I'm trying to use RavenDB in Medium Trust, I would like to try the embedded model, since the hosting (cheap) I use will not allow to install a service. My code to initialize is the following:
private void ConfigureStorage()
{
store = new EmbeddableDocumentStore();
store.Configuration.DefaultStorageTypeName = "munin";
store.Configuration.DataDirectory=Server.MapPath("$/App_Data");
store.Initialize();
}
that works in full trust, but in Medium it throws:
Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
with the following stack trace:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.StubHelpers.StubHelpers.DemandPermission(IntPtr pNMD) +0
Microsoft.VisualBasic.CompilerServices.NativeMethods.GlobalMemoryStatusEx(MEMORYSTATUSEX& lpBuffer) +0
Microsoft.VisualBasic.Devices.InternalMemoryStatus.Refresh() +68
Microsoft.VisualBasic.Devices.InternalMemoryStatus.get_TotalPhysicalMemory() +11
Microsoft.VisualBasic.Devices.ComputerInfo.get_TotalPhysicalMemory() +49
Raven.Database.Config.InMemoryRavenConfiguration.GetDefaultMemoryCacheLimitMegabytes() +301
Raven.Database.Config.InMemoryRavenConfiguration.Initialize() +631
Raven.Database.Config.RavenConfiguration.LoadConfigurationAndInitialize(IEnumerable`1 values) +311
Raven.Database.Config.RavenConfiguration..ctor() +189
Raven.Client.Embedded.EmbeddableDocumentStore.get_Configuration() +99
Wine2.MvcApplication.ConfigureStorage() +84
Wine2.MvcApplication.Application_Start() +84
Raven build is: Version 573
Are there some workaraound to make it working under medium trust, or is this scenario unsupported?
Under strict medium trust, RavenDB won't work.
But there plenty of hosting companies that provide hosting where RavenDB does work, because they tweaked the permissions.
From my experience I just gave up trying to run the embedded store in Medium Trust. I was getting the same error described in your question.
To overcome this, you can try www.winhost.com as described here:
How can I run RavenDB in a shared hosting environment?
It has the so desired Full Trust Allowed which is something one should look for in the case of RavenDB to avoid the current security permissions problems...
NOTE: I just tried this host and can confirm that it works great with RavenDB in Full Trust... :-)
Related
I'm trying to run Raven Db in embeddedmode on Winhost, but I get a securityexception with following stacktrace:
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark) +31
System.Security.CodeAccessPermission.Demand() +46
System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties() +53
Raven.Database.Util.PortUtil.FindPort() in PortUtil.cs:34
Raven.Database.Util.PortUtil.GetPort(String portStr) in PortUtil.cs:17
Raven.Database.Config.InMemoryRavenConfiguration.Initialize() in InMemoryRavenConfiguration.cs:109
Raven.Database.Config.RavenConfiguration.LoadConfigurationAndInitialize(IEnumerable`1 values) in RavenConfiguration.cs:30
Raven.Database.Config.RavenConfiguration..ctor() in RavenConfiguration.cs:19
Raven.Client.Embedded.EmbeddableDocumentStore.get_Configuration() in EmbeddableDocumentStore.cs:45
Raven.Client.Embedded.EmbeddableDocumentStore.set_DataDirectory(String value) in EmbeddableDocumentStore.cs:69
StingyPrice.MvcApplication.Application_Start() in Global.asax.cs:42
My application is running in full trust (internal) mode but judging from that exception I'm making a bold assumption that Raven will never run unless they loosen their security policies.
Am I wrong or is it possible to run Raven Db at Winhost?
Also if it's not possible, a list of shared web hosting providers that can run Raven Db would be much appreciated. :-)
RavenDB requires full trust to run in server / embedded mode.
You can try www.winhost.com as described here:
How can I run RavenDB in a shared hosting environment?
It has the so desired Full Trust Allowed which is something one should look for in the case of RavenDB to avoid the current security permissions problems...
NOTE: I just tried this host and can confirm that it works great with RavenDB in Full Trust... :-)
Yes, you can run RavenDB on Winhost. You will need to change the web.config file, set the correct Raven/WorkingDir and enable Full trust.
When running, you will get an error regarding WebSockets. You can open up a support ticket to have it enabled and have “Overlapped Recycle” disabled.
