Knowledge is power. We love to share it.

News related to Mono products, services and latest developments in our community.


MonoX with medium trust shared hosting

04/22/2011Categories: MonoX
Web hosting companies offer a variety of plans that cover almost every real-word scenario. Shared hosting is usually the most economical choice for low traffic sites. A single physical Web server can run dozens of sites/applications, and it is important that one site cannot harm or affect all other sites on the same box in any way.

ASP.NET allows users to define trust levels, which describe what operations are permitted in a hosted environment. You can either use one of the preset trust levels - Full, High, Medium, Low, or Minimal - or can create a custom level. Full trust, which is the default, comes without any restrictions. It is therefore a standard practice for a majority of Web hosting companies to run customer sites in a medium trust environments. This is set in a global config file and cannot be overriden in your application code, ensuring that hosted applications do not interfere with each other or use protected system resources like the the file system outside the application root path, the registry and the event log.

Unfortunately, the default medium trust policy is often too restrictive for more advanced applications, as it doesn't allow reflection, serialization, access to outside Web services, and other standard ASP.NET techniques. Although in theory each of the "forbidden" techniques could be used to compromise the server security, a vast majority of Web developers uses them for perfectly legal and valid purposes. A discussion thread on stackoverflow nicely summarizes the potential security risks: "...most likely, it's at least in part a sales technique to get you to shell out for (semi-) dedicated hosting.".

Additionally, as .NET Framework's Code Access Security model has evolved, ASP.NET 4.0 Code Access Security has introduced several breaking changes. You can find a nice primer on Code Access Security, and its implications for .NET 4 are described here. It looks nice, but it comes with its share of problems. Be warned that a lot of rather straightforward code will simply stop working, often without a meaningful error message. For example, even with the customized medium policy that elevates the reflection permission, we used to get a lot of these error messages:

Inheritance security rules violated while overriding member: 'MonoSoftware.Web.Workspace.Lookup`1<TEntity>. System.Runtime.Serialization.ISerializable.GetObjectData (System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

It turns out that you need to know exactly which .NET methods are decorated with the SecurityCritical attribute, since you cannot call them anymore if your calling methods are not marked as SecurityCritical or SecuritySafeCritical. Unfortunately, all code running in the medium trust is considered to be SecurityTransparent, and you get an exception. Again, it feels like that sort of scoping issue would be caught by the compiler... but no luck. Your application suddenly becomes hit by a bunch of runtime issues. