473,224 Members | 1,291 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

Custom MembershipProvider and required trust levels

I have created a custom MembershipProvider called "LassieMembershipProvider"
that derives from "MembershipProvider". This providor is located in a
Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one of
my frontend websites I use this type to authenticate a user who is trying to
login.
The following excerpt is from the web.config of the particular site showing
the reference to the custom provider, allowing .Net to do most of the work
for me.

<membership defaultProvider="LassieMembershipProvider" >
<providers>
<add name="LassieMembershipProvider"
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
</providers>
</membership>

This all works fine in my test/development environment but when I place this
on our hosting server i get a nice error when I try and login:

Parser Error Message: Attempt to access the method failed.

Source Error:
Line 40: <providers>
Line 41: <add name="LassieMembershipProvider"
Line 42:
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
Enlighten.LinkMad.Businesslogic" />
Line 43: </providers>
Line 44: </membership>

After a few hours of frustration I figured out the Provider only works when
the server/application is running in full trust. This really isnt a
preffered trust level to run in on a shared hosting server. I tryed changing
to other trust levels and only Full trust appears to work.
I am only using one method in my custom provider and it is accessing a Sql
Server Db (no prblem right?).
I dont see why a MembershipProvider would require fulltrust in order to run,
but in saying that I cant see where I am doing anything wrong (famous last
words).

Any help is always appreciated.
Graham


Nov 19 '05 #1
5 2487
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #2
That did the trick thanks.
When I ran the permcalc tool, I noticed that the type didnt show up in the
xml output, so I had aplay with the AllowPartiallyTrustedCaller setting and
then it decided to show up?? Im not sure why it wasnt before. But it does
now. It all seems to work fine.
Another thing I noticed is that you cant have a page in your website called
Login.aspx because it will error when you have published it (only after you
have published it) and say it cant cast it to be a
System.Web.UI.WebControl.Login. Strange.
Once I had sorted those issues out (i renamed the login page) and got it
uploaded to the server. I got another error with the default providers in
the machine.config requiring a "localsqlserver" connectionstring in my
web.config. This is totally not cool, why would a MembershipProvider that is
not being used whatsoever throw an error?
To fix this I went through the machine.config and removed all the default
providers and connectionstrings.

While I am a big fan of some of the new things included in .Net 2.0, some it
seems to just increase development more that the good things decrease it.
Thanks for your continued support
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:MC*************@TK2MSFTNGXA01.phx.gbl...
Hi Graham,

Welcome to ASPNET newsgroup.
From your description, you've developed a custom ASP.NET 2.0 Membership
provider , it works well in "Full" trustlevel application , but fail to
work in non-Full trustlevel host enviornment, yes?

Based on my experience, such problem could be caused by two things:

1. There're some reference assemblies which does not allow Partial Trusted
caller

2. There 're some classes in certain referenced assembly which explicitly
demain certain permission which only available in Full trust level.

For the #1, we can try apply the following Attribute on our custom
membership provider 's assembly:

AllowPartiallyTrustedCallersAttribute

this will allow partial trusted caller to load our assembly.

If the above not work, there may contains some class which demand some
certain permission which is only available in "Full" trust level. As you
mentioned that you only have data accessing code (connect to
sqlserver...),
are you using the SqlClient or OleDb component? For OleDb Components it
require Full Trust level. If you can not figure out the actual class and
permission demand that cause the problem, we have to sandbox our assembly
so as to make it granted FullTrust permission. One approach is to
strong-named it and put into GAC, all the assemblies in GAC has full trust
permssionset. You can refer to the following MSDN article on ASP.NET code
access:

http://msdn.microsoft.com/library/de...us/secmod/html
/secmod82.asp

BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating minmal
required permission set for a given assembly( just like the permview.exe
in
net 1.x). You can also use it to have a look at your custom assembly's
permission sets.