I (employee of Winhost) wrote an official startup guide here if you want to try out RavenDb on Winhost.
This page about storage quotas says to use the mscorcfg tool. BUT the mscorcfg page says the tool is only for older versions of .NET
So... what's the .NET 4 way of setting this value for desktop (not Silverlight) applications?
Taking a look at how this is done, it appears you will need to edit the Application Manifest using a tool like MageUI. If you open up your application's manifest and look under the Permissions Required entry you will see that most likely it has the Permission set type of FullTrust, i.e. no quota.
If you change the Permission set type to LocalIntranet or to Internet, you will see an entry in the Details area like so:
<IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
Expiry="9223372036854775807"
Permanent="True"/>
Or
<IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Allowed="ApplicationIsolationByUser"
UserQuota="1024000"/>
You will likely need to edit the Permission set to include the IsolatedStorageFilePermission evidence, run your application, and have it Get/Create the User store. You can verify it worked with the proper quota using the storeadm.exe tool.
IsolatedStorage.IncreaseQuotaTo() should be what you want...
Trying to use a DLL that returns a list of tasks in the W2k3 server's Task Scheduler. Works great when I use it in a C# console app on the server, and using it on my computer (ASP.NET Dev Server), but when doing the same thing through the Silverlight-WCF RIA on the W2k3 server, it just wouldn't go. Silverlight returned "Object reference not set to an instance of an object" whenever it calls that DLL.
Fired up the Service Trace Viewer:
System.ServiceModel.FaultException`1[[System.ServiceModel.DomainServices.Hosting.DomainServiceFault, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Might it because I'm using a DomainService class, its hiccuping? Any particular security permission or config on IIS that needs to be done?
update:
Tried one last thing .... Identity impersonation to my domain username and password works! So what is the best way to set up IIS to get this to work?
Just stuck with using a Windows dummy account using identity impersonation. Don't like it, but it works.
I've been building a silverlight application and a WCF service for a while now and recently tried to host them in IIS7.
I installed IIS7 on Windows Server 2008 R2 and added these two application to my default website. I am having a number of problems so im hoping one of you can help out...
1) The silverlight and WCF service applications do not work with pass-through authentication. I need to "connect as" the administrator server account when setting up the application. I read online that you should only need to use the "connect as" field when you are connecting to another computer. If i dont supply the admin credentials i get this error. Do i have to set up permissions somewhere else?
HTTP Error 500.19 - Internal Server Error The requested page cannot be
accessed because the related configuration data for the page is
invalid. Detailed Error Information Module IIS Web Core Notification
BeginRequest Handler Not yet determined Error Code 0x80070005 Config
Error Cannot read configuration file due to insufficient permissions
Config File \?\C:\Users\Administrator\Documents\My Dropbox\Research
Masters\Project\WCFService\Website\web.config Requested URL
http:://localhost:80/WCFService/Service.svc Physical Path
C:\Users\Administrator\Documents\My Dropbox\Research
Masters\Project\WCFService\Website\Service.svc Logon Method Not yet
determined Logon User Not yet determined Config Source -1:
0: Links and More Information This error occurs when there is a
problem reading the configuration file for the Web server or Web
application. In some cases, the event logs may contain more
information about what caused this error.
2) Visual studio generated 2 webpages to run my silverlight application (.html and .aspx). When I am running the silverlight application (connected as admin) I can navigate to the .html page, no problem. When I try to open the .aspx file i get the following error
Server Error in '/Platform' Application.
Access is denied.
Description: An error occurred while accessing the resources required
to serve this request. You might not have permission to view the
requested resources.
Error message 401.3: You do not have permission to view this directory
or page using the credentials you supplied (access denied due to
Access Control Lists). Ask the Web server's administrator to give you
access to 'C:\Users\Administrator\Documents\My Dropbox\Research
Masters\Project\Platform\Website\PlatformTestPage.aspx'.
Version Information: Microsoft .NET Framework Version:4.0.30128;
ASP.NET Version:4.0.30128.1
3) The WCF service runs fine (again, connected as admin) until i restart the server. When i try to run the WCF service after a reboot, the mysql assembly seems to be missing from the solution. If i just rebuilt the solution and run the service again... it works (until next restart). Whats causing this error?
