Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Using Enterprise Library in ASP.NET 2.0 Partial Trust Mode : Page 2

The Enterprise Library Application Blocks aren't useful only in Windows Forms applications; you can use them in ASP.NET too by downloading a set of patch files and configuring the security settings appropriately. Find out how.

Configuring ASP.NET Applications with Partial Trust
Having updated your Enterprise Library installation, the next step is to configure your application(s) to run under one of the four partial trust modes—High, Medium, Low, and Minimal. Medium trust is the common choice; this section describes the process for enabling this mode. You can use the approach described in this section for the other modes as well, but you use the appropriate trust files for those modes instead.

Figure 1. ASP.NET Configuration: The figure shows the architecture of the trust and configuration files for ASP.NET.
Figure 1 shows the architecture of the trust and configuration files that control the security mode in ASP.NET. The application's Web.config file can contain a <trust> element that defines a partial trust mode (if omitted, ASP.NET assumes Full Trust).

The <trust> element specifies the location of the policy definitions file using the originUrl attribute. However, in most cases, this is empty. Instead, the root Web.config file for the machine (in the folder %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG) lists the locations of the policy definitions files that correspond to the four partial trust modes. Here's a section of the standard root Web.config file that defines the security policy file locations. You can see that the file for the High Trust level is named web_hightrust.config, whereas the policy settings for Full Trust are marked as internal—meaning that ASP.NET will use the hard-wired defaults built into the .NET Framework:

<system.web> <securityPolicy> <trustLevel name="Full" policyFile="internal" /> <trustLevel name="High" policyFile="web_hightrust.config" /> ... Medium, Low, and Minimal definitions here ... </securityPolicy> <trust level="Full" originUrl="" /> </system.web>

The root Web.config file also defines the default trust level for all ASP.NET applications running on the machine. You can see the <trust> element that specifies the default trust level in the listing above, immediately after the <SecurityPolicy> section. Therefore, to run in a different trust mode all you need to do is either:

  1. Add the <trust> element to your application's Web.config file and specify the relevant value for the level attribute (see Figure 1) to set the trust level just for that application.

  2. ...or...

  3. Edit the <trust> element in the root Web.config file to specify the relevant value for the level attribute to set the trust level for all applications on the machine
However, this will not allow all the features of Enterprise Library to execute. The permissions granted in Medium Trust mode are too restrictive for some features of Enterprise Library, including:

  • Reading information from configuration files
  • Writing to performance counters, the Windows Event Log, and raising WMI events
  • Serializing and encrypting data
  • Accessing OLE-DB, Oracle, and ODBC databases (though the SqlClient provider for SQL Server will work in Medium Trust mode)
  • Obtaining Windows Identity information within the Security Application Block
  • Tracing, file listeners, and formatting features of the Logging Application Block
If you want to use any of these features (described in detail in the documentation for the Partial Trust Patch), you must add the grant permissions within the policy definitions file for the trust level under which you run the application. However, Microsoft strongly recommends that you should not edit the default policy definitions files provided with the .NET Framework. Instead, you should create a custom trust level policy definition by copying of one of the original policy definitions files and adding the required permission grants to the new copy.

Creating a custom trust level and implementing it within your applications involves five steps:

  1. Edit the root Web.config file to specify the location and name of your custom policy definitions file.
  2. Create the custom policy definitions file that grants the required permissions to ASP.NET applications to allow the features you want to use from Enterprise Library to execute.
  3. Specify the new custom trust level for your application, or for all applications running on the machine.
  4. Configure your application to use the required features from Enterprise Library
  5. Edit the application configuration file to prevent Enterprise Library requiring full trust permissions.
The following sections describe these steps in detail.

Creating a Custom Trust Level
The first step in creating a custom trust level is to specify the name and location of the policy definitions file. Following the approach taken by the .NET Framework, edit your root Web.config file by adding the new custom <trustLevel> element to the <securityPolicy> section. This element specifies the name of the new custom policy (in this case CustomMedium) and the name and location of the policy definitions file (in this case custom_mediumtrust.config, located in the same folder as the other policy definitions files):

<system.web> <securityPolicy> <trustLevel name="Full" policyFile="internal" /> <trustLevel name="High" policyFile="web_hightrust.config" /> ... Medium, Low, and Minimal definitions here ... <!-- custom trust level policy definitions file --> <trustLevel name="CustomMedium" policyFile="custom_mediumtrust.config" /> </securityPolicy> <trust level="Full" originUrl="" /> </system.web>

The next step is to create the custom policy definitions file. The easiest way to create the new file is to make a copy of one of the original files. In almost all cases, you will want to grant extra permissions to your code, over and above the defaults defined by the chosen trust level. To do that, copy the file for your chosen trust level—in this case the file web_mediumtrust.config. Rename the copy to custom_mediumtrust.config, and open it with a text editor or the Visual Studio 2005 XML file editor.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.