PowerTCP Emulation for .NET
PowerTCP in Partial Trust Environments



Partial Trust

Partial Trust environments such as shared hosting in ASP.NET limit access to potentially harmful .NET framework classes and methods. Because of this, some additional configuration is required in order to use Dart's components in these restricted environments. When developing a system service, console application, windows forms application, or web application that will run with Full Trust, no additional configuration is necessary.

Background

The Windows API can access system services that a system administrator may not want to expose. For example, a web hosting service may not want hosted code to access the file system. Microsoft calls limiting such access “Code Access Security”, well-documented in the MSDN article Using Code Access Security with ASP.NET.

Dart assemblies are marked with the 'AllowPartiallyTrustedCallers' assembly attribute for use in Partial Trust Environments. Using Dart's components in a Partial Trust environment requires additional configuration such as installing the component dll into the GAC or creating a custom security policy.

Installation into the GAC

When a Dart assembly is installed into the GAC, the component is granted full trust and asserts the required permissions at runtime so that no custom Security Policy is required. This is the preferred technique for using Dart components in Partial Trust environments.

Custom Security Policies

Security policy files are used to define a permission set that applications running under them can be granted. Under ASP.NET the web.config file can be used to specify which Security Policy should be used. Custom Security Policy files can be used to explicitly grant permissions that are required by the application and its references. However, some .NET Framework features are restricted regardless of Security Policy settings and will typically result in System.Security.SecurityException when used. Because of this, some components may have limited functionality in partial trust environments; if full functionality is required then the Dart component must be installed into the GAC.

Defining a Custom Security Policy

A custom Security Policy should only be used if an application using a Dart component is not run in Full Trust or the Dart component's assembly is not installed into the GAC.

Note: Version numbers mentioned in the following instructions reflect the version of the .NET Framework that permissions are being requested for; if .NET 2.0 is targeted then the appropriate version number should be substituted.

To define a custom Security Policy:

  1. Copy and paste the default web_mediumtrust.config file located at C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_mediumtrust.config
  2. Rename the copied config file, ex: web_mediumtrust_custom.config
  3. Add the SocketPermission class definition to the SecurityClasses section:

    <SecurityClass
        Name="SocketPermission"
        Description="System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

  4. Add SocketPermission to the ASP.NET NamedPermissionSet section:

    <Ipermission
         class="SocketPermission"
         version="1"
         Unrestricted="true" />

  5. Add the UnmanagedCode flag to the SecurityPermision definition:

    <Ipermission
         class="SecurityPermission"
         version="1"
         Flags="UnmanagedCode, Execution, ControlThread, ControlPrincipal, RemotingConfiguration" />

  6. Save the file

Configuring the Security Policy in web.config

To direct an ASP.NET application to use medium trust add the following to the system.web section:

<trust level="Medium"/>

To use a custom Security Policy, add the following to the system.web section:

<securityPolicy>
     <trustLevel name="CustomMedium" policyFile="C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_mediumtrust_custom.config" />
</securityPolicy>
<trust level="CustomMedium"/>

Alternatively, an assembly that requires full trust can be added to the application's web.config securityPolicy section:

<securityPolicy>
   <fullTrustAssemblies>
     <add assemblyName="Dart.Snmp" version="4.7.0.0" publicKey="00240000048000009400000006020000002400005253413100040000010001003fc01cbb4168cbdbb48a763283bd3a3e48dba81e06c4179db0bf20ba775a188f5c06c7bc1d7f39c22d63a04e3c16b424da9174dc28a019097458bcbea3e0e5184854a07382e3329cf82ce6004731b25eb7b9d56d9682df5606806b894974d0d42b960a2498a756f38904a1cac14e41a9b5debb62276e94e37934d5f1cc9838dd"/>
   </fullTrustAssemblies>
</securityPolicy>

Update the assemblyName, version and publicKey as needed for the product in use. To extract the public key from an assembly, use the 'sn' utility with the '-Tp' option from the Visual Studio command prompt.


PowerTCP Emulation for .NET Documentation Version 4.7
© 2018 Dart Communications. All Rights Reserved.
Send comments on this topic