Custom membership provider in partial trust mode
- From: "Atul Thombre" <athombre@xxxxxxxxx>
- Date: Thu, 28 Jun 2007 18:18:20 +0530
Hello,
I am developing a custom membership provider. For that I built a prototype that uses a SQL Server 2005 database as a backend store. I implemented the class System.Web.Security.MembershipProvider and implemented few necessary methods. The methods use SQL for interacting with the SQL Server database. I put all this code in a class library.
I also created a simple Website using Visual Studio 2005 and configured the Web.config to use this custom provider that I have written. Everything worked fine. I could use the ASP.NET configuration tool and use the custom provider to add users and view user details. Then I added a login page with a login control and create user page with create user control and both of them worked.
Now, I want to run this provider in the partial trust environment since MOSS 2007 runs in Minimal trust mode. I followed instructions provided in some of the articles that I found on the web. Basically, the steps I took were
- Add a line <trust level="CustomTrust" originUrl=""/> in the Web.Config for the website I created.
- Add a security policy in the same Web.config. This policy associates the trust level specified above with the config file.
- I then copied web_minimaltrust.config from the framework CONFIG directory to the Website directory and renamed it
- I then added [assembly: AllowPartiallyTrustedCallers] and [assembly: SecurityCritical] in the assemblyInfo file for the custom provider.
- I added a permission set to the custom.config file. It is like this -
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="MyCustomPermissionSet"
Unrestricted="true"
Level="CustomTrust"
Description="My custom permission set">
<IPermission
class="SecurityPermission"
version="1"
Flags="Execution, Assertion"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
- I then created a strong name key pair file and added it to the custom provider project and referenced it in that project.
- I added a Codegroup section in the custom.config file as follows
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomPermissionSet"
Description="Custom code group for my signed assembly">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="Public key blob from the strong name key pair"
/>
</CodeGroup>
- I added [SecurityCritical] in front of all the methods that are implemented
- I added following code in all the methods
SecurityPermission permission1 = new SecurityPermission(PermissionState.Unrestricted);
permission1.Assert();
Now I am trying to run the ASP.NET configuration tool and it gives an error
"This feature is not supported at the configured trust level".
If I raise the trust level to 'Medium', everything works. If I lower it to 'Low', I get a different error, something about mscorlib. "Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0.... failed".
First of all, do I have to run the custom provider in the minimal trust level? I am doing this because I read that MOSS 2007 expects it to run in partial [minimal] trust mode.
Where am I going wrong? I could not find anything on the web that will help me solve this problem. So, any help is really appreciated.
Thanks,
Atul.
.
- Prev by Date: Web service, forms authentication and DefaultCredentials
- Next by Date: Active Directory Authentication - Thread was being aborted exception
- Previous by thread: Web service, forms authentication and DefaultCredentials
- Next by thread: Active Directory Authentication - Thread was being aborted exception
- Index(es):
Relevant Pages
|
|
