaks using my Custom Trust policy.
The Microsoft documentation always says to write for a particular policy. This is impossible! If you want to add one more bell or whistle to your app to make it more rich, suddenly it breaks because it's not enabled by the policy.
Does anyone know what a good custom policy is for an app that uses the following:
Webservices - local or non-local calling
JSON
MySql - using the .Net connector
I've tried using the High policy and it also doesn't work. And using PermCalc.exe doesn't help much, it just tells you what resources you need for your application AFTER you've built it. So in essence it will be showing you all the assemblies that you
can't use once you load it up to your shared hoster.
Is there a good Shared Hosting Medium policy that is good for everyone?
How are we supposed to write apps for shared hosting?
That's a difficult challenge. You're right, the default medium and even high trust policies still don't allow a lot of common real-world situations to work successfully. Medium trust is far too restrictive for any application of substance. That said,
medium trust is a good policy to build off of since you do what to start with a tight policy and only give access that is needed, and that you know is safe.
Here's a policy that allows a lot more access but still maintains some of the key elements of CAS. It's a completely customized medium trust policy. Feel free to use what you want from this:
I took a look at your policy and it's very close to mine, I didn't have:
OdbcPermission - I understand this one
ReflectionPermission - this is ok
SqlNotificationPermission - what is this for?
GacMembershipPermission - why have this?
RegistryPermission - I see this is set to false, then why is it necessary?
I just made changes to my custom policy and tried to run my ASP.NET 2.0 app that uses jayRock JSON handler (ashx) for web service calls and I still get the dreaded Server Error 500 code. Everything else about the application seems to work ok, but it needs
to use the JSON web service.
That's my main stumbling block right now.
I just thought of something, do you know if I recompiled the source code for the jayRock JSON handler with the APTCA attribute, if it would work?
That's what frustrates me about having to try and build applications for anything less than Full Trust, is that there doesn't seem to be any good documentation for Dummies (me) on how to build your application for a partial trust policy. I see documentation
that say to apply the APTCA attribute to your class, but what if you are building a web site and not a Web Project in Visual Studio? And do the classes for partial trust need to be strong named and put in the GAC or not? How would a shared hosting customer
get his web site application into the GAC?
You can probably see my frustration. I'm just venting. [:S]
I'm answering this off the top without confirming any docs. I don't remember now what SqlNotificationPermission is. Maybe that's used for SQL 2005 caching to notify a web app when there is a chance. I don't remember now. I don't remember GacMembershipPermission
either and what GAC check happens in CAS. It's been a couple years since I've set this up and it was in response to different obstacles that people ran into, I would evaluate it, determine if it was safe and then implement.
For the RegistryPermission, I actually had a 3rd party vendor's license key in there which I removed before posting. So it was there to support that. You're right, you can remove it instead of disable it.
As for JSON, I haven't specifically tested for that, so possibly it doesn't have the APTCA attribute set. If APTCA isn't set, then it's not possible for it to run in anything except for Full Trust. So, what you suggested sounds good. You're right, docs
for that are few and far between. It's only a line of code though to set APTCA as true so a google search should show what to add.
Here's the deal. If you haven't strongly named your component then APTCA isn't necessary. i.e. if it will only exist in the /bin folder of a site. APTCA is only needed if it's strongly named. But, if it's not strongly named, it won't run in the GAC.
So, if it must run in the GAC, then you need to strongly name it and set APTCA to run in partial trust.
Usually shared hosting customers shouldn't put anything in the GAC. The GAC is for global apps that affect everyone. Once you drop something into the GAC, you are giving them elevated permissions and you have introduced more management. Unless they have
many sites or applications that use the same component, it's easy enough for them to just upload to their /bin folder. A shared hosting customer cannot add something to the GAC unless you create a tool for them. It's a system administrator type-change.
I suspected as much for the ASP.NET applications and partially trusted apps. I will do more searching for answers on what to do to get this to work completely in partial trust. I was hoping the /bin folder was enough but it doesn't always seem like it.
kahanu
Member
90 Points
147 Posts
Medium Trust with ASP.NET and Shared Hosters
Sep 06, 2007 11:22 PM|LINK
There is a definite flaw or restriction for writing ASP.NET 2.0 apps for shared hosters using Medium Trust or even a custom Medium trust policy. My apps just don't always work.
I've read just about everything on this issue and the documentation always says that common ASP.NET apps will work just fine in Medium Trust. Well that just isn't true! I don't know of anyone that has a simple ASP.NET app that simply uses SQL Server and that's it. Most apps now a days are trying to be as rich as possible which includes web services, AJAX, even the use of MySql and the .Net Connector.
I've spent months writing an e-commerce app that uses SQL Server, and web services and JSON via javascript and they are work like a dream... in Full trust. When I change my Vista Framework/CONFIG/web.config to use a custom medium trust policy, JSON breaks.
Another app I'm writing uses the MySql .Net connector to connect an ASP.NET 2.0 app with a MySql database. It too works like a dream in Full trust. And it also breaks using my Custom Trust policy.
The Microsoft documentation always says to write for a particular policy. This is impossible! If you want to add one more bell or whistle to your app to make it more rich, suddenly it breaks because it's not enabled by the policy.
Does anyone know what a good custom policy is for an app that uses the following:
I've tried using the High policy and it also doesn't work. And using PermCalc.exe doesn't help much, it just tells you what resources you need for your application AFTER you've built it. So in essence it will be showing you all the assemblies that you can't use once you load it up to your shared hoster.
Is there a good Shared Hosting Medium policy that is good for everyone?
How are we supposed to write apps for shared hosting?
Thanks,
Kahanu
Assembly asp.net shared hosting Medium Trust.
