Login/Register
System.Web.Providers doesn't work in medium trust
Asked Answered
asp.netasp.net-membershipmedium-trust
R

1

8

I have an ASP.NET WebForms app using Microsoft ASP.NET Universal Providers (NuGet) for membership and roles. Under full trust everything works fine, but when I edit web.config to specify medium trust I get this error when loading a page that accesses the membership:

Type 'System.Web.Providers.DefaultMembershipProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly).

I've searched the web and haven't found much info about whether this is a known limitation or if there is a workaround. I'm working on the open source app Gallery Server Pro, which is distributed in the MS Web Gallery and must support medium trust environments.

Any insight?

[Edit] Per the request, here is the web.config stuff (I'm not using profiles or the session state provider):

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <clear />
    <add name="DefaultMembershipProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" passwordFormat="Clear" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="50" minRequiredPasswordLength="2" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" defaultProvider="DefaultRoleProvider">
  <providers>
    <clear />
    <add name="DefaultRoleProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </providers>
</roleManager>
Reggy answered 16/4, 2013 at 14:19 Comment(3)
Did you go through this process msdn.microsoft.com/en-us/library/wyts434y%28v=vs.100%29.aspx ? ("Configuring Partial Trust Visible Assemblies" seems interesting)Fielder
I tried adding partialTrustVisibleAssemblies to web.config and got the same error (also tried fullTrustAssemblies for good measure, but no luck). This is expected, though, because this trick is designed to work on assemblies marked with AllowPartiallyTrustedCallersAttribute, which System.Web.Providers apparently is not.Reggy
Could you post your Membership|RoleManager|Profile|Sessionstate tags of web.config?Salomo
G
1

I think it may be because of catching role in cookies,

<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" ...

Remove that part, or make it false and then check if its working..

As medium security will block cookies and many more things, as cookies are not considered secure. Its basic material for scavengers(hacking data from left over/temp files).

I hope this will do..

Guffey answered 8/5, 2013 at 12:36 Comment(1)
Unfortunately, that didn't help. I tried a few variations on the cookie settings but it was always the same error. I should note my last version, which used a different provider but the same roleManager settings, DID work in medium trust.Reggy

© 2022 - 2024 — McMap. All rights reserved.