Security Exception with Database caching

Topics: Caching Application Block
Aug 6, 2007 at 9:06 PM
Just started using the Caching application block (May 31 rel.), and am attempting to run everything under a medium-trust host. I've read the documentation, which suggests that the current version of Enterprise Library provides support for partially-trusted applications. However, when I attempt to run the application on the host, I get the following exception:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

SecurityException: That assembly does not allow partially trusted callers.
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.LocatorNameTypeFactoryBase`1..ctor(IConfigurationSource configurationSource) +0
Microsoft.Practices.EnterpriseLibrary.Caching.CacheManagerFactory..ctor(IConfigurationSource configurationSource) +29
Microsoft.Practices.EnterpriseLibrary.Caching.CacheFactory..cctor() +45


I've applied the appropriate attributes in the web.config to support medium-trust, as follows (note that NHibernate and log4net work perfectly fine here):
<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data" requirePermission="false" />
<section name="cachingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Caching.Configuration.CacheManagerSettings, Microsoft.Practices.EnterpriseLibrary.Caching" requirePermission="false" />
<section name="nhibernate" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0,Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<!-- Important under Medium Trust -->
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" requirePermission="false" />
<!-- Important under Medium Trust -->
</configSections>

So, I am at a loss at this point. Is there anything else special that I need to do in order to make this work on a medium-trust host?
Aug 7, 2007 at 12:43 AM
Okay, so read a few threads here that suggest re-building an un-signed ObjectBuilder and re-generate the EntLib dll's, which I've done. I deployed the new dll's to the host, and am now getting the following exception:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Runtime.Serialization.Formatters.Binary.ObjectReader.CheckSecurity(ParseRecord pr) +1642820
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr) +363
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr) +64
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record) +1050
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum) +62
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run() +144
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) +183
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) +190
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream) +12
Microsoft.Practices.EnterpriseLibrary.Caching.SerializationUtility.ToObject(Byte[] serializedObject) +139
Microsoft.Practices.EnterpriseLibrary.Caching.Database.DataBackingStore.DeserializeValue(DataRow dataToLoad) +152
Microsoft.Practices.EnterpriseLibrary.Caching.Database.DataBackingStore.CreateCacheItem(DataRow dataToLoad) +132
Microsoft.Practices.EnterpriseLibrary.Caching.Database.DataBackingStore.LoadDataFromStore() +298
Microsoft.Practices.EnterpriseLibrary.Caching.BackingStoreImplementations.BaseBackingStore.Load() +28
Microsoft.Practices.EnterpriseLibrary.Caching.Cache..ctor(IBackingStore backingStore, CacheCapacityScavengingPolicy scavengingPolicy, CachingInstrumentationProvider instrumentationProvider) +83
Microsoft.Practices.EnterpriseLibrary.Caching.CacheManagerFactoryHelper.BuildCacheManager(String cacheManagerName, IBackingStore backingStore, Int32 maximumElementsInCacheBeforeScavenging, Int32 numberToRemoveWhenScavenging, Int32 expirationPollFrequencyInSeconds, CachingInstrumentationProvider instrumentationProvider) +113
Microsoft.Practices.EnterpriseLibrary.Caching.CacheManagerCustomFactory.CreateObject(IBuilderContext context, String name, IConfigurationSource configurationSource, ConfigurationReflectionCache reflectionCache) +254
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfiguredObjectStrategy.BuildUp(IBuilderContext context, Type t, Object existing, String id) +164
Microsoft.Practices.ObjectBuilder.SingletonStrategy.BuildUp(IBuilderContext context, Type typeToBuild, Object existing, String idToBuild) +171
Microsoft.Practices.ObjectBuilder.BuilderStrategy.BuildUp(IBuilderContext context, Type typeToBuild, Object existing, String idToBuild) +38
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfigurationNameMappingStrategy.BuildUp(IBuilderContext context, Type t, Object existing, String id) +186
Microsoft.Practices.ObjectBuilder.BuilderBase`1.DoBuildUp(IReadWriteLocator locator, Type typeToBuild, String idToBuild, Object existing, PolicyList[] transientPolicies) +310
Microsoft.Practices.ObjectBuilder.BuilderBase`1.BuildUp(IReadWriteLocator locator, Type typeToBuild, String idToBuild, Object existing, PolicyList[] transientPolicies) +71
Microsoft.Practices.ObjectBuilder.BuilderBase`1.BuildUp(IReadWriteLocator locator, String idToBuild, Object existing, PolicyList[] transientPolicies) +75
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.EnterpriseLibraryFactory.BuildUp(IReadWriteLocator locator, String id, IConfigurationSource configurationSource) +338
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.LocatorNameTypeFactoryBase`1.Create(String name) +99
Microsoft.Practices.EnterpriseLibrary.Caching.CacheFactory.GetCacheManager(String cacheManagerName) +93
com.brightharbour.service.media.doGetSongItemImpl.ProcessMediaRequest(Object req) in doGetSongItemImpl.cs:34


Not really sure what to do about this one, however.
Aug 7, 2007 at 1:00 AM
Hi,

While rebuilding will allow you to run in partial trust, you will still need to grant the permissions required to perform specific actions; in this case you need to allow for SerializationFormatter permission.
Please look for details in the Enterprise Library help under topic "Customizing the Medium Trust Policy".

Regards,
Fernando
Aug 28, 2007 at 5:18 PM
Hi,

Can anyone please explain me how to handle? I've installed EntLib 3.1, using the Data Application Block in .NET 3.0, Visual Studio 2008 Beta2. My solutions is a 3 tier solution, the Data App Block only for the Data Acces Layer.

All works fine on my dev machine (.Net test server), but when uploading to the production server (a shared hosting provider) I get this error:


============================================================================================
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


SecurityException: That assembly does not allow partially trusted callers.
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.EnterpriseLibraryFactory..cctor() +0

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210

============================================================================================



My Web.config file:

<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=3.1.0.0, Culture=neutral, PublicKeyToken=null" requirePermission="false" />
</configSections>
<dataConfiguration defaultDatabase="test" />
<connectionStrings>
<add name="test" connectionString="Data Source=xxxxxxx;Initial Catalog=xxxxxx;User ID=xxxxxxx;Password=xxxxxxx"
providerName="System.Data.SqlClient" />
</connectionStrings>


Please help me. I read something about building the ObjectBuilder source code, and then rebuild the EntLib, but I realy don't know. I've added a reference to the Microsoft.Practices.EnterpriseLibrary.Common.dll and Microsoft.Practices.EnterpriseLibrary.Data.dll from the build EntLib3Src\App Blocks\bin directory. That's correct? I hope someone can help me, and can explain me how to handle...

Many many thanks :)
Sep 4, 2007 at 2:09 PM
Hi:

We had the same problem as you -- our hosting service reviewed the problem and agreed to move the application to a full-trust environment, which ultimately resolved the problem. Good luck.
Sep 4, 2007 at 2:35 PM
Hi,

Just to clarify: the security error for "That assembly does not allow partially trusted callers" and the one for "The application attempted to perform an operation not allowed by the security policy" are quite different.

For the first, you either a) use assemblies that accept partially trusted callers or b) you set full trust security for your app. In the EntLib case, a) means you either use unsigned binaries (including ObjectBuilder) or you rebuild a signed version with the APTCA added to it. It's not the general case that you can modify the assemblies, of course.

For the second, you do need to grant the necessary permission to your application. This doesn't necessarily mean going full trust, although granting full trust will of course grant the particular permission. That's the very nature of CAS: if you want to use a particular feature you need to have the permission. The only way to avoid this is for an intermediate, fully trusted assembly to Assert the permission; EntLib doesn't do this, so the application needs to have the appropriate permissions fo the operations that will be performed on its behalf.

Regards,
Fernando