Solution here - http://tinypic.com/view.php?pic=5yasqx&s=5
Server Error in '/WCFService' Application.
Could not load file or assembly 'MySql.Data, Version=6.2.2.0,
Culture=neutral, PublicKeyToken=c5687fc88969c44d' or one of its
dependencies. Access is denied.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.IO.FileLoadException: Could not load file or
assembly 'MySql.Data, Version=6.2.2.0, Culture=neutral,
PublicKeyToken=c5687fc88969c44d' or one of its dependencies. Access is
denied.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Assembly Load Trace: The following information can be helpful to
determine why the assembly 'MySql.Data, Version=6.2.2.0,
Culture=neutral, PublicKeyToken=c5687fc88969c44d' could not be loaded.
WRN: Assembly binding logging is turned OFF. To enable assembly bind
failure logging, set the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There
is some performance penalty associated with assembly bind failure
logging. To turn this feature off, remove the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog].
Stack Trace:
[FileLoadException: Could not load file or assembly 'MySql.Data,
Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' or
one of its dependencies. Access is denied.]
System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String
codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint,
StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean
forIntrospection, Boolean suppressSecurityChecks) +0
System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName
assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark,
Boolean forIntrospection, Boolean suppressSecurityChecks) +567
System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString,
Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean
forIntrospection) +192 System.Reflection.Assembly.Load(String
assemblyString) +35
System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String
constructorString, Uri[] baseAddresses) +243
System.ServiceModel.HostingManager.CreateService(String
normalizedVirtualPath) +1423
System.ServiceModel.HostingManager.ActivateService(String
normalizedVirtualPath) +50
System.ServiceModel.HostingManager.EnsureServiceAvailable(String
normalizedVirtualPath) +1132
[ServiceActivationException: The service '/WCFService/Service.svc'
cannot be activated due to an exception during compilation. The
exception message is: Could not load file or assembly 'MySql.Data,
Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' or
one of its dependencies. Access is denied..]
System.Runtime.AsyncResult.End(IAsyncResult result) +889824
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult
result) +179150
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult
ar) +107
Version Information: Microsoft .NET Framework Version:4.0.30128;
ASP.NET Version:4.0.30128.1
Thats about it, hope someone reads this message, I wasted most of the weekend trying to fix these problems on my own... thanks
My suggestions:
1) Check your web application folder's permissions. You should edit the permissions on your web application folder so that the IIS user can read from the folder.
So you should open the folder properties dialog for the folder in the windows explorer and check if the application pool user has at least read permissions. If you didn't provide another user for the application pool, then the default user should be IIS_IUSRS.
2) Check if the asp.net is enabled in your system by running:
If you have .Net 4 installed in your system:
"%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" –i
Otherwise:
"%WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe" –i
The above command will register/repair the your .Net installation with the IIS.
3) Is your mysql dll locate in the bin folder? I would check if you also have permissions to read this folder. If the dll is not in the same folder as your application dll, check if the dll is installed in the GAC.
Regards,
1)Give permissions to the folder for the IIS_IUSRS group.
Also see if the application pool for the application in IIS manager->"Application Pools" has the Identity set as "LocalSystem". For me it was "NetworkService", setting it to "LocalSystem" solved it.
You must not be able to host silverlight applications with IIS7.
Try hosting your silverlight app on an apache server with a php / html script.
Hope that helps mate
Please rate my answer
Anzwerx
Here is the error:
System.TypeInitializationException: The type initializer for 'NHibernate.Cfg.Environment' threw an exception.
---> System.Security.SecurityException: Request for ConfigurationPermission failed while attempting to access configuration section 'hibernate-configuration'. To allow all callers to access the data for this section, set section attribute 'requirePermission' equal 'false' in the configuration file where this section is declared.
---> System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca)
We have the trust level set to Full. Note also that we also have a web site that runs the SAME Nhibernate code and has NO issues. Only the WCF REst Web Service Application has this error?
Any Thoughts as to WHY this is a problem?
http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/107/threadid/344545/scope/posts/Default.aspx
change the Identity of the app pool from "ApplicationPoolIdentity" to "NetworkService" and give "NetworkService" account "modify" permissons on the file system folder.