PDA

View Full Version : Running Coolite Controls in Shared Hosting Environment (Medium Trust)



tongyang
Feb 23, 2008, 8:09 PM
I have noticed that the scriptmanager control throws a SecurityException on a shared host:



[SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.]
System.Security.CodeAccessSecurityEngine.Check(Obj ect demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Configuration.BaseConfigurationRecord.Check PermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) +65


It appears that because of shared host runs ASP.NET applications at medium trust and not full trust, the control fails.

I was wondering if this can be helped? Or do I pretty much have to use it on a dedicated host?

Thanks in advance

geoffrey.mcgill
Feb 23, 2008, 8:50 PM
Full Trust should not be a requirement. We have the proper AspHostingPermission attributes in the source, but maybe we're missing something else.

Let me run a few tests.

tongyang
Feb 23, 2008, 9:28 PM
Thanks for the quick reply. In case you're curious this is all I have:



<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Default.aspx.vb" Inherits="TestWebSite.HomePage" %>


<%@ Register Assembly="Coolite.Web.UI" Namespace="Coolite.Web.UI" TagPrefix="cool" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Hello World!</title>
</head>
<body>
<cool:ScriptManager ID="ScriptManager1" runat="server" Hide="True" />
<form id="form1" runat="server">
</form>


<script type="text/javascript">
Ext.Msg.alert('Hello World', 'Hello World!');
</script>


</body>
</html>


But if I remove the scriptmanager and use the extjs js and css + images, it works (of course)

geoffrey.mcgill
Feb 23, 2008, 9:33 PM
Thank for the update.

I've tracked down the source of the error. Within the Coolite.Web.UI.ResourceManager (.HasHandler()) we try to read from the Web.config to determine if a certain coolite specific HttpHandersSection has been set. Unfortunately MediumTrust does not allow.

I'm trying to track down a fix or work-around.

geoffrey.mcgill
Feb 23, 2008, 10:41 PM
Ok, I have the Assembly working in Medium Trust. I had to do some rework of HasHandler, but everything seems to work well.

The code will be included in the next release (v0.4) of the controls due out at or around the first week of March.

Reference for others, if you want to switch into Medium Trust mode, add the following <trust> node to your web.config within <system.web>.


<system.web>
<trust level="Medium" />
<system.web>

tongyang
Feb 23, 2008, 10:50 PM
Thanks! Will look forward to the release.

tongyang
Feb 23, 2008, 11:38 PM
Just wanted to update that Geoffrey let me test out a new build to see if it fixed my problem, and I'm gladly reporting that it did! I now don't have to worry about switching hosts and can enjoy this wonderful library!

Thanks a lot!