Modified Medium Trust on Cloud Sites
The Rackspace Cloud’s Windows environment operates in modified Medium Trust.
The "trust level" refers to permissions set in the Web.config file that dictate what operations can and cannot be performed by web applications. Our ASP.NET 3.5 servers use the default Medium Trust level with the addition of OleDbPermission, OdbcPermission, ConfigurationPermission, ReflectionPermission, a less-restrictive WebPermission and SocketPermission as detailed below:
- WebPermission Unrestricted="true"
- OleDbPermission Unrestricted="true"
- OdbcPermission Unrestricted="true"
- SocketPermission Unrestricted="true"
- ConfigurationPermission Unrestricted="true"
- ReflectionPermission Unrestricted="true"
Using a Medium Trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound HTTP and HTTPS traffic. SocketPermission is modified to allow better access to payment services. Adding ConfigurationPermission allows methods or classes to access configuration files. Adding ReflectionPermission allows access to non-public types and members.
Applications operating under a Medium Trust level have no registry access, and no access to the Windows event log. Both network and file system access will be limited.
Running Applications under Medium Trust
DotNetNuke can be installed in our modified Medium Trust environment by following our guide. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit DotNetNuke's community forums.
Per this article at ASPDotNetStoreFront's website:
"Beginning with version 188.8.131.52, the software will run in Medium Trust natively. Customers on earlier versions than that will need to contact ASPDotNetStoreFront's support with their original order number for a special medium trust build."
Umbraco can be configured to run in a Medium Trust environment.
BlogEngine works in our modified Medium Trust environment. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit BlogEngine’s community forums.
mojoPortal works in our modified Medium Trust environment. If you do encounter any issues with the installation of the CMS, please report the issue to our support team, post in our forums, or visit mojoPortal's community forums.
Partially Trusted Callers
If you do experience trust-related issues, it may relate to assemblies that do not allow Partially Trusted Callers. For additional information on this, please review Microsoft’s documentation regarding Partially Trusted Callers here and here (these are components that will NOT work with Partially Trusted Callers).
Many components also have support documentation concerning functioning in a Medium Trust.
The Rackspace Cloud has been working with Persists, the creator of AspJpeg, to determine if their component will work under .NET in our modified Medium Trust environment. It should be noted, however, that the AspJpeg component is fully functional under Classic ASP.
FileIO requires an elevated set of permissions to allow directory and/or file creation. There are two ways around the documented Microsoft FileIO bug that prevents folder creation via .NET under modified Medium Trust.
(1) Upgrade your application to run under .NET 4.0 - the FileIO issue has been resolved by Microsoft in the .NET 4.0 CLR.
(2) Request that a symlink be created for your domain. This establishes a new root path and circumvents the original issues associated with the FileIO bug.
NOTE: In either case, it is still necessary that you use impersonation. This allows the proper elevated credentials to perform the directory/file creation. Please see the following article for more information:
To facilitate your ability to test your applications on your local development machine, we have made our modified Medium Trust configuration available:
Click here to download modified Medium Trust configuration file for .NET 3.5
© 2015 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER