How to use iBatis/NHibernate in medium trust/partial trust environments like Mosso
2010-12-12 11:31
477 查看
http://programcsharp.com/blog/archive/2009/08/19/ibatis-nhibernate-mosso-medium-trust-partial-trust-environments.aspx
Many shared hosting providers (in this case Mosso) run your ASP.NET applications in a medium trust or modified medium trust environment to reduce security risks. This causes issues with certain techniques and components that require permissions removed by medium trust.
One of the biggest issues other than the actual restriction of permissions is the restriction of partially trusted assemblies calling fully trusted code. By default, if an assembly is strong named, partially trusted assemblies (i.e. the application assemblies in your app running under medium/partial trust) can't call it. This hits many open source components such as iBatis and NHibernate. The workaround to this is to add the AllowPartiallyTrustedCallers assembly level attribute. This will mark the assembly as safe for calling by partially trusted assemblies.
Here is an example of how to modify iBatis to support this:
Download the iBatis source from the iBatis website: http://ibatis.apache.org/dotnet.cgi
Extract the source .zip to a folder
Open the IBatisNet.2005.sln solution in VS.NET
For each project in the solution, open it's AssemblyInfo.cs file
Add this using statement at the top of the file: "using System.Security;"
Add this attribute at the bottom of the file: "[assembly: AllowPartiallyTrustedCallers]"
Right click on the solution and select "Configuration Manager..."
In the "Active solution configuration" dropdown, select Release
Uncheck all of the Test projects
Click OK
Build the solution
Or you can download the compiled assemblies: iBatis-PartialTrust.zip
Enabling NHibernate for medium/partial trust is a similar procedure. If there is enough demand I will present steps and compiled assemblies for it as well.
As for the permission restrictions, most shared hosting providers don't actually run in medium trust as this restricts many useful things such as Reflection etc. One example I've run into recently is Mosso's modified medium trust. They take medium trust, which consists of the following denied permission restrictions:
Call unmanaged code.
Call serviced components.
Write to the event log.
Access Microsoft Message Queuing queues.
Access ODBC, OleDb, or Oracle data sources.
Access files outside the application directory.
Access the registry.
Make network or Web service calls (using the System.Net.HttpWebRequest class, for example).
And then Mosso adds back in the following allowed permission to come up with "modified medium trust":
WebPermission Unrestricted="true"
OleDbPermission Unrestricted="true"
OdbcPermission Unrestricted="true"
SocketPermission Unrestricted="true"
ConfigurationPermission Unrestricted="true"
ReflectionPermission Unrestricted="true"
This is still rather limiting, but at least you can get most things done as long as you can call into the necessary assemblies without getting exceptions as discussed in the workaround section above.
Wednesday, August 19, 2009 4:04 PM
Many shared hosting providers (in this case Mosso) run your ASP.NET applications in a medium trust or modified medium trust environment to reduce security risks. This causes issues with certain techniques and components that require permissions removed by medium trust.
One of the biggest issues other than the actual restriction of permissions is the restriction of partially trusted assemblies calling fully trusted code. By default, if an assembly is strong named, partially trusted assemblies (i.e. the application assemblies in your app running under medium/partial trust) can't call it. This hits many open source components such as iBatis and NHibernate. The workaround to this is to add the AllowPartiallyTrustedCallers assembly level attribute. This will mark the assembly as safe for calling by partially trusted assemblies.
Here is an example of how to modify iBatis to support this:
Download the iBatis source from the iBatis website: http://ibatis.apache.org/dotnet.cgi
Extract the source .zip to a folder
Open the IBatisNet.2005.sln solution in VS.NET
For each project in the solution, open it's AssemblyInfo.cs file
Add this using statement at the top of the file: "using System.Security;"
Add this attribute at the bottom of the file: "[assembly: AllowPartiallyTrustedCallers]"
Right click on the solution and select "Configuration Manager..."
In the "Active solution configuration" dropdown, select Release
Uncheck all of the Test projects
Click OK
Build the solution
Or you can download the compiled assemblies: iBatis-PartialTrust.zip
Enabling NHibernate for medium/partial trust is a similar procedure. If there is enough demand I will present steps and compiled assemblies for it as well.
As for the permission restrictions, most shared hosting providers don't actually run in medium trust as this restricts many useful things such as Reflection etc. One example I've run into recently is Mosso's modified medium trust. They take medium trust, which consists of the following denied permission restrictions:
Call unmanaged code.
Call serviced components.
Write to the event log.
Access Microsoft Message Queuing queues.
Access ODBC, OleDb, or Oracle data sources.
Access files outside the application directory.
Access the registry.
Make network or Web service calls (using the System.Net.HttpWebRequest class, for example).
And then Mosso adds back in the following allowed permission to come up with "modified medium trust":
WebPermission Unrestricted="true"
OleDbPermission Unrestricted="true"
OdbcPermission Unrestricted="true"
SocketPermission Unrestricted="true"
ConfigurationPermission Unrestricted="true"
ReflectionPermission Unrestricted="true"
This is still rather limiting, but at least you can get most things done as long as you can call into the necessary assemblies without getting exceptions as discussed in the workaround section above.
Wednesday, August 19, 2009 4:04 PM
相关文章推荐
- How to use custom type handler (typeHandler) in ibatis 2.3.4
- How to use jquery or ajax to update razor partial view in c#/asp.net for a MVC project
- How to use MySQL like operator in JDBC?
- How to use a TControlCanvas in a component
- [Yii Framework] How to run cron job (or use command) in the server with yii framework
- HOWTO: How to Use PeekMessage() Correctly in Windows
- How to use $http and $resource in Angular JS
- How to Create Multilingual Webpart in SharePoint 2010? Use Localization in Globalization.
- How to use the pointer of function in a class?
- How to Use Instruments in Xcode-(转载)
- How to use For loop in CruiseControl.net
- How to use equals( ) and equalsIgnoreCase( ) in Java
- how-to-use-ps-kill-and-nice-to-manage-processes-in-linux
- How to use UTF-8 in Python
- How to Collect Errorstacks for use in Diagnosing Performance Issues. (文档 ID 1364257.1)
- How To Use Dynamic Sql in Sql Server ?
- How to use App.Config in WPF applications
- Linux - How to use LVM in Linux
- How to use udev for Oracle ASM in Oracle Linux 6
- 转载:How to use Multi-touch in Android 2: Part 6, Implementing the Pinch Zoom Gesture