.netdirect 3.20.5 works fine on local host but not on an asp.net 2.0 server

.netdirect 3.20.5 works fine on local host but not on an asp.net 2.0 server

Postby Rob D » Wed 07 Dec 2005 23:52

3.20.5 works fine on local host but not on an asp.net 2.0 server.

I get the error message:
"Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers."

I have been using corelab.mysql for a couple of years with no problems.
This is the first asp.net 2.0 website I have published with corelab.mysql.

Could it be the .dll is in the wrong place?

See for yourself
http://209.200.127.33/PastTours.aspx

Rob D
Rob D
 

Temperary Solution

Postby Rob » Thu 08 Dec 2005 05:55

I added to my web.config file and now its working, but I'm not sure its right.
Any thoughts are welcome
Rob
 

Postby Serious » Thu 08 Dec 2005 13:45

CoreLab.MySql.dll is a strongly named assembly, doesn't contain unsafe methods so there are no possible troubles on our side. We think the problems you're encounter are caused by ASP.NET 2 configuration issues. We cannot give you advices in ASP.NET 2 configuration because this exceeds goals of our support.
Serious
 

Postby danzman » Wed 14 Dec 2005 20:09

Hi Rob,
I think you have hit the answer. I would do the same thing particularly for non-critical web site.

BTW, your site looks very good. Did you use any template as a starter?
danzman
 
Posts: 25
Joined: Wed 10 Nov 2004 16:07
Location: Orland Park, IL U.S.A.

[OT]

Postby RobD » Wed 14 Dec 2005 20:22

Hi danzman,

thanks for the confidence boost. No template, I just created a master page and styled it with css. I'm doing this as an accessability exercise. I'm converting my old version of http://trouttales.ca to validate html, css and any accessibility validaters i can find - still working on it. I'm supposed to be adding new features to his content management system I built; however, like you I'm waiting for support on this licensing thing.

Rob
RobD
 
Posts: 25
Joined: Mon 08 Nov 2004 03:41
Location: Sunshine Coast, B.C., Canada

Showstopper

Postby developerfood » Thu 12 Jan 2006 15:19

This is a show-stopper issue and needs to be further addressed.

It is not possible to tell people they need to set the Trust=Full in the web.config. Many, many implementations (such as my own) are on shared webservers at ISPs. The ISP has the ability to override the trust level for all the webservers on the shared box. This is appropriate, otherwise any website could cause a risk to the other websites on the same box.

In addition, at most (reputable) ISPs on shared webservers, there is no option to place a strongly-named assembly in the GAC. This also is appropriate in a shared environment.

At my ISP the trust level is Medium, and the GAC is not an option. This prevents the 3.20.6 product from running. Period. No go.

The fix for this is for CoreLab to decorate each function call with the AllowPartiallyTrustedCallers attribute.

More information is available here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityAllowPartiallyTrustedCallersAttributeClassTopic.asp

From the site:
By default, a strong-named assembly that does not explicitly apply this attribute at assembly level to allow its use by partially trusted code can be called only by other assemblies that are granted full trust by security policy.


Also:
Allows strong-named assemblies to be called by partially trusted code. Without this declaration, only fully trusted callers are able to use such assemblies.


This is a complete showstopper. My ISP (CrystalTech) implemented their overridden trust level to medium yesterday and my site is dead.

How will CoreLab address this?
developerfood
 
Posts: 5
Joined: Thu 12 Jan 2006 15:07

Postby Serious » Thu 12 Jan 2006 15:41

We'll examine modifications you offer and post reply here on the forum during the week.
Serious
 

Postby developerfood » Thu 12 Jan 2006 15:43

Serious wrote:We'll examine modifications you offer and post reply here on the forum during the week.

Ok, thanks.
developerfood
 
Posts: 5
Joined: Thu 12 Jan 2006 15:07

Postby RobD » Thu 12 Jan 2006 16:25

Same here, show stopper is right.
Here is the email they sent me before all my sites went down:

To further improve the services at CrystalTech, our Server Operations Team made a security change on our servers today. The change is highly suggested by Microsoft, but due to the dynamics of a shared environment and the boundless number of combinations that it could potentially host, they were not able to recommend any specific details for individual pages affected on the server and what issues our customers could potentially see, if any.
However, with the issue we found with your particular site, we found that removing the following line from your 'web.config' file helps to resolve your issue:



If you continue to have issues with your site after removing this line, please provide the details including any error messages and we'll be happy to assist further.



So I am in the position again of explaining to my clients why their sites are down and how maybe sometime during the week we might see a solution. These are the same clients that were waiting for the licensing issue to be resolved just acouple weeks ago.
RobD
 
Posts: 25
Joined: Mon 08 Nov 2004 03:41
Location: Sunshine Coast, B.C., Canada

Postby developerfood » Thu 12 Jan 2006 16:48

Yes, I got the same CrystalTech message. They are great, but of course they have to be fair to everyone. A follow-up from them indicated that about 2% of their sites experienced difficultly. I wonder how many were using CoreLab.

For me, after the fiasco getting CoreLab to work with LLBLGen, I'm going to spend the time that CoreLab will take getting to this issue reviewing the possibility of just using the MySQL .NET providor. I hate to pay the high fee, and I do love LLBLGen, but compared to my downtime there's no contest.

If CoreLab doesn't come through faster than they did on the LLBLGen issue, I'm afraid I'm facing a re-write. And it will be worth it.
developerfood
 
Posts: 5
Joined: Thu 12 Jan 2006 15:07

Postby RobD » Thu 12 Jan 2006 17:05

Here is a quote from another MS link

http://msdn.microsoft.com/library/defau ... edCode.asp


There is no programmatic way for partially trusted code to call a library that does not have the AllowPartiallyTrustedCallersAttribute attribute. If an application does not receive full trust by default, an administrator must choose to modify security policy and grant the application full trust before it can call such a library.
[/quote]
RobD
 
Posts: 25
Joined: Mon 08 Nov 2004 03:41
Location: Sunshine Coast, B.C., Canada

Postby developerfood » Thu 12 Jan 2006 17:23

Also from that page:

If a caller does not have full trust but still tries to call such a library, the runtime throws a SecurityException and the caller is not allowed to link to the library.


So, even though I sign my website with the option (from the Project Options) "enable strong naming on precompiled assemblies" and provide a key, the Trust=Medium is an override. At least it seems so. The website is strongly named, but Trust=Medium so the above applies, at least for me.

In other words, even strongnamed assemblies cannot call other strongnamed assemblies in a Trust=Medium environment unless the function decoration is in place.

No getting around it. We need AllowPartiallyTrustedCallers.
developerfood
 
Posts: 5
Joined: Thu 12 Jan 2006 15:07

Postby RobD » Tue 17 Jan 2006 18:26

Hi developerfood,

just wondering if your site is working at crystal tech? Did you move to the unsecure server? I'm still having problems and was wondering if you found a temporary solution while corelab figures this out.

Rob
RobD
 
Posts: 25
Joined: Mon 08 Nov 2004 03:41
Location: Sunshine Coast, B.C., Canada

Postby developerfood » Tue 17 Jan 2006 19:02

Sorry, I have no answer. I wish I did, but the site is still dead.

I'm rapidly re-writing CoreLab out of the code, turning my back on them, and telling everyone I know that they promise but don't deliver.

I can only recommend you do the same.
developerfood
 
Posts: 5
Joined: Thu 12 Jan 2006 15:07

Postby Serious » Thu 19 Jan 2006 15:58

As we promised we post reply during the week.

We will add assembly attribute you require in the next build which will be released in the nearest future.
Serious
 

Next

Return to dotConnect for MySQL