Running ASP.Net websites in Medium Trust environments

asp.nethostingmedium-trustSecurity

Disclaimer: I have limited ASP.Net skills

I have a couple of websites which I am transferring from my current hosting onto the Mosso hosting service. When I tried transferring one of the websites, I got the error "System.Security.SecurityException: That assembly does not allow partially trusted callers.", which appears to have to do with the fact that Mosso runs on Medium Trust for ASP.Net apps, and the code in the website appears to require full-trust.

Unfortunately, I don't have access to the full source code for the app, and the original developer is not available. Is there any easy workaround to porting these websites? I tried adding in web.config but that didn't work.

I don't think asking Mosso to adjust the security level is an option, because they had refused when I asked them.

Does anybody have any ideas?

Best Answer

Is your assembly strong named? Does it call strong named assemblies?

You should apply the 'AllowPartiallyTrustedCallers` attribute to the Assembly. More information about this attribute is available here.

From the docs:

By default, a strong-named assembly that does not explicitly apply this attribute at assembly level to allow its use by partially trusted code can be called only by other assemblies that are granted full trust by security policy. This restriction is enforced by placing a LinkDemand for FullTrust on every public or protected method on every publicly accessible class in the assembly. Assemblies that are intended to be called by partially trusted code can declare their intent through the use of the AllowPartiallyTrustedCallersAttribute.

See this MSDN article for more information.

Edit:

Some information that confirms my suspicions that the APTCA attribute is a possible solution to the problem:

https://support.isqsolutions.com/article.aspx?id=10334
http://bloggingabout.net/blogs/rick/archive/2006/04/07/11929.aspx

Related Topic