MVC Central
http://www.mvccentral.net
OWScott
Participant
1939 Points
360 Posts
ASPInsiders
MVP
Re: Medium Trust with ASP.NET and Shared Hosters
Sep 13, 2007 01:42 PM|LINK
Hi Kahanu,
That's a difficult challenge. You're right, the default medium and even high trust policies still don't allow a lot of common real-world situations to work successfully. Medium trust is far too restrictive for any application of substance. That said, medium trust is a good policy to build off of since you do what to start with a tight policy and only give access that is needed, and that you know is safe.
Here's a policy that allows a lot more access but still maintains some of the key elements of CAS. It's a completely customized medium trust policy. Feel free to use what you want from this:
<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ConfigurationPermission" Description="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="OdbcPermission" Description="System.Data.Odbc.OdbcPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlNotificationPermission" Description="System.Data.SqlClient.SqlNotificationPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UIPermission" Description="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="GacMembershipCondition" Description="System.Security.Policy.GacMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Medium"
/>
<IPermission
class="ConfigurationPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="DnsPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="EnvironmentPermission"
version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"
/>
<IPermission
class="FileIOPermission"
version="1"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>
<IPermission
class="IsolatedStorageFilePermission"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
/>
<IPermission
class="OleDbPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="OdbcPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="PrintingPermission"
version="1"
Level="DefaultPrinting"
/>
<IPermission
class="RegistryPermission"
version="1"
Unrestricted="false"
/>
<IPermission
class="SecurityPermission"
version="1"
Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
/>
<IPermission
class="SmtpPermission"
version="1"
Access="Connect"
/>
<IPermission
class="SocketPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="SqlNotificationPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="ReflectionPermission"
version="1"
Flags="ReflectionEmit, MemberAccess, TypeInformation"
/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition
class="AllMembershipCondition"
version="1"
/>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="GacMembershipCondition"
version="1"
/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00000000000000000400000000000000"
/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>
Microsoft MVP - IIS
Vaasnet
www.vaasnet.com
kahanu
Member
90 Points
147 Posts
Re: Medium Trust with ASP.NET and Shared Hosters
Sep 14, 2007 09:31 PM|LINK
Scott,
I'll take a gander at your policy and let you know if I have any questions.
Thanks,
Kahanu
MVC Central
http://www.mvccentral.net
kahanu
Member
90 Points
147 Posts
Re: Medium Trust with ASP.NET and Shared Hosters
Sep 14, 2007 09:58 PM|LINK
Scott,
I took a look at your policy and it's very close to mine, I didn't have:
I just made changes to my custom policy and tried to run my ASP.NET 2.0 app that uses jayRock JSON handler (ashx) for web service calls and I still get the dreaded Server Error 500 code. Everything else about the application seems to work ok, but it needs to use the JSON web service.
That's my main stumbling block right now.
I just thought of something, do you know if I recompiled the source code for the jayRock JSON handler with the APTCA attribute, if it would work?
That's what frustrates me about having to try and build applications for anything less than Full Trust, is that there doesn't seem to be any good documentation for Dummies (me) on how to build your application for a partial trust policy. I see documentation that say to apply the APTCA attribute to your class, but what if you are building a web site and not a Web Project in Visual Studio? And do the classes for partial trust need to be strong named and put in the GAC or not? How would a shared hosting customer get his web site application into the GAC?
You can probably see my frustration. I'm just venting. [:S]
Thanks,
Kahanu
MVC Central
http://www.mvccentral.net
OWScott
Participant
1939 Points
360 Posts
ASPInsiders
MVP
Re: Medium Trust with ASP.NET and Shared Hosters
Sep 15, 2007 11:04 PM|LINK
Hi Kahanu,
I'm answering this off the top without confirming any docs. I don't remember now what SqlNotificationPermission is. Maybe that's used for SQL 2005 caching to notify a web app when there is a chance. I don't remember now. I don't remember GacMembershipPermission either and what GAC check happens in CAS. It's been a couple years since I've set this up and it was in response to different obstacles that people ran into, I would evaluate it, determine if it was safe and then implement.
For the RegistryPermission, I actually had a 3rd party vendor's license key in there which I removed before posting. So it was there to support that. You're right, you can remove it instead of disable it.
As for JSON, I haven't specifically tested for that, so possibly it doesn't have the APTCA attribute set. If APTCA isn't set, then it's not possible for it to run in anything except for Full Trust. So, what you suggested sounds good. You're right, docs for that are few and far between. It's only a line of code though to set APTCA as true so a google search should show what to add.
Here's the deal. If you haven't strongly named your component then APTCA isn't necessary. i.e. if it will only exist in the /bin folder of a site. APTCA is only needed if it's strongly named. But, if it's not strongly named, it won't run in the GAC. So, if it must run in the GAC, then you need to strongly name it and set APTCA to run in partial trust.
Usually shared hosting customers shouldn't put anything in the GAC. The GAC is for global apps that affect everyone. Once you drop something into the GAC, you are giving them elevated permissions and you have introduced more management. Unless they have many sites or applications that use the same component, it's easy enough for them to just upload to their /bin folder. A shared hosting customer cannot add something to the GAC unless you create a tool for them. It's a system administrator type-change.
I hope that helps.
Thanks,
Scott
Microsoft MVP - IIS
Vaasnet
www.vaasnet.com
kahanu
Member
90 Points
147 Posts
Re: Medium Trust with ASP.NET and Shared Hosters
Sep 17, 2007 04:11 AM|LINK
Scott,
I suspected as much for the ASP.NET applications and partially trusted apps. I will do more searching for answers on what to do to get this to work completely in partial trust. I was hoping the /bin folder was enough but it doesn't always seem like it.
Thanks, this did help.
Kahanu
MVC Central
http://www.mvccentral.net