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| Subject: Custom MembershipProvider and required trust levels
| Date: Mon, 7 Nov 2005 10:43:21 +1300
| Lines: 49
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136471
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have created a custom MembershipProvider called
"LassieMembershipProvider"
| that derives from "MembershipProvider". This providor is located in a
| Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one
of
| my frontend websites I use this type to authenticate a user who is
trying
to
| login.
| The following excerpt is from the web.config of the particular site
showing
| the reference to the custom provider, allowing .Net to do most of the
work
| for me.
|
| <membership defaultProvider="LassieMembershipProvider" >
| <providers>
| <add name="LassieMembershipProvider"
|
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| </providers>
| </membership>
|
| This all works fine in my test/development environment but when I place
this
| on our hosting server i get a nice error when I try and login:
|
| Parser Error Message: Attempt to access the method failed.
|
| Source Error:
|
|
| Line 40: <providers>
| Line 41: <add name="LassieMembershipProvider"
| Line 42:
| type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| Enlighten.LinkMad.Businesslogic" />
| Line 43: </providers>
| Line 44: </membership>
|
| After a few hours of frustration I figured out the Provider only works
when
| the server/application is running in full trust. This really isnt a
| preffered trust level to run in on a shared hosting server. I tryed
changing
| to other trust levels and only Full trust appears to work.
| I am only using one method in my custom provider and it is accessing a
Sql
| Server Db (no prblem right?).
| I dont see why a MembershipProvider would require fulltrust in order to
run,
| but in saying that I cant see where I am doing anything wrong (famous
last
| words).
|
| Any help is always appreciated.
| Graham
|
|
|
|
|

Nov 19 '05 #3
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other ASP.NET
2.0 service providers in machine.config/global Web.config file, they're all
necessary for the default ASP.NET 2.0 setting. By default, all the services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

..................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0, some
it
| seems to just increase development more that the good things decrease it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0 Membership
| > provider , it works well in "Full" trustlevel application , but fail to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong (famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #4
Steven
I can see why those defaults are there, but in our case we run a shared
hosting server and making clients change (or letting them access) the
default settings/providers from their own apps is not something our hosting
admin would be happy with (we all know that clients are stupid and
reckless).
Thank you for your quick reply.
Graham

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:iX****************@TK2MSFTNGXA01.phx.gbl...
Thanks for your response Graham,

As for the new problem regarding on the default Membership or other
ASP.NET
2.0 service providers in machine.config/global Web.config file, they're
all
necessary for the default ASP.NET 2.0 setting. By default, all the
services
use the localSqlServer connection string which point to a SQLExpress file.
And those providers configured at machine level are all the default
providers and will be inherited in our ASP.NET 2.0 applications. So at
runtime, our concrete application's provider collection will also contains
it due to the hierarchy configuration inheritance. So when we want
replace the default one with our custom provider, we can always use the
following configuration in our web application's web.config file:

eg:

=====================
<system.web>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />

<add name="our custom provider"
type="custom t ype , assemly"
connectionStringName="xxx"
................
/>

</providers>
</membership>

.................
=========================

Also, we can specify our custom provider as the default one. So in ASP.NET
2.0 all the inheritable configuration in super config file will be added
into sub application's configuration collection, we can flexibly remove or
replace them at application level (not necessary modify the
machine.config.. or global web.config...)

