We have an existing application that was build on ASP.NET MVC 4 & Web API. The admin parts of the site use Simple Membership. I'm interested in upgrading the application to MVC 5 / Web API 2, to take advantage of some of the new features that have been added. But it looks like they might be incompatible.
Specifically, after installing the RC packages from NuGet into one of the projects in my solution, and updating the web.config information, the application starts dying during startup on the line that calls WebSecurity.InitializeDatabaseConnection()
, with this exception:
[MethodAccessException: Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.OnConnectionOpened(System.Object, WebMatrix.Data.ConnectionEventArgs)' to access security critical method 'System.Web.WebPages.HttpContextExtensions.RegisterForDispose(System.Web.HttpContextBase, System.IDisposable)' failed.]
WebMatrix.WebData.PreApplicationStartCode.OnConnectionOpened(Object sender, ConnectionEventArgs e) +70
WebMatrix.Data.Database.OnConnectionOpened() +70
WebMatrix.Data.Database.EnsureConnectionOpen() +51
WebMatrix.Data.Database.QueryValue(String commandText, Object[] args) +63
WebMatrix.WebData.DatabaseWrapper.QueryValue(String commandText, Object[] parameters) +13
WebMatrix.WebData.SimpleMembershipProvider.GetUserId(IDatabase db, String userTableName, String userNameColumn, String userIdColumn, String userName) +206
WebMatrix.WebData.SimpleMembershipProvider.ValidateUserTable() +87
Other projects in the same solution using Simple Membership that I have not upgraded continue to work just fine.
Googling around for more information turns up lots of hits for that exception, of course, but nothing particular to WebMatrix.
FWIW: I know that Microsoft has introduced (yet another) membership and identity solution, but unless there's a way to use that with the existing Simple Membership tables, or a seamless migration path for all of our existing user data, that's not really an option for us.
UPDATE (11 Oct)
I just tried this again with a fresh checkout of the current trunk of our app. I'm using Visual Studio 2012, but otherwise followed the instructions from MS for upgrading an existing project. After updating to MVC 5 / Web API 2 / EF 6, the app started up an ran just fine.
There were no explicit trust requirements in the web.config
to remove. I added the code from this question to Global.asax.cs
, and it reports that the app is running with full trust (in IIS Express, just F5-ed from VS).
Re-adding the same call to InitializeDatabaseConnection()
, it starts dying with the exact same exception.
SOLUTION (28 Oct)
Trying the solution in @Kevin's update from Friday, I found that it works. It was really strange to me that adding this apparently unrelated package would solve these security issues, and even more strange after I removed the package from my solution, and it kept working.
Taking a closer look at what was happening, I realized that the reason why this fixes the behavior is quite simple: the Microsoft.AspNet.WebHelpers
package has two dependencies that were being added to my solution: Microsoft.AspNet.WebPages.Data
and Microsoft.AspNet.WebPages.WebData
. Microsoft has moved the WebMatrix classes into new packages.
So added the helpers package fixed the problem, not because of anything it was doing, but because it was causing updated versions of the broken assemblies to be added to my solution. The solution to the initial incompatibility, then, is to install these new packages when updating everything else from NuGet:
Install-Package Microsoft.AspNet.WebPages.WebData
UPDATE (13 May 2015)
It has been suggested to me that you may also need to manually install the second new package:
Install-Package Microsoft.AspNet.WebPages.Data
This should not be necessary, because this package is an explicit dependency of the first, and NuGet should be smart enough to install both. But if you get an error when building, or don't see NuGet add the dependency, it might help you.