New adventures under medium trust

Many web hosting companies only allow ASP.NET applications to run under medium trust. This has been a major drawback for Cuyahoga because it required full trust (or better: some libraries require full trust). This has already caused some nasty surprises when people deployed their site to the host to find out it would not run.

Well, I can finally say that Cuyahoga 2.0 will work under medium trust!

Castle DynamicProxy

Last week, someone mentioned on the Castle users list that DynamicProxy was supposed to work under medium trust and this immediately triggered me. DynamicProxy had always been the key part that prevented Cuyahoga, NHibernate, and lots of other software from running under medium trust because it generates assemblies on the fly and that’s not allowed (at least pre-NET 2.0 SP1).

So, I checked out a fresh version of the Castle trunk, built it with AllowPartiallyTrustedCallers and copied the assemblies to Cuyahoga that was set to run under medium trust.
Unfortunately, still no luck. The dreaded SecurityException showed its yellow screen, but instead of giving up immediately, I took a deep breath and started digging the DynamicProxy sources. The solution was a simple one: DynamicProxy calls AssemblyBuilder.DefineDynamicModule and used the overload that generates debug symbols. Changing that to not generate the debug symbols anymore made it work under medium trust! I send a patch to the Castle guys and lets hope it can be incorporated. This allows NHibernate to run under medium trust without turning off lazy-load on class mappings or using a special proxy generator.

One caveat: the Castle trunk requires .NET 3.5, so we can’t fix it for the 1.6.x branch of Cuyahoga which is .NET 2.0.

Lucene.Net

Second, Lucene.Net didn’t work under medium trust and boy, that was easy to fix: a single call was made to a relative file path, which is not allowed. Changed that to use the full path and it worked. Submitted a patch and I hope they will accept it.

Cuyahoga

So, with the libraries working under medium trust, I was ready to roll, at least I thought so. It appeared however that Cuyahoga also did some nasty things that are not allowed under medium trust, such as requesting a HttpModule instance from the appdomain and some file access outside the application root. Fortunately these were easy fixes and now I have everything working just fine under medium trust.

I think, I’ll leave medium trust turned on in the development version to signal issues in an early state.

11 thoughts on “New adventures under medium trust

  1. Juan Woang

    Thanks martijn a lot. I love CUY much, and last time I use the customer’s server, so that does not know version 1.6.x work on full trust.

  2. dotnet specialisten

    Martijn,

    that is good news! thanx!
    i didn’t care much about medium trust because i run my own server. i know that some friends (cuyahoga fans ;-) and shared hosters ;-( ) will be very happy with this news ;-)

    When will v2.0 be released? any planning?

  3. gedw99

    great stuff Martin.

    Looking forward to the 2.0 version.
    I have submitted a patch for the File System Service, let me know if you need any help in integrating it.

  4. martijn Post author

    @Krzysztof, I’m running the latest Castle trunk now and it works fine.

    @Others: the SVN trunk of last week unfortunately contained a wrong Castle build. Fixed it.

  5. samk

    Fantastic job Martijn!

    Any chance you [or someone else] can publish a patched NHibernate+Castle package that will work in Medium Trust? I’m attempting to do everything with Express versions, but they don’t allow full-blown VS Solutions, so a bunch of the References break within the solutions. As such, I can’t recompile NHibernate with the new Castle dlls.

    I see a lot of potential with NHibernate and I’ve invested about two weeks trying to learn NHibernate and get it to work in Medium Trust. I even jumped into MyGeneration and learned to use the tool to generate POCOs and XML mapping files (wasn’t happy with the existing templates as they didn’t seem to convert data types well…a lot of Unknown types were present in the outputfiles). But I am about ready to give up and go back to SubSonic.

    Eventually I will probably get on board and buy VS Professional but w/ VS 2010 just around the corner it doesn’t make sense to make the investment now. In addition, I’ll be releasing my project as Open Source and expect the majority of users to be using Express Editions and shared hosting.

    The whole Medium Trust thing is frustrating though. I can understand hosts needing to protect their servers and their clients’ instances, but even MS fails to test their code to make sure it runs in Medium Trust. An example is the Entity Framework…currently you need to compile your edmx file in a seperate strongly typed class to get it to work. Annoying to say the least.

  6. martijn Post author

    Not exactly one line. A few months ago there has been another change in DP, but also (and much more important): since .NET 3.5 (or .NET 2.0 SP1) the required permissions for Reflection.Emit have been changed.

Comments are closed.