• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Feedback

Let us know what you think of our Knowledge Center!

Open Cloud Community

Learn about Rackspace products, ask questions, and share your knowledge in our Open Cloud Community.

Modified Medium Trust on Cloud Sites

  • Article ID: 130
  • Last updated on February 15, 2012
  • Authored by: Rackspace Support
  • (3 Comments)

The Rackspace Cloud’s Windows environment operates in modified Medium Trust.

Contents

Overview

The "trust level" refers to permissions set in the Web.config file that dictate what operations can and cannot be performed by web applications. Our ASP.NET 3.5 servers use the default Medium Trust level with the addition of OleDbPermission, OdbcPermission, ConfigurationPermission, ReflectionPermission, a less-restrictive WebPermission and SocketPermission as detailed below:

  • WebPermission Unrestricted="true"
  • OleDbPermission Unrestricted="true"
  • OdbcPermission Unrestricted="true"
  • SocketPermission Unrestricted="true"
  • ConfigurationPermission Unrestricted="true"
  • ReflectionPermission Unrestricted="true"

Using a Medium Trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound HTTP and HTTPS traffic. SocketPermission is modified to allow better access to payment services. Adding ConfigurationPermission allows methods or classes to access configuration files. Adding ReflectionPermission allows access to non-public types and members.

Applications operating under a Medium Trust level have no registry access, and no access to the Windows event log. Both network and file system access will be limited.

Running Applications under Medium Trust

DotNetNuke

DotNetNuke can be installed in our modified Medium Trust environment by following our guide. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit DotNetNuke's community forums.

ASPDotNetStoreFront

Per this article at ASPDotNetStoreFront's website:
"Beginning with version 7.0.2.5, the software will run in Medium Trust natively. Customers on earlier versions than that will need to contact ASPDotNetStoreFront's support with their original order number for a special medium trust build."

Umbraco

Umbraco will not work on Medium Trust. The application writes to the registry, which is not possible in less than Full Trust. Umbraco has stated that they will not be modifying their code to remove this dependency.

BlogEngine

BlogEngine works in our modified Medium Trust environment. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit BlogEngine’s community forums.

mojoPortal

mojoPortal works in our modified Medium Trust environment. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit mojoPortal's community forums.

Partially Trusted Callers

If you do experience trust-related issues, it may relate to assemblies that do not allow Partially Trusted Callers. For additional information on this, please review Microsoft’s documentation regarding Partially Trusted Callers here and here (these are components that will NOT work with Partially Trusted Callers).

Many components also have support documentation concerning functioning in a Medium Trust.

Other Items

AspJpeg

The Rackspace Cloud has been working with Persists, the creator of AspJpeg, to determine if their component will work under .NET in our modified Medium Trust environment. It should be noted, however, that the AspJpeg component is fully functional under Classic ASP.

FileIO

FileIO requires an elevated set of permissions to allow directory and/or file creation. There are two ways around the documented Microsoft FileIO bug that prevents folder creation via .NET under modified Medium Trust.

(1) Upgrade your application to run under .NET 4.0 - the FileIO issue has been resolved by Microsoft in the .NET 4.0 CLR.

(2) Request that a symlink be created for your domain. This establishes a new root path and circumvents the original issues associated with the FileIO bug.

NOTE: In either case, it is still necessary that you use impersonation. This allows the proper elevated credentials to perform the directory/file creation. Please see the following article for more information: 

How Do I Add Impersonation To My Website?

Configurations

To facilitate your ability to test your applications on your local development machine, we have made our modified Medium Trust configuration available:
Click here to download modified Medium Trust configuration file for .NET 3.5

Click here to download modified Medium Trust configuration file for .NET 4.0



© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER

3 Comments

i got this error.


The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

me unable to change in trust level in web.config file

can you please give us solution for it. my website hosted on reckspace
By vaibhav kothia on Jul. 30, 2012

Thanks Vaibhav,
Please open a ticket and we will try to diagnose your trust exception.
By Chris on Jul. 30, 2012

Changing the dll file to an earlier version that doesnt require high trust level will resolved the issue on cloud sites account.

Hope this helps!
By Suleyman on May. 9, 2013

Add new comment