First and foremost, I'm not sure these are the right groups to ask - if
not, feel free to direct me to a more fitting gtoup.
The company I work for has developed an ASP.Net website in Delphi RAD
Studio 2007. So far, several clients have received this website, no
troubles so far.
With our latest client, however, we've stumbled upon a problem. The
hosting company has warned us that they no longer support ASP 1.0, and
that we need to switch to ASP 2.0. Further more, they do not allow
applications to run in a fully trusted environment.
My colleague has upgraded the application to ASP 2.0, and has been able
to run the application on our own test servers. However, the application
will not work on the website provided by the hosting company, nor will it
work on our own servers if we use their configuration files.
The error we receive is the following:
Server Error in '/' Application.
--------------------------------
Security Exception
Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the
required permission please contact your system administrator or change
the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException:
System.Security.Permissions.SecurityPermission
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace
below.
Stack Trace:
[SecurityException: System.Security.Permissions.SecurityPermission]
Borland.Vcl.Units.SysUtils.InitSysLocale() +0
Borland.Vcl.Units.SysUtils.GetFormatSettings() +11
Borland.Vcl.Units.SysUtils.Borland.Vcl.SysUtils() +71
Borland.Vcl.Units.SysUtils..cctor() +1120
--------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.3603;
ASP.NET Version:2.0.50727.3082
The hosting company is not willing to change their configuration, which
we can understand. Switching to another hosting companys is NOT possible.
Since neither my colleague nor I are ASP.Net developers, and the original
developer is no longer with us, we're stuck.
What do we need to do to enable our application to run without a fully-
trusted environment? Any info or links to helpful information would be
most welcome!
Thanks in advance!
Best regards,
Marlon
This may help:
http://msdn.microsoft.com/en-us/library/aa302425.aspx
-Scott
http://www.google.com/search?q=how+to+run+asp.net+in+medium+trust
HTH
<snip>
> This may help:
>
> http://msdn.microsoft.com/en-us/library/aa302425.aspx
>
Thanks Scott for this link - I gather from this document that we must alter
our application, in order to be able to run it in a partially trusted
environment, and not just some configuration files...
Best regards,
Marlon
<snip>
> http://www.google.com/search?q=how+to+run+asp.net+in+medium+trust
First, we've already Googled this to no avail (isn't Google the default
sidekick for all developers?), that's why I ended up asking my question
here. Thanks anyway.
Second, is "medium trust" the same as "partially trusted"? I've seen
various "trust" levels mentioned, but I've no idea whether or not these are
the same.
Best regards,
Marlon
There really isn't a "medium trust" level. It is "partial trust" if it's
not fully trusted.
-Scott
Hi Marlon,
I'm not an expert on Code Access Security (CAS), but my understanding is
that you can set your security policy in two basic ways:
1. Via a configuration file, which allows you to manage security of many
code paths quickly.
2. Via the code itself, which would override any settings in a configuration
file.
-Scott
> The error we receive is the following:
I am assuming that the Delphi RAD has some of its own COM components
that the site runs on, like the Delphi runtime or something? That is
where your issue is with trust.
As the ISP will not run fully trusted (a wise move on their point),
there are three options I can think of.
1. Get rid of any Delphi training wheels and retool the code so it is
pure .NET. This will remove the dependency to the untrusted component
and solve the problem.
2. See if the ISP will "trust" the Delphi component, getting rid of the
error.
3. Upgrade your account to a server that you manage and then you can do
what you want with security, as you are not going to take down anyone
else with the trust issue. And, you can set up trust on Delphi.
I am making an assumption there are Delphi training wheels, which I feel
is a safe assumption based on your description. I could be incorrect and
there might be some other unsafe bit(s) in the app (like access to file
system outside of the web file system directories, etc). If so, you need
to resolve this problem before you go forward, as 2.0 does not allow
transversal the same way 1.x did.
Peace and Grace,
--
Gregory A. Beamer (MVP)
Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com
*******************************************
| Think outside the box! |
*******************************************
> The company I work for has developed an ASP.Net website in Delphi RAD
> Studio 2007. So far, several clients have received this website, no
> troubles so far.
My guess, mentioned in another answer, is this has something to do with
whatever Delphi adds in to get their stuff working in .NET. More likely,
there are helper methods in this library, making it required. Having not
used Delphi for .NET, I cannot be sure, but the runtime is most likely COM
based, from your description of the problem.
Solutions:
1. Get the ISP to trust the Delphi component
2. Move to an account where you have a complete virtual server you can
control and set it up how you need
You will not likely get the ISP to downgrade security, as it affects other
clients.
Peace and Grace,
--
Gregory A. Beamer
Microsoft MVP (Visual C# Architecture)
Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com
**********************************************
| Think outside the box! |
**********************************************