Hosting provider security issues

medium trust

Postby csnell » Thu 07 Dec 2006 13:37

It looks identical to the config file you posted in this forum on 11/10/06.
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Fri 08 Dec 2006 12:10

FileIOPermission is present in the file posted on 11/10/06. But judging from your stack trace, this permission is absent in your web.config. Please advise.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Fri 08 Dec 2006 14:41

I don't have any references to FileIOPermission in my web.config file. Even if I did try to set FileIOPermissions for my application, the hosting provider won't allow overrides, so I can't change the file IO permissions at application level.

If you have an example of a web.config file (or code for setting appropriate file IO permissions) that allows MySqlDirect to work in medium trust, can you post it? That might help me identify the problem.
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Fri 08 Dec 2006 17:10

Try to use MySQLDirect .NET 3.50.15 (the latest so far). This problem should be absent there.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Sat 09 Dec 2006 02:05

I installed build 3.50.15, removed reference to old build (3.50.12) in my application, added ref to new build and re-built/re-published the web site. FileIOPermission exception is no longer being thrown, but now I'm getting other errors.

I tried a simple test page using the following code:

Protected Sub btnTest_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnTest.Click
Dim con As New MySqlConnection
con.ConnectionString = "server=myServer;user id=myId; password=myPassword; database=myDatabase"
con.Open() '**** THIS IS LINE THAT CAUSES EXCEPTION *****
Response.Write(con.State)
con.Close()
End Sub

When running test page from IIS on server (Win 2003) or from IIS on my development pc (Win XP), I have no problem if trust set to full. (MySQL 5.0 is installed on my server.)

When running test page on server with medium trust, and when running test page on my hosting provider (also medium trust) I get the following error:

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Runtime.Serialization.Formatters.Binary.ObjectReader.CheckSecurity(ParseRecord pr) +1642820
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseArray(ParseRecord pr) +847
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr) +76
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr) +64
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadArray(BinaryHeaderEnum binaryHeaderEnum) +1127
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run() +186
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) +183
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) +190
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream) +12
CoreLab.Common.ap.a(Stream A_0, String A_1, String A_2, String& A_3) +137
CoreLab.Common.ap.a(Type A_0, String& A_1, Assembly& A_2) +1140
CoreLab.Common.ap.a(Type A_0, String& A_1, Boolean& A_2, String& A_3) +41
CoreLab.Common.ap.a(LicenseContext A_0, Type A_1, Object A_2, Boolean A_3) +1467
CoreLab.MySql.MySqlConnection.Open() +98
test.btnTest_Click(Object sender, EventArgs e) +87
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.test_aspx.ProcessRequest(HttpContext context) +29
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

When running test page from my development pc with medium trust, I get the following error:

[MySqlException (0x80004005): Can't connect to MySQL server on 'daw1' (10061)]
CoreLab.MySql.c.a(String A_0, String A_1, String A_2, String A_3, Int32 A_4, String A_5, Int32 A_6, SshOptions A_7, SslOptions A_8) +626
CoreLab.MySql.MySqlInternalConnection.Connect(String userId, String password, String host, String database, Int32 port, Int32 connectionTimeout, MySqlProtocol protocol, Boolean compress) +396
CoreLab.MySql.MySqlInternalConnection..ctor(ad connectionOptions) +97
CoreLab.MySql.a9.a(DbConnectionOptions A_0, Object A_1, DbConnectionBase A_2) +53
CoreLab.Common.DbConnectionFactory.a(DbConnectionPool A_0, DbConnectionOptions A_1) +35
CoreLab.Common.DbConnectionPool.a() +42
CoreLab.Common.DbConnectionPool.GetObject() +363
CoreLab.Common.DbConnectionFactory.a(DbConnectionBase A_0) +73
CoreLab.Common.DbConnectionClosed.Open(DbConnectionBase outerConnection) +165
CoreLab.MySql.MySqlConnection.Open() +193
test.btnTest_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\IFC\test.aspx.vb:29
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5102

In both cases, error is caused by opening connection. The connection string is good (works in full trust).
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Mon 11 Dec 2006 10:16

The following section has to be present in a config file:
Code: Select all
                                    class="SecurityPermission"
                                    version="1"
                                    Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
                            />

If you run in direct mode, you need SocketPermission as well.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Mon 11 Dec 2006 13:12

I'm assuming the config file you're referring to is web_mediumtrust.config (since running under medium trust is the problem). If so, my config file already has that element (just like the config file posted on 11/10/06). I'm not running under direct mode, so socket permission shouldn't be required.
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Mon 11 Dec 2006 13:28

Please provide me with your config file.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Mon 11 Dec 2006 13:58

web_mediumtrust.config...



























class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
class="AspNetHostingPermission"
version="1"
Level="Medium"
/>
class="DnsPermission"
version="1"
Unrestricted="true"
/>
class="EnvironmentPermission"
version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"
/>
class="FileIOPermission"
version="1"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>
class="IsolatedStorageFilePermission"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
/>
class="PrintingPermission"
version="1"
Level="DefaultPrinting"
/>
class="SecurityPermission"
version="1"
Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
/>
class="SmtpPermission"
version="1"
Access="Connect"
/>
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
class="WebPermission"
version="1">






class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
class="AllMembershipCondition"
version="1"
/>
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>

class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>


class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code signed with the Microsoft strong name full trust. ">
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
/>

class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code signed with the ECMA strong name full trust. ">
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00000000000000000400000000000000"
/>







csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Mon 11 Dec 2006 14:34

I've checked connection opening with your config file on my PC. It works without any error. Seems like some settings from "Control Panel --> Administrative Tools --> Microsoft .NET Framework 2.0 Configuration" have been changed. Please check this out.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Mon 11 Dec 2006 16:08

The only setting I've changed in .NET 2.0 config is to increase zone trust for intranet zone to full (so windows control in another application could access serial port). I tried "Reset All Policy Levels" in config tool but still get same "Can't connect to MySQL server" error I posted earlier.

I get the SecurityPermission error on my server and on the hosting providers server. I've not made any changes to framework config on my server.

I created a simple test web site that opens MySql connection on button_click event. I added ref to CoreLab.MySql, added licenses.licx and created App_Licenses.dll, set publish options to enable strong naming using .snk key file and to mark assemblies for APTCA. I then ran that app on my development pc, my server, and another "test" Win XP pc that is a new installation and has not had any modifications to framework security. The test app runs fine under full trust, but gets SecurityPermission error (as posted previously) on the test pc and on my server when run in medium trust.

On my development pc, I get the "can't connect to mysql server" when in medium trust when I try to connect to my local mysql server, but I get the SecurityPermission error when I try to connect to the hosting providers mysql server. Both connections work fine under full trust.
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Tue 12 Dec 2006 08:11

Please send us your simple test web site for investigation.
Use e-mail address provided in the Readme file.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Tue 12 Dec 2006 12:06

I just emailed a test project to you. If you have a test project that works in medium trust on your system, can you email it to me (reply to my email) so I can test it on my system?
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

Postby Alexey » Wed 13 Dec 2006 17:48

You've been answered by e-mail.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Postby csnell » Wed 13 Dec 2006 20:23

Still haven't received the email - can you try to resend?
csnell
 
Posts: 12
Joined: Wed 06 Dec 2006 20:20

PreviousNext

Return to dotConnect for MySQL