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Tue, 8 Nov 2005 10:05:27 +1300
| Lines: 165
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:136735
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| That did the trick thanks.
| When I ran the permcalc tool, I noticed that the type didnt show up in
the
| xml output, so I had aplay with the AllowPartiallyTrustedCaller setting
and
| then it decided to show up?? Im not sure why it wasnt before. But it
does
| now. It all seems to work fine.
| Another thing I noticed is that you cant have a page in your website
called
| Login.aspx because it will error when you have published it (only after
you
| have published it) and say it cant cast it to be a
| System.Web.UI.WebControl.Login. Strange.
| Once I had sorted those issues out (i renamed the login page) and got it
| uploaded to the server. I got another error with the default providers
in
| the machine.config requiring a "localsqlserver" connectionstring in my
| web.config. This is totally not cool, why would a MembershipProvider
that
is
| not being used whatsoever throw an error?
| To fix this I went through the machine.config and removed all the
default
| providers and connectionstrings.
|
| While I am a big fan of some of the new things included in .Net 2.0,
some
it
| seems to just increase development more that the good things decrease
it.
| Thanks for your continued support
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > Hi Graham,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you've developed a custom ASP.NET 2.0
Membership
| > provider , it works well in "Full" trustlevel application , but fail
to
| > work in non-Full trustlevel host enviornment, yes?
| >
| > Based on my experience, such problem could be caused by two things:
| >
| > 1. There're some reference assemblies which does not allow Partial
Trusted
| > caller
| >
| > 2. There 're some classes in certain referenced assembly which
explicitly
| > demain certain permission which only available in Full trust level.
| >
| > For the #1, we can try apply the following Attribute on our custom
| > membership provider 's assembly:
| >
| > AllowPartiallyTrustedCallersAttribute
| >
| > this will allow partial trusted caller to load our assembly.
| >
| > If the above not work, there may contains some class which demand some
| > certain permission which is only available in "Full" trust level. As
you
| > mentioned that you only have data accessing code (connect to
| > sqlserver...),
| > are you using the SqlClient or OleDb component? For OleDb Components
it
| > require Full Trust level. If you can not figure out the actual class
and
| > permission demand that cause the problem, we have to sandbox our
assembly
| > so as to make it granted FullTrust permission. One approach is to
| > strong-named it and put into GAC, all the assemblies in GAC has full
trust
| > permssionset. You can refer to the following MSDN article on ASP.NET
code
| > access:
| >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > /secmod82.asp
| >
| > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
minmal
| > required permission set for a given assembly( just like the
permview.exe
| > in
| > net 1.x). You can also use it to have a look at your custom assembly's
| > permission sets.
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | Subject: Custom MembershipProvider and required trust levels
| > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | Lines: 49
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136471
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have created a custom MembershipProvider called
| > "LassieMembershipProvider"
| > | that derives from "MembershipProvider". This providor is located in
a
| > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In
one
| > of
| > | my frontend websites I use this type to authenticate a user who is
| > trying
| > to
| > | login.
| > | The following excerpt is from the web.config of the particular site
| > showing
| > | the reference to the custom provider, allowing .Net to do most of
the
| > work
| > | for me.
| > |
| > | <membership defaultProvider="LassieMembershipProvider" >
| > | <providers>
| > | <add name="LassieMembershipProvider"
| > |
| >
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | </providers>
| > | </membership>
| > |
| > | This all works fine in my test/development environment but when I
place
| > this
| > | on our hosting server i get a nice error when I try and login:
| > |
| > | Parser Error Message: Attempt to access the method failed.
| > |
| > | Source Error:
| > |
| > |
| > | Line 40: <providers>
| > | Line 41: <add name="LassieMembershipProvider"
| > | Line 42:
| > |
type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | Enlighten.LinkMad.Businesslogic" />
| > | Line 43: </providers>
| > | Line 44: </membership>
| > |
| > | After a few hours of frustration I figured out the Provider only
works
| > when
| > | the server/application is running in full trust. This really isnt a
| > | preffered trust level to run in on a shared hosting server. I tryed
| > changing
| > | to other trust levels and only Full trust appears to work.
| > | I am only using one method in my custom provider and it is accessing
a
| > Sql
| > | Server Db (no prblem right?).
| > | I dont see why a MembershipProvider would require fulltrust in order
to
| > run,
| > | but in saying that I cant see where I am doing anything wrong
(famous
| > last
| > | words).
| > |
| > | Any help is always appreciated.
| > | Graham
| > |
| > |
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #5
Thanks Graham,

