Ok, I very preliminarily have some signs of hope that this might be
possible. However, I had to make several changes to the Ibatis source code
so now I have this mutant project that will not match what everyone else has
and will be a problem when I want to upgrade to a new version.
Here are the steps that I've completed so far:
1. Recompiled Ibatis dlls with a strong name key and with
AllowPartiallyTrustedCallers attribute set in assemlyinfo.cs
2. Updated the references to Castle.Dynamic proxy to a newer version
that allows partially trusted callers
3. Added a custom trust.config file in the root of my website to allow
Reflection within my medium trust environment and configured it in the
web.config file. This of course removed the reflection error (am I missing
something, or is this a fundamental issue with medium trust and Ibatis? I
couldn't see any way around needing Reflection permissions - I'll just have
to hope I can talk the hosting company into it) This brought me to a
securitypermissions error that I posted in a previous message.
4. The last step: When digging into exactly where the error was
occurring, I noticed that it was in the CallContextSessionStore class which
has a note at the top NOT to use it in web scenarios. I am of course using
a web scenario. So I started looking around for a different method to call
on the mapper that would not call into that class. Here is the line of code
that seems to be causing the issue:
ISqlMapSession session = _sessionStore.LocalSession;
However, a few lines below this, the code is setting the
session variable to a local session if one was not set from the call to
_sessionStore.LocalSession. I decided to try removing the call to
_sessionStore.LocalSession and see if that would solve my issue. A quick
recompile and voila! The site seems to be up and running again.
Does anyone have any thoughts/suggestions/improvements on what I cobbled
together to make this work? I don't want to be doing something stupid that
will end up biting me a few months down the road and I don't feel like I'm
comfortable enough with Ibatis to be sure that I'm not messing something up.
Thanks!
--Erin
From: Michael McCurrey [mailto:mmccur...@gmail.com]
Sent: Tuesday, July 28, 2009 8:02 PM
To: user-cs@ibatis.apache.org
Subject: Re: Medium Trust Environments
I'm not around a compiler at the moment; but I do recall reading someplace
that the Castle.DynamicProxy (old version) as is doesn't allow partially
trusted calls. You'd either have to link it to a version that does or
ILMerge it into the iBatis DLL. It's a pain.
On Tue, Jul 28, 2009 at 5:39 PM, Erin Rollenhagen
<e...@entrepreneurialtechnologies.com> wrote:
An update: I've now recompiled the Ibatis.Net dlls using
AllowPartiallyTrustedCallers and have come up with a new exception:
[SecurityException: Request for the permission of type
'System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Module m,
StackCrawlMark& stackMark, Boolean skipVisibility) +191
System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType,
Type[] parameterTypes, Module m, Boolean skipVisibility) +49
IBatisNet.Common.Utilities.Objects.Members.DelegatePropertySetAccessor..ctor
(Type targetObjectType, String propName) +700
IBatisNet.Common.Utilities.Objects.Members.SetAccessorFactory.CreateDynamicP
ropertySetAccessor(Type targetType, String propertyName) +235
IBatisNet.Common.Utilities.Objects.Members.SetAccessorFactory.CreateSetAcces
sor(Type targetType, String name) +453
IBatisNet.DataMapper.Configuration.ResultMapping.ResultProperty.Initialize(C
onfigurationScope configScope, Type resultClass) +336
IBatisNet.DataMapper.Configuration.ResultMapping.ResultMap.GetChildNode(Conf
igurationScope configScope) +1570
IBatisNet.DataMapper.Configuration.ResultMapping.ResultMap.Initialize(Config
urationScope configScope) +194
I've Googled around a bit and it seems the solution to this is making any
members that need to be reflected public. This doesn't really seem
realistic - does anyone have any ideas?
From: Michael McCurrey [mailto:mmccur...@gmail.com]
Sent: Tuesday, July 28, 2009 7:29 PM
To: user-cs@ibatis.apache.org
Subject: Re: Medium Trust Environments
What type of ado.net driver are you using?
On Tue, Jul 28, 2009 at 4:08 PM, Erin Rollenhagen
<e...@entrepreneurialtechnologies.com> wrote:
Hi Everyone,
I know I've brought this up before but I don't think there was ever an
answer.I got around it at the time by switching from a GoDaddy account to a
HostMySite account that was running in a higher-trust environment. Now my
host has sent out an email saying that they're switching to medium trust in
a week. I decided to test this out by setting the trust level to medium in
my application, and sure enough, my ibatis calls no longer work.
I've tried marking the EntrepreneurialTechnologies.DatabaseHelper class
(which calls Ibatis) with the AllowPartiallyTrustedCallers attribute and
signing it, but to no avail. I still get the security exception. What I'd
like to know is if this is something that just cannot be done, if Ibatis is
fundamentally incompatible with medium-trust environments, or if there is a
way to configure things so that it will run in medium trust. Does anyone
have this working currently?
If this is something obvious that I am not getting about how medium trust
works, please forgive me. I've never had to deal with this much before.
Any and all guidance is appreciated.
Here is the stack trace:
[SecurityException: That assembly does not allow partially trusted callers.]
EntrepreneurialTechnologies.DatabaseHelper.SelectMapperClient.selectList(Str
ing selectName, Object params) +0
ET.IowaChiropracticSociety.HomePageBannerService.getActive() +82
_DefaultPage.Page_Load(Object sender, EventArgs e) +308
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Adapters.ControlAdapter.OnLoad(EventArgs e) +15
System.Web.UI.Control.LoadRecursive() +8683053
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) +37
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSte
p.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +75
Thanks!
Erin Rollenhagen
Entrepreneurial Technologies
12257 University Avenue, Suite 200
Clive, Iowa 50325
515.440.1242
e...@entretechno.com
http://www.entretechno.com <http://www.entretechno.com/>
--
Michael J. McCurrey
Read with me at http://www.mccurrey.com
http://chaoticmindramblings.blogspot.com/
--
Michael J. McCurrey
Read with me at http://www.mccurrey.com
http://chaoticmindramblings.blogspot.com/
