473,480 Members | 1,998 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Custom MembershipProvider and required trust levels

I have created a custom MembershipProvider called "LassieMembershipProvider"
that derives from "MembershipProvider". This providor is located in a
Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one of
my frontend websites I use this type to authenticate a user who is trying to
login.
The following excerpt is from the web.config of the particular site showing
the reference to the custom provider, allowing .Net to do most of the work
for me.

<membership defaultProvider="LassieMembershipProvider" >
<providers>
<add name="LassieMembershipProvider"
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
</providers>
</membership>

This all works fine in my test/development environment but when I place this
on our hosting server i get a nice error when I try and login:

Parser Error Message: Attempt to access the method failed.

Source Error:
Line 40: <providers>
Line 41: <add name="LassieMembershipProvider"
Line 42:
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
Line 43: </providers>
Line 44: </membership>

After a few hours of frustration I figured out the Provider only works when
the server/application is running in full trust. This really isnt a
preffered trust level to run in on a shared hosting server. I tryed changing
to other trust levels and only Full trust appears to work.
I am only using one method in my custom provider and it is accessing a Sql
Server Db (no prblem right?).
I dont see why a MembershipProvider would require fulltrust in order to run,
but in saying that I cant see where I am doing anything wrong (famous last
words).

Any help is always appreciated.
Graham


Nov 19 '05 #1
5 2507
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #2
That did the trick thanks.
When I ran the permcalc tool, I noticed that the type didnt show up in the
xml output, so I had aplay with the AllowPartiallyTrustedCaller setting and
then it decided to show up?? Im not sure why it wasnt before. But it does
now. It all seems to work fine.
Another thing I noticed is that you cant have a page in your website called
Login.aspx because it will error when you have published it (only after you
have published it) and say it cant cast it to be a
System.Web.UI.WebControl.Login. Strange.
Once I had sorted those issues out (i renamed the login page) and got it
uploaded to the server. I got another error with the default providers in
the machine.config requiring a "localsqlserver" connectionstring in my
web.config. This is totally not cool, why would a MembershipProvider that is
not being used whatsoever throw an error?
To fix this I went through the machine.config and removed all the default
providers and connectionstrings.

While I am a big fan of some of the new things included in .Net 2.0, some it
seems to just increase development more that the good things decrease it.
Thanks for your continued support
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:MC*************@TK2MSFTNGXA01.phx.gbl...
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to
sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe
in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is
trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #3
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other ASP.NET
2.0 service providers in machine.config/global Web.config file, they're all
necessary for the default ASP.NET 2.0 setting. By default, all the services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

..................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0, some
it
| seems to just increase development more that the good things decrease it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0 Membership
| > provider , it works well in "Full" trustlevel application , but fail to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong (famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #4
Steven
I can see why those defaults are there, but in our case we run a shared
hosting server and making clients change (or letting them access) the
default settings/providers from their own apps is not something our hosting
admin would be happy with (we all know that clients are stupid and
reckless).
Thank you for your quick reply.
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:iX****************@TK2MSFTNGXA01.phx.gbl...
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other
ASP.NET
2.0 service providers in machine.config/global Web.config file, they're
all
necessary for the default ASP.NET 2.0 setting. By default, all the
services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

.................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it
does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers
in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider
that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the
default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0,
some
it
| seems to just increase development more that the good things decrease
it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0
Membership
| > provider , it works well in "Full" trustlevel application , but fail
to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As
you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components
it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in
a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of
the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| >
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only
works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing
a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong
(famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #5
Thanks Graham,

