This project is read-only.

Medium Trust

Topics: ASP.NET 2.0
Mar 15, 2010 at 3:35 PM

Can BE 1.6 run in a medium trust site?  I am hosted at 1and1 and getting the following error (per fiddler).  Any help will be greatly appreciated.


<b> Description: </b>The application attempted to perform an operation not allowed by the security policy. &nbsp;To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

<b> Exception Details: </b>System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.<br><br>

<b>Source Error:</b> <br><br>

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code>

[SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark&amp; stackMark, Boolean isPermSet) +0

System.Security.CodeAccessPermission.Demand() +58

System.Net.CredentialCache.get_DefaultNetworkCredentials() +62

BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler.RetrieveRemoteScript(String file) in JavaScriptHandler.cs:115

BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler.ProcessRequest(HttpContext context) in JavaScriptHandler.cs:43

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +75



Mar 15, 2010 at 3:54 PM

Disabling HTTP compression fixed my issue.  However I do notice a performance hit. Any solution out there?

Mar 15, 2010 at 8:15 PM

Update.  I am still getting random errors with the same basic security warning as in my original post.  Anybody using 1and1 to host their blogengine blog?

Mar 15, 2010 at 11:25 PM

BlogEngine technically requires "high" trust level, as it uses HttpWebRequest for remote calls. It is essential functionality for any application and most hosts realize it and make exception to their medium trust setup to allow calls with HttpWebRequest,/response so it usually works even in medium trust. Not sure about 1 and 1, you might ask them to elevate to high trust in your case.

Mar 18, 2010 at 1:58 PM

Some hosts may not allow a "blanket" high trust level for your web application, but will insert exceptions for specific DLLs that need the higher level. I went through this with HostMySite in regards to our own web application (and not BlogEngine). Basically they consented to make exceptions for some of our custom DLLs. They were supposed to "review" each DLL, but I think they just inserted the exceptions without much checking.  Just something to think about in case they are interested in negotiating.