Recently our Web hosting provider moved to a medium trust level for all shared ASP.NET site hosting. As a result, we're having some issues completing transactions via PayPal's SOAP API. Specifically, a SecurityException exception is being thrown with the following stack trace:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy value) +54
com.paypal.sdk.core.APICallerBase.SetTrustManager() +30
com.paypal.sdk.core.soap.SOAPAPICaller..ctor() +14
com.paypal.sdk.services.CallerServices..ctor() +23
...
I tracked down the source to the offending method in the PayPal SOAP SDK.
/// <summary>
/// To Accept all un-trusted certificate
/// </summary>
private void SetTrustManager()
{
//This code is added to accept all un-trusted certificate i.e self-signed certificate
if (Config.Instance.TrustAll)
{
//ServicePointManager.CertificatePolicy = TrustAllCertificatePolicy.Instance;
ServicePointManager.CertificatePolicy = new MyPolicy();
}
} // SetTrustManager
Does any know what change(s) need to be made to allow the SDK to function in a medium trust environment? Is it a necessity that all un-trusted certificates be accepted?
Thanks.
Best Answer
You could ask your ISP to GAC the PayPal assemblies - that way they run in full trust (assuming they have the allow partially trusted callers attribute set on the assembly).
The other problem you'll have with Medium Trust is that it doesn't allow outgoing network connections, including SOAP calls.