By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,595 Members | 3,721 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,595 IT Pros & Developers. It's quick & easy.

Custom MembershipProvider and required trust levels

P: n/a
I have created a custom MembershipProvider called "LassieMembershipProvider"
that derives from "MembershipProvider". This providor is located in a
Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one of
my frontend websites I use this type to authenticate a user who is trying to
login.
The following excerpt is from the web.config of the particular site showing
the reference to the custom provider, allowing .Net to do most of the work
for me.

<membership defaultProvider="LassieMembershipProvider" >
<providers>
<add name="LassieMembershipProvider"
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
</providers>
</membership>

This all works fine in my test/development environment but when I place this
on our hosting server i get a nice error when I try and login:

Parser Error Message: Attempt to access the method failed.

Source Error:
Line 40: <providers>
Line 41: <add name="LassieMembershipProvider"
Line 42:
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
Line 43: </providers>
Line 44: </membership>

After a few hours of frustration I figured out the Provider only works when
the server/application is running in full trust. This really isnt a
preffered trust level to run in on a shared hosting server. I tryed changing
to other trust levels and only Full trust appears to work.
I am only using one method in my custom provider and it is accessing a Sql
Server Db (no prblem right?).
I dont see why a MembershipProvider would require fulltrust in order to run,
but in saying that I cant see where I am doing anything wrong (famous last
words).

Any help is always appreciated.
Graham


Nov 19 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #2

P: n/a
That did the trick thanks.
When I ran the permcalc tool, I noticed that the type didnt show up in the
xml output, so I had aplay with the AllowPartiallyTrustedCaller setting and
then it decided to show up?? Im not sure why it wasnt before. But it does
now. It all seems to work fine.
Another thing I noticed is that you cant have a page in your website called
Login.aspx because it will error when you have published it (only after you
have published it) and say it cant cast it to be a
System.Web.UI.WebControl.Login. Strange.
Once I had sorted those issues out (i renamed the login page) and got it
uploaded to the server. I got another error with the default providers in
the machine.config requiring a "localsqlserver" connectionstring in my
web.config. This is totally not cool, why would a MembershipProvider that is
not being used whatsoever throw an error?
To fix this I went through the machine.config and removed all the default
providers and connectionstrings.

While I am a big fan of some of the new things included in .Net 2.0, some it
seems to just increase development more that the good things decrease it.
Thanks for your continued support
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:MC*************@TK2MSFTNGXA01.phx.gbl...
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to
sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe
in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is
trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #3

P: n/a
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other ASP.NET
2.0 service providers in machine.config/global Web.config file, they're all
necessary for the default ASP.NET 2.0 setting. By default, all the services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

..................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0, some
it
| seems to just increase development more that the good things decrease it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0 Membership
| > provider , it works well in "Full" trustlevel application , but fail to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong (famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #4

P: n/a
Steven
I can see why those defaults are there, but in our case we run a shared
hosting server and making clients change (or letting them access) the
default settings/providers from their own apps is not something our hosting
admin would be happy with (we all know that clients are stupid and
reckless).
Thank you for your quick reply.
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:iX****************@TK2MSFTNGXA01.phx.gbl...
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other
ASP.NET
2.0 service providers in machine.config/global Web.config file, they're
all
necessary for the default ASP.NET 2.0 setting. By default, all the
services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

.................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it
does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers
in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider
that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the
default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0,
some
it
| seems to just increase development more that the good things decrease
it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0
Membership
| > provider , it works well in "Full" trustlevel application , but fail
to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As
you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components
it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in
a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of
the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| >
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only
works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing
a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong
(famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #5

P: n/a
Thanks Graham,

Yes, I know that for publish web host, there should have the most
restricted permissions for the cilents. However, for those default provider
settings I think you can leave them there since it just use the SQLExpress
database. And since we can override the "defaultProvider" for those
services in each concrete application's web.config, that should also be the
clients' task to make the configuration for their application.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
<u3**************@TK2MSFTNGP09.phx.gbl>
<iX**************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Wed, 9 Nov 2005 09:49:53 +1300
| Lines: 289
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uj**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:137067
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Steven
| I can see why those defaults are there, but in our case we run a shared
| hosting server and making clients change (or letting them access) the
| default settings/providers from their own apps is not something our
hosting
| admin would be happy with (we all know that clients are stupid and
| reckless).
| Thank you for your quick reply.
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:iX****************@TK2MSFTNGXA01.phx.gbl...
| > Thanks for your response Graham,
| >
| > As for the new problem regarding on the default Membership or other
| > ASP.NET
| > 2.0 service providers in machine.config/global Web.config file, they're
| > all
| > necessary for the default ASP.NET 2.0 setting. By default, all the
| > services
| > use the localSqlServer connection string which point to a SQLExpress
file.
| > And those providers configured at machine level are all the default
| > providers and will be inherited in our ASP.NET 2.0 applications. So at
| > runtime, our concrete application's provider collection will also
contains
| > it due to the hierarchy configuration inheritance. So when we want
| > replace the default one with our custom provider, we can always use the
| > following configuration in our web application's web.config file:
| >
| > eg:
| >
| > =====================
| > <system.web>
| >
| > <membership>
| > <providers>
| > <remove name="AspNetSqlMembershipProvider" />
| >
| > <add name="our custom provider"
| > type="custom t ype , assemly"
| > connectionStringName="xxx"
| > ................
| > />
| >
| > </providers>
| > </membership>
| >
| > .................
| > =========================
| >
| > Also, we can specify our custom provider as the default one. So in
ASP.NET
| > 2.0 all the inheritable configuration in super config file will be added
| > into sub application's configuration collection, we can flexibly remove
or
| > replace them at application level (not necessary modify the
| > machine.config.. or global web.config...)
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | References: <O4**************@TK2MSFTNGP12.phx.gbl>
| > <MC*************@TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: Custom MembershipProvider and required trust levels
| > | Date: Tue, 8 Nov 2005 10:05:27 +1300
| > | Lines: 165
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136735
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | That did the trick thanks.
| > | When I ran the permcalc tool, I noticed that the type didnt show up in
| > the
| > | xml output, so I had aplay with the AllowPartiallyTrustedCaller
setting
| > and
| > | then it decided to show up?? Im not sure why it wasnt before. But it
| > does
| > | now. It all seems to work fine.
| > | Another thing I noticed is that you cant have a page in your website
| > called
| > | Login.aspx because it will error when you have published it (only
after
| > you
| > | have published it) and say it cant cast it to be a
| > | System.Web.UI.WebControl.Login. Strange.
| > | Once I had sorted those issues out (i renamed the login page) and got
it
| > | uploaded to the server. I got another error with the default
providers
| > in
| > | the machine.config requiring a "localsqlserver" connectionstring in my
| > | web.config. This is totally not cool, why would a MembershipProvider
| > that
| > is
| > | not being used whatsoever throw an error?
| > | To fix this I went through the machine.config and removed all the
| > default
| > | providers and connectionstrings.
| > |
| > | While I am a big fan of some of the new things included in .Net 2.0,
| > some
| > it
| > | seems to just increase development more that the good things decrease
| > it.
| > | Thanks for your continued support
| > | Graham
| > |
| > | "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| > | news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > | > Hi Graham,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > From your description, you've developed a custom ASP.NET 2.0
| > Membership
| > | > provider , it works well in "Full" trustlevel application , but
fail
| > to
| > | > work in non-Full trustlevel host enviornment, yes?
| > | >
| > | > Based on my experience, such problem could be caused by two things:
| > | >
| > | > 1. There're some reference assemblies which does not allow Partial
| > Trusted
| > | > caller
| > | >
| > | > 2. There 're some classes in certain referenced assembly which
| > explicitly
| > | > demain certain permission which only available in Full trust level.
| > | >
| > | > For the #1, we can try apply the following Attribute on our custom
| > | > membership provider 's assembly:
| > | >
| > | > AllowPartiallyTrustedCallersAttribute
| > | >
| > | > this will allow partial trusted caller to load our assembly.
| > | >
| > | > If the above not work, there may contains some class which demand
some
| > | > certain permission which is only available in "Full" trust level.
As
| > you
| > | > mentioned that you only have data accessing code (connect to
| > | > sqlserver...),
| > | > are you using the SqlClient or OleDb component? For OleDb
Components
| > it
| > | > require Full Trust level. If you can not figure out the actual
class
| > and
| > | > permission demand that cause the problem, we have to sandbox our
| > assembly
| > | > so as to make it granted FullTrust permission. One approach is to
| > | > strong-named it and put into GAC, all the assemblies in GAC has full
| > trust
| > | > permssionset. You can refer to the following MSDN article on
ASP.NET
| > code
| > | > access:
| > | >
| > | >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > | > /secmod82.asp
| > | >
| > | > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
| > minmal
| > | > required permission set for a given assembly( just like the
| > permview.exe
| > | > in
| > | > net 1.x). You can also use it to have a look at your custom
assembly's
| > | > permission sets.
| > | >
| > | > Hope helps. Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | From: "Graham" <en*******@newsgroups.nospam>
| > | > | Subject: Custom MembershipProvider and required trust levels
| > | > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | > | Lines: 49
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
| > 222.153.144.207
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet:136471
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > | > |
| > | > | I have created a custom MembershipProvider called
| > | > "LassieMembershipProvider"
| > | > | that derives from "MembershipProvider". This providor is located
in
| > a
| > | > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic".
In
| > one
| > | > of
| > | > | my frontend websites I use this type to authenticate a user who is
| > | > trying
| > | > to
| > | > | login.
| > | > | The following excerpt is from the web.config of the particular
site
| > | > showing
| > | > | the reference to the custom provider, allowing .Net to do most of
| > the
| > | > work
| > | > | for me.
| > | > |
| > | > | <membership defaultProvider="LassieMembershipProvider" >
| > | > | <providers>
| > | > | <add name="LassieMembershipProvider"
| > | > |
| > | >
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | </providers>
| > | > | </membership>
| > | > |
| > | > | This all works fine in my test/development environment but when I
| > place
| > | > this
| > | > | on our hosting server i get a nice error when I try and login:
| > | > |
| > | > | Parser Error Message: Attempt to access the method failed.
| > | > |
| > | > | Source Error:
| > | > |
| > | > |
| > | > | Line 40: <providers>
| > | > | Line 41: <add name="LassieMembershipProvider"
| > | > | Line 42:
| > | > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | Line 43: </providers>
| > | > | Line 44: </membership>
| > | > |
| > | > | After a few hours of frustration I figured out the Provider only
| > works
| > | > when
| > | > | the server/application is running in full trust. This really isnt
a
| > | > | preffered trust level to run in on a shared hosting server. I
tryed
| > | > changing
| > | > | to other trust levels and only Full trust appears to work.
| > | > | I am only using one method in my custom provider and it is
accessing
| > a
| > | > Sql
| > | > | Server Db (no prblem right?).
| > | > | I dont see why a MembershipProvider would require fulltrust in
order
| > to
| > | > run,
| > | > | but in saying that I cant see where I am doing anything wrong
| > (famous
| > | > last
| > | > | words).
| > | > |
| > | > | Any help is always appreciated.
| > | > | Graham
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.