0
votes

I must say that so far, I've probably just been darn lucky in that I've never come across the problems associated with a web site running in medium trust. I've only ever developed intranet apps or happened to have use a hosting company that runs in full trust. But the host I've been asked to use for a recent project runs at medium trust so I'm trying to get my app running this. Couple of questions - I develop on Windows XP. Can IIS on there be configured for medium trust (easier to debug) and/or is it a web.config setting? There is a wealth of information on this subject and the learning curve is steep.

Secondly, after a lot of fiddling and removing code, I think this line is causing a permissions error:

For Each FieldInfo As FieldInfo In Type.GetFields(BindingFlags.Instance Or BindingFlags.NonPublic Or BindingFlags.Public)

Can anyone clarify this is a possible candidate, esp. that NonPublic flag? This is copy & pasted code (Coding Horror highlighted the risk of this) so I've never really thought about. I assume the loop is through each field in the object both public and non-public fields - and I've read that protected fields are forbidden with reflection on medium trust.

Cheers, Rob.

3

3 Answers

3
votes

Sorry, Reflection with NonPublic is equivalent to full trust.

If somehow I didn't have full trust but had NonPublic reflection, I could leverage that into changing my own code trust level (writable strings, etc).

2
votes

Yes, a website on XP can be configured to run in medium trust:

In the <system.web> section add the following:

<!-- Case is important: it's Medium, not medium -->
<trust level="Medium"/>

And you're there.

What you may well find is that most hosts run their sites in a slightly elevated "Medium" trust setting, with some additional rights beyond the default - their techies should be able to tell you what differences they have if any.

If you take a look in:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config

you will see the default settings that are applied.

Reflection is one of the key things that is limited in Medium trust - from the Remarks on the GetFields page:

If the requested field is non-public and the caller does not have ReflectionPermission to reflect non-public objects outside the current assembly, this method returns a null reference (Nothing in Visual Basic).

As this has the potential to return null you should probably be checking for null before you start iterating through it, or checking that FieldInfo isn't null/nothing before using it.

0
votes

I'm going to flag this as closed as nobody has answered and also it was just proving too problematic to try and re-code. The program isn't badly written but uses reflection very heavily for object mapping and to be honest, it's easier to find a hosting company that supports full trust.