Running in medium trust?

Jan 19, 2009 at 1:49 AM
How can we run the AntiXSSLibrary in an enviroment with partial trust? Have tried to recompile the ddl with the [assembly: AllowPartiallyTrustedCallers()] attribute but it still did not work. Would love to use the library live on host with medium trust (most common senario).
Feb 2, 2009 at 1:17 PM
Jesperlind,

Hello, I am Dennis and I am the PM for the project -
Sorry for the delay in your answering your question - I am currently seeking the solution to your problem.
I will post an answer as soon as I am able. I would like to suggest that you contact me directly: degroves@microsoft.com

Thank you,

Dennis
Feb 18, 2009 at 9:56 PM
Hi,

I did add the line:

[

assembly: System.Security.AllowPartiallyTrustedCallers()]

to AssemblyInfo.cs and recompile AntiXSS.dll. It now works at medium trust. I did have to restart Visual Studio to make sure that the old version was not cached anywhere.


Regards,
David

 

Feb 19, 2009 at 2:52 PM
DavidAtAscent-

This is really cool! Thank you for sharing your success -

Dennis
Feb 24, 2009 at 5:06 AM
Mr. degroves,  I tried davids solution and am getting the following error when I deploy my test site: 

Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.

Sorry, tried to post the error message.  Is there anything else I need to add?  Thank you in advance.


Feb 25, 2009 at 4:25 AM
Hi Justenough,

I am currently haveing one of my developers look at your situation to see if we can come up with an answer for you.
If more information is required I will get back to you - but I hope we can have some guidance by the end of the day.

Thank you,

Dennis Groves // degroves@microsoft.com
Feb 26, 2009 at 3:01 PM
Thanks Dennis
Apr 4, 2009 at 3:45 PM
When I brought the code down, Allow unsafe code was set to true. After disabling that setting, "Required permissions cannot be acquired" error was resolved. I haven't inspected the code closely, so I'm not sure if it actually needs to use unsafe code. Seems unlikely.
Feb 1, 2010 at 4:07 AM

Hi

I have downloaded v3.1 and added to the AntiXSSLibrary project AssemblyInfo.cs

        [assembly: System.Security.AllowPartiallyTrustedCallers()]

and still get the error in my web app after a rebuild and close and reopen of VS 2008

        Required permissions cannot be acquired.

I have tried to build the AntiXSSLibrary project with

        Allow unsafe code = false

but I get the build errors

       Error 5 Unsafe code may only appear if compiling with /unsafe G:\source-utilities\AntiXSS-28744\V3.1\Source\AntiXSS\AntiXSSLibrary\TextConverters\COMMON\HashCode.cs 206 28 AntiXSSLibrary

Am I missing something ?

Any help would be greatly appreciated as I need to run under a medium trust environment.

Cheers Michael 

 

 

 

 

Feb 2, 2010 at 8:06 AM

 

Hi

I have rebuilt AntiXss Library v3.0 with

            Allow unfase code = false

            [assembly: System.Security.AllowPartiallyTrustedCallers()]

And the build was compliled and will run under medium trust.

I was wondering if this is going to be the case for v 3.1 any time soon?

Cheers Michael

 

Coordinator
Feb 23, 2010 at 8:48 PM

In the next version encoding and sanitizing classes will be in separate binaries. Thus encoding can be run in medium trust but sanitizing would still require full trust.

Thanks

RV

From: muln [mailto:notifications@codeplex.com]
Sent: Tuesday, February 02, 2010 12:06 AM
To: Anil Revuru (INFORMATION SECURITY TOOLS)
Subject: Re: Running in medium trust? [AntiXSS:44517]

From: muln

Hi

I have rebuilt AntiXss Library v3.0 with

Allow unfase code = false

[assembly: System.Security.AllowPartiallyTrustedCallers()]

And the build was compliled and will run under medium trust.

I was wondering if this is going to be the case for v 3.1 any time soon?

Cheers Michael

Read the full discussion online.

To add a post to this discussion, reply to this email (AntiXSS@discussions.codeplex.com)

To start a new discussion for this project, email AntiXSS@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com