Enterprise Library 3.0 Data Access Security Exception

Topics: Data Access Application Block
Apr 4, 2007 at 12:12 PM
Hi,

I'm trying to use the Enterprise Library 3.0 (Data Access) in a medium trust web-app. As I understand it the EntLib 3 supports medium trust scenarios? The database is MS SQL Server 2005 Express. In order to "lock down" the web-app, I've added: <trust level="Medium" originUrl="" /> to my app's web.config.

However, I still get a security exception. Obviously I've missed out on something but what?

I'm very thankful for any help!

//Magnus
Apr 4, 2007 at 5:19 PM
Magnus -

What exact security exception are you receiving?

EntLib 3.0 and 2.0 with Patch 2554 will work on trust levels less than full trust, but depending on what you are doing you may need additional permissions beyond the ones defined in medium trust. We have this documented in the Patch 2554 readme and in the final EntLib 3.0 docs (but I'm not sure if it's in the CTP doc). In particular make sure you set requirePermission="false" on the <configSection> declarations.

Tom
Apr 5, 2007 at 8:34 AM

tomhollander wrote:
Magnus -

What exact security exception are you receiving?

EntLib 3.0 and 2.0 with Patch 2554 will work on trust levels less than full trust, but depending on what you are doing you may need additional permissions beyond the ones defined in medium trust. We have this documented in the Patch 2554 readme and in the final EntLib 3.0 docs (but I'm not sure if it's in the CTP doc). In particular make sure you set requirePermission="false" on the <configSection> declarations.

Tom


Tom,
thank you for your reply.

The <configSection> in my web.config looks like this:
<configSections>
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=2.9.9.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" requirePermission="false"/>
  </configSections>

And I'm trying to execute this code:
 Database db = DatabaseFactory.CreateDatabase();
 
        string sqlCommand = "GetProductsByCategory";
        DbCommand dbCommand = db.GetStoredProcCommand(sqlCommand);
 
        db.AddInParameter(dbCommand, "CategoryID", DbType.Int32, 2);
 
        DataSet productsDataSet = null;
        
        productsDataSet = db.ExecuteDataSet(dbCommand);
 
        GridView1.DataSource = productsDataSet;
        GridView1.DataBind();

It's basically copied straight from the Quickstart-examples, but I'm trying to get it to execute in a medium-trust web-app.

Am I still missing something?

//Magnus
Apr 5, 2007 at 9:53 AM
Allmost forgot, the security exception I'm getting is:

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.
Apr 10, 2007 at 7:45 AM
Any ideas?

/Magnus
Apr 10, 2007 at 4:12 PM
Hi Magnus -

Did you put EntLib in the GAC by any chance? EntLib does not have Allow Partially Trusted Callers (APTCA) defined, so you need to deploy the assemblies into a private assembly when running from partial trust.

Let me know if this helps
Tom
Apr 12, 2007 at 11:38 PM
I solved the problem by building the EntLibSrc project to create unsigned assemblies (using the Build and Copy Library utility in the source folder) and putting these in the Bin folder of the app. However, you also need to put an unsigned copy of ObjectBuilder.dll into the app's Bin folder. I got this by downloading the CAB and installing just the source code for it, building the ObjectBuilder project, and using the resulting assembly. You can use the Configuration Console in the source folder to edit the config file for your app when using unsigned assemblies (the default version and the VS editor don't work by default with unsigned assemblies).
Aug 28, 2007 at 5:18 PM
Hi,

Can anyone please explain me how to handle? I've installed EntLib 3.1, using the Data Application Block in .NET 3.0, Visual Studio 2008 Beta2. My solutions is a 3 tier solution, the Data App Block only for the Data Acces Layer.

All works fine on my dev machine (.Net test server), but when uploading to the production server (a shared hosting provider) I get this error:


============================================================================================
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


SecurityException: That assembly does not allow partially trusted callers.
Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.EnterpriseLibraryFactory..cctor() +0

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210

============================================================================================



My Web.config file:

<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=3.1.0.0, Culture=neutral, PublicKeyToken=null" requirePermission="false" />
</configSections>
<dataConfiguration defaultDatabase="test" />
<connectionStrings>
<add name="test" connectionString="Data Source=xxxxxxx;Initial Catalog=xxxxxx;User ID=xxxxxxx;Password=xxxxxxx"
providerName="System.Data.SqlClient" />
</connectionStrings>


Please help me. I read something about building the ObjectBuilder source code, and then rebuild the EntLib, but I realy don't know. I've added a reference to the Microsoft.Practices.EnterpriseLibrary.Common.dll and Microsoft.Practices.EnterpriseLibrary.Data.dll from the build EntLib3Src\App Blocks\bin directory. That's correct? I hope someone can help me, and can explain me how to handle...

Many many thanks :)
Aug 29, 2007 at 3:02 AM
Hi,

In a nutshell types in strongly signed assemblies have an implicit link demand for full trust unless the APTCA (Allow Partially Trusted Callers Attribute) is added. Neither EntLib's nor ObjectBuilder's signed binaries include the attribute, so they do not accept partially trusted callers. While you can use unsigned binaries for EntLib built from the source, or sign your own version of EntLib after adding the APTCA (again, building from the source). Unfortunately EntLib v3 ships with a signed binary for ObjectBuilder, not the source like in V2, so in order for PT to work you have to rebuild ObjectBuilder's binary as well, and use that binary to build a new version of EntLib. If you want to keep the existing assemblies you can build a signed "proxy" to EntLib that does accept partially trusted callers.

Does this help?

Fernando
Aug 29, 2007 at 10:20 AM
Hi,

Can you please give me a detailed list of the steps which I have to do?

I've a directory C:\EntLib3Src\App Blocks\bin where the EntLib dll's are build in via the BuildLibrary.bat. Then I made a reference to the .common.dll and the .data.dll files in this directory. After that I made the web.config file (see above).

Which steps do I need to take?

Other questions:

- How to rebuild ObjectBuilder?
- Which version do I need to download? (with source or without source).
- What is "leave it unsigned". ==> how can I sign a build?
- How to "add the AllowPartiallyTrustedCallers" ?? And Where do I need to add this?
- How to build "a signed proxy" to EntLib?
- How to deploy the project after this to my hosted webserver? Can I only click on deploy on my website (which have 2 projects in the same solution (BLL and DAL) and the EntLib assemblies are build too, or do I have to do this manually?




fsimonazzi wrote:
Hi,

In a nutshell types in strongly signed assemblies have an implicit link demand for full trust unless the APTCA (Allow Partially Trusted Callers Attribute) is added. Neither EntLib's nor ObjectBuilder's signed binaries include the attribute, so they do not accept partially trusted callers. While you can use unsigned binaries for EntLib built from the source, or sign your own version of EntLib after adding the APTCA (again, building from the source). Unfortunately EntLib v3 ships with a signed binary for ObjectBuilder, not the source like in V2, so in order for PT to work you have to rebuild ObjectBuilder's binary as well, and use that binary to build a new version of EntLib. If you want to keep the existing assemblies you can build a signed "proxy" to EntLib that does accept partially trusted callers.

Does this help?

Fernando