Yes, I know that for publish web host, there should have the most
restricted permissions for the cilents. However, for those default provider
settings I think you can leave them there since it just use the SQLExpress
database. And since we can override the "defaultProvider" for those
services in each concrete application's web.config, that should also be the
clients' task to make the configuration for their application.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Graham" <en*******@newsgroups.nospam>
| References: <O4**************@TK2MSFTNGP12.phx.gbl>
<MC*************@TK2MSFTNGXA01.phx.gbl>
<u3**************@TK2MSFTNGP09.phx.gbl>
<iX**************@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Custom MembershipProvider and required trust levels
| Date: Wed, 9 Nov 2005 09:49:53 +1300
| Lines: 289
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uj**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz 222.153.144.207
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:137067
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Steven
| I can see why those defaults are there, but in our case we run a shared
| hosting server and making clients change (or letting them access) the
| default settings/providers from their own apps is not something our
hosting
| admin would be happy with (we all know that clients are stupid and
| reckless).
| Thank you for your quick reply.
| Graham
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:iX****************@TK2MSFTNGXA01.phx.gbl...
| > Thanks for your response Graham,
| >
| > As for the new problem regarding on the default Membership or other
| > ASP.NET
| > 2.0 service providers in machine.config/global Web.config file, they're
| > all
| > necessary for the default ASP.NET 2.0 setting. By default, all the
| > services
| > use the localSqlServer connection string which point to a SQLExpress
file.
| > And those providers configured at machine level are all the default
| > providers and will be inherited in our ASP.NET 2.0 applications. So at
| > runtime, our concrete application's provider collection will also
contains
| > it due to the hierarchy configuration inheritance. So when we want
| > replace the default one with our custom provider, we can always use the
| > following configuration in our web application's web.config file:
| >
| > eg:
| >
| > =====================
| > <system.web>
| >
| > <membership>
| > <providers>
| > <remove name="AspNetSqlMembershipProvider" />
| >
| > <add name="our custom provider"
| > type="custom t ype , assemly"
| > connectionStringName="xxx"
| > ................
| > />
| >
| > </providers>
| > </membership>
| >
| > .................
| > =========================
| >
| > Also, we can specify our custom provider as the default one. So in
ASP.NET
| > 2.0 all the inheritable configuration in super config file will be added
| > into sub application's configuration collection, we can flexibly remove
or
| > replace them at application level (not necessary modify the
| > machine.config.. or global web.config...)
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| > --------------------
| > | From: "Graham" <en*******@newsgroups.nospam>
| > | References: <O4**************@TK2MSFTNGP12.phx.gbl>
| > <MC*************@TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: Custom MembershipProvider and required trust levels
| > | Date: Tue, 8 Nov 2005 10:05:27 +1300
| > | Lines: 165
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <u3**************@TK2MSFTNGP09.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
222.153.144.207
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:136735
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | That did the trick thanks.
| > | When I ran the permcalc tool, I noticed that the type didnt show up in
| > the
| > | xml output, so I had aplay with the AllowPartiallyTrustedCaller
setting
| > and
| > | then it decided to show up?? Im not sure why it wasnt before. But it
| > does
| > | now. It all seems to work fine.
| > | Another thing I noticed is that you cant have a page in your website
| > called
| > | Login.aspx because it will error when you have published it (only
after
| > you
| > | have published it) and say it cant cast it to be a
| > | System.Web.UI.WebControl.Login. Strange.
| > | Once I had sorted those issues out (i renamed the login page) and got
it
| > | uploaded to the server. I got another error with the default
providers
| > in
| > | the machine.config requiring a "localsqlserver" connectionstring in my
| > | web.config. This is totally not cool, why would a MembershipProvider
| > that
| > is
| > | not being used whatsoever throw an error?
| > | To fix this I went through the machine.config and removed all the
| > default
| > | providers and connectionstrings.
| > |
| > | While I am a big fan of some of the new things included in .Net 2.0,
| > some
| > it
| > | seems to just increase development more that the good things decrease
| > it.
| > | Thanks for your continued support
| > | Graham
| > |
| > | "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| > | news:MC*************@TK2MSFTNGXA01.phx.gbl...
| > | > Hi Graham,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > From your description, you've developed a custom ASP.NET 2.0
| > Membership
| > | > provider , it works well in "Full" trustlevel application , but
fail
| > to
| > | > work in non-Full trustlevel host enviornment, yes?
| > | >
| > | > Based on my experience, such problem could be caused by two things:
| > | >
| > | > 1. There're some reference assemblies which does not allow Partial
| > Trusted
| > | > caller
| > | >
| > | > 2. There 're some classes in certain referenced assembly which
| > explicitly
| > | > demain certain permission which only available in Full trust level.
| > | >
| > | > For the #1, we can try apply the following Attribute on our custom
| > | > membership provider 's assembly:
| > | >
| > | > AllowPartiallyTrustedCallersAttribute
| > | >
| > | > this will allow partial trusted caller to load our assembly.
| > | >
| > | > If the above not work, there may contains some class which demand
some
| > | > certain permission which is only available in "Full" trust level.
As
| > you
| > | > mentioned that you only have data accessing code (connect to
| > | > sqlserver...),
| > | > are you using the SqlClient or OleDb component? For OleDb
Components
| > it
| > | > require Full Trust level. If you can not figure out the actual
class
| > and
| > | > permission demand that cause the problem, we have to sandbox our
| > assembly
| > | > so as to make it granted FullTrust permission. One approach is to
| > | > strong-named it and put into GAC, all the assemblies in GAC has full
| > trust
| > | > permssionset. You can refer to the following MSDN article on
ASP.NET
| > code
| > | > access:
| > | >
| > | >
| >
http://msdn.microsoft.com/library/de...us/secmod/html
| > | > /secmod82.asp
| > | >
| > | > BTW, in .NET 2.0 , it provide the permCalc.exe tool for calculating
| > minmal
| > | > required permission set for a given assembly( just like the
| > permview.exe
| > | > in
| > | > net 1.x). You can also use it to have a look at your custom
assembly's
| > | > permission sets.
| > | >
| > | > Hope helps. Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | From: "Graham" <en*******@newsgroups.nospam>
| > | > | Subject: Custom MembershipProvider and required trust levels
| > | > | Date: Mon, 7 Nov 2005 10:43:21 +1300
| > | > | Lines: 49
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | > | Message-ID: <O4**************@TK2MSFTNGP12.phx.gbl>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | > | NNTP-Posting-Host: 222-153-144-207.jetstream.xtra.co.nz
| > 222.153.144.207
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet:136471
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > | > |
| > | > | I have created a custom MembershipProvider called
| > | > "LassieMembershipProvider"
| > | > | that derives from "MembershipProvider". This providor is located
in
| > a
| > | > | Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic".
In
| > one
| > | > of
| > | > | my frontend websites I use this type to authenticate a user who is
| > | > trying
| > | > to
| > | > | login.
| > | > | The following excerpt is from the web.config of the particular
site
| > | > showing
| > | > | the reference to the custom provider, allowing .Net to do most of
| > the
| > | > work
| > | > | for me.
| > | > |
| > | > | <membership defaultProvider="LassieMembershipProvider" >
| > | > | <providers>
| > | > | <add name="LassieMembershipProvider"
| > | > |
| > | >
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | </providers>
| > | > | </membership>
| > | > |
| > | > | This all works fine in my test/development environment but when I
| > place
| > | > this
| > | > | on our hosting server i get a nice error when I try and login:
| > | > |
| > | > | Parser Error Message: Attempt to access the method failed.
| > | > |
| > | > | Source Error:
| > | > |
| > | > |
| > | > | Line 40: <providers>
| > | > | Line 41: <add name="LassieMembershipProvider"
| > | > | Line 42:
| > | > |
| > type="Enlighten.LinkMad.Businesslogic.Security.Las sieMembershipProvider,
| > | > | Enlighten.LinkMad.Businesslogic" />
| > | > | Line 43: </providers>
| > | > | Line 44: </membership>
| > | > |
| > | > | After a few hours of frustration I figured out the Provider only
| > works
| > | > when
| > | > | the server/application is running in full trust. This really isnt
a
| > | > | preffered trust level to run in on a shared hosting server. I
tryed
| > | > changing
| > | > | to other trust levels and only Full trust appears to work.
| > | > | I am only using one method in my custom provider and it is
accessing
| > a
| > | > Sql
| > | > | Server Db (no prblem right?).
| > | > | I dont see why a MembershipProvider would require fulltrust in
order
| > to
| > | > run,
| > | > | but in saying that I cant see where I am doing anything wrong
| > (famous
| > | > last
| > | > | words).
| > | > |
| > | > | Any help is always appreciated.
| > | > | Graham
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

Nov 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: WB | last post by:
Hi, I am revamping my company's website using .Net 2.0 & C#. I would like to implement my own custom membership provider to manage membership information already stored in my existing SQL 2000...
6
by: Shimon Sim | last post by:
Hi I am working on application that need to hold custom user information - Last and first name, email, some other domain related information. I used to create Base class for all my pages. The base...
2
by: Mark Olbert | last post by:
So far, I am more than a little underwhelmed by the Membership API in ASPNET2, and the ASP.NET Configuration wizard in VS2005. The latter is slow as a pig whenever it does anything. Oh well, at...
0
by: Mark Olbert | last post by:
I'm posting this here to save other folks some hair-pulling time. No need to respond. You can debug custom MembershipProvider and RoleProvider classes under the ASPNET Configuration tool by...
0
by: Mwob | last post by:
Hi all, I'm about to start creating a custom membership provider. Its for a website that already has a table of users in a single table, so I need to create a custom MP to talk to the data in...
5
by: Alias | last post by:
Hi - I'm trying to implement a custom RoleProvider based on the SqlRoleProvider. I keep receiving a an error that it can't load type 'MyRoleTest.MyRoleProvider' when trying to load my...
8
by: Tomasz | last post by:
Hello Developers! I have an interesting problem using my custom MembershipProvider, RoleProvider and Forms Authentication. Both MembershipProvider and RoleProvider require session state, where...
4
by: freeflytim | last post by:
I'm trying to implement a custom MembershipProvider (and RoleProvider) together with a custom MembershipUser class in C#, Asp.Net 2.0, MS Visual Studio 2005. Everything has worked fine so far,...
0
by: Atul Thombre | last post by:
Hello, I am developing a custom membership provider. For that I built a prototype that uses a SQL Server 2005 database as a backend store. I implemented the class...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.