Yes, I know that for publish web host, there should have the most
restricted permissions for the cilents. However, for those default provider
settings I think you can leave them there since it just use the SQLExpress
database. And since we can override the "defaultProvider" for those
services in each concrete application's web.config, that should also be the
clients' task to make the configuration for their application.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
<u3**************@TK2MSFTNGP09.phx.gbl>
<iX**************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Wed, 9 Nov 2005 09:49:53 +1300
| Lines: 289
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uj**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:137067
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Steven
| I can see why those defaults are there, but in our case we run a shared
| hosting server and making clients change (or letting them access) the
| default settings/providers from their own apps is not something our
hosting
| admin would be happy with (we all know that clients are stupid and
| reckless).
| Thank you for your quick reply.
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:iX****************@TK2MSFTNGXA01.phx.gbl...
| > Thanks for your response Graham,
| >
| > As for the new problem regarding on the default Membership or other
| > ASP.NET
| > 2.0 service providers in machine.config/global Web.config file, they're
| > all
| > necessary for the default ASP.NET 2.0 setting. By default, all the
| > services
| > use the localSqlServer connection string which point to a SQLExpress
file.
| > And those providers configured at machine level are all the default
| > providers and will be inherited in our ASP.NET 2.0 applications. So at
| > runtime, our concrete application's provider collection will also
contains
| > it due to the hierarchy configuration inheritance. So when we want
| > replace the default one with our custom provider, we can always use the
| > following configuration in our web application's web.config file:
| >
| > eg:
| >
| > =====================
| > <system.web>
| >
| > <membership>
| > <providers>
| > <remove name="AspNetSqlMembershipProvider" />
| >
| > <add name="our custom provider"
| > type="custom t ype , assemly"
| > connectionStringName="xxx"
| > ................
| > />
| >
| > </providers>
| > </membership>
| >
| > .................
| > =========================
| >
| > Also, we can specify our custom provider as the default one. So in
ASP.NET
| > 2.0 all the inheritable configuration in super config file will be added
| > into sub application's configuration collection, we can flexibly remove
or
| > replace them at application level (not necessary modify the
| > machine.config.. or global web.config...)
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | References: <O4**************@TK2MSFTNGP12.phx.gbl>
| > <MC*************@TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: Custom MembershipProvider and required trust levels
| > | Date: Tue, 8 Nov 2005 10:05:27 +1300
| > | Lines: 165
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136735
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | That did the trick thanks.
| > | When I ran the permcalc tool, I noticed that the type didnt show up in
| > the
| > | xml output, so I had aplay with the AllowPartiallyTrustedCaller
setting
| > and
| > | then it decided to show up?? Im not sure why it wasnt before. But it
| > does
| > | now. It all seems to work fine.
| > | Another thing I noticed is that you cant have a page in your website
| > called
| > | Login.aspx because it will error when you have published it (only
after
| > you
| > | have published it) and say it cant cast it to be a
| > | System.Web.UI.WebControl.Login. Strange.
| > | Once I had sorted those issues out (i renamed the login page) and got
it
| > | uploaded to the server. I got another error with the default
providers
| > in
| > | the machine.config requiring a "localsqlserver" connectionstring in my
| > | web.config. This is totally not cool, why would a MembershipProvider
| > that
| > is
| > | not being used whatsoever throw an error?
| > | To fix this I went through the machine.config and removed all the
| > default
| > | providers and connectionstrings.
| > |
| > | While I am a big fan of some of the new things included in .Net 2.0,
| > some
| > it
| > | seems to just increase development more that the good things decrease
| > it.
| > | Thanks for your continued support
| > | Graham
| > |
| > | "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| > | news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > | > Hi Graham,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > From your description, you've developed a custom ASP.NET 2.0
| > Membership
| > | > provider , it works well in "Full" trustlevel application , but
fail
| > to
| > | > work in non-Full trustlevel host enviornment, yes?
| > | >
| > | > Based on my experience, such problem could be caused by two things:
| > | >
| > | > 1. There're some reference assemblies which does not allow Partial
| > Trusted
| > | > caller
| > | >
| > | > 2. There 're some classes in certain referenced assembly which
| > explicitly
| > | > demain certain permission which only available in Full trust level.
| > | >
| > | > For the #1, we can try apply the following Attribute on our custom
| > | > membership provider 's assembly:
| > | >
| > | > AllowPartiallyTrustedCallersAttribute
| > | >
| > | > this will allow partial trusted caller to load our assembly.
| > | >
| > | > If the above not work, there may contains some class which demand
some
| > | > certain permission which is only available in "Full" trust level.
As
| > you
| > | > mentioned that you only have data accessing code (connect to
| > | > sqlserver...),
| > | > are you using the SqlClient or OleDb component? For OleDb
Components
| > it
| > | > require Full Trust level. If you can not figure out the actual
class
| > and
| > | > permission demand that cause the problem, we have to sandbox our
| > assembly
| > | > so as to make it granted FullTrust permission. One approach is to
| > | > strong-named it and put into GAC, all the assemblies in GAC has full
| > trust
| > | > permssionset. You can refer to the following MSDN article on
ASP.NET
| > code
| > | > access:
| > | >
| > | >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > | > /secmod82.asp
| > | >
| > | > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
| > minmal
| > | > required permission set for a given assembly( just like the
| > permview.exe
| > | > in
| > | > net 1.x). You can also use it to have a look at your custom
assembly's
| > | > permission sets.
| > | >
| > | > Hope helps. Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | From: "Graham" <en*******@newsgroups.nospam>
| > | > | Subject: Custom MembershipProvider and required trust levels
| > | > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | > | Lines: 49
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
| > 222.153.144.207
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet:136471
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > | > |
| > | > | I have created a custom MembershipProvider called
| > | > "LassieMembershipProvider"
| > | > | that derives from "MembershipProvider". This providor is located
in
| > a
| > | > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic".
In
| > one
| > | > of
| > | > | my frontend websites I use this type to authenticate a user who is
| > | > trying
| > | > to
| > | > | login.
| > | > | The following excerpt is from the web.config of the particular
site
| > | > showing
| > | > | the reference to the custom provider, allowing .Net to do most of
| > the
| > | > work
| > | > | for me.
| > | > |
| > | > | <membership defaultProvider="LassieMembershipProvider" >
| > | > | <providers>
| > | > | <add name="LassieMembershipProvider"
| > | > |
| > | >
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | </providers>
| > | > | </membership>
| > | > |
| > | > | This all works fine in my test/development environment but when I
| > place
| > | > this
| > | > | on our hosting server i get a nice error when I try and login:
| > | > |
| > | > | Parser Error Message: Attempt to access the method failed.
| > | > |
| > | > | Source Error:
| > | > |
| > | > |
| > | > | Line 40: <providers>
| > | > | Line 41: <add name="LassieMembershipProvider"
| > | > | Line 42:
| > | > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | Line 43: </providers>
| > | > | Line 44: </membership>
| > | > |
| > | > | After a few hours of frustration I figured out the Provider only
| > works
| > | > when
| > | > | the server/application is running in full trust. This really isnt
a
| > | > | preffered trust level to run in on a shared hosting server. I
tryed
| > | > changing
| > | > | to other trust levels and only Full trust appears to work.
| > | > | I am only using one method in my custom provider and it is
accessing
| > a
| > | > Sql
| > | > | Server Db (no prblem right?).
| > | > | I dont see why a MembershipProvider would require fulltrust in
order
| > to
| > | > run,
| > | > | but in saying that I cant see where I am doing anything wrong
| > (famous
| > | > last
| > | > | words).
| > | > |
| > | > | Any help is always appreciated.
| > | > | Graham
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
1956
Custom MembershipProvider
by: WB | last post by:
Hi, I am revamping my company's website using .Net 2.0 & C#. I would like to implement my own custom membership provider to manage membership information already stored in my existing SQL 2000...
.NET Framework
6
2208
Profile or Custom Class How to migrate to ASP.NEt 2.0
by: Shimon Sim | last post by:
Hi I am working on application that need to hold custom user information - Last and first name, email, some other domain related information. I used to create Base class for all my pages. The base...
ASP.NET
2
2614
Debugging Custom MembershipProvider?
by: Mark Olbert | last post by:
So far, I am more than a little underwhelmed by the Membership API in ASPNET2, and the ASP.NET Configuration wizard in VS2005. The latter is slow as a pig whenever it does anything. Oh well, at...
ASP.NET
0
1408
Debugging Custom MembershipProvider/RoleProvider Classes
by: Mark Olbert | last post by:
I'm posting this here to save other folks some hair-pulling time. No need to respond. You can debug custom MembershipProvider and RoleProvider classes under the ASPNET Configuration tool by...
ASP.NET
0
2278
Want to create a custom membership provider, but use SQLMembershipProvider functionality
by: Mwob | last post by:
Hi all, I'm about to start creating a custom membership provider. Its for a website that already has a table of users in a single table, so I need to create a custom MP to talk to the data in...
ASP.NET
5
8266
Custom Role Provider give "can't load type error"
by: Alias | last post by:
Hi - I'm trying to implement a custom RoleProvider based on the SqlRoleProvider. I keep receiving a an error that it can't load type 'MyRoleTest.MyRoleProvider' when trying to load my...
ASP.NET
8
5253
Problems With Custom RoleProvider and Forms Authentication
by: Tomasz | last post by:
Hello Developers! I have an interesting problem using my custom MembershipProvider, RoleProvider and Forms Authentication. Both MembershipProvider and RoleProvider require session state, where...
ASP.NET
4
4727
Custom MembershipProvider - WAT "Type not resolved" error
by: freeflytim | last post by:
I'm trying to implement a custom MembershipProvider (and RoleProvider) together with a custom MembershipUser class in C#, Asp.Net 2.0, MS Visual Studio 2005. Everything has worked fine so far,...
ASP.NET
0
2096
Custom provider in partial trust mode
by: Atul Thombre | last post by:
Hello, I am developing a custom membership provider. For that I built a prototype that uses a SQL Server 2005 database as a backend store. I implemented the class...
.NET Framework
0
7041
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7081
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
4776
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4481
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
2995
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
2984
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1300
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
563
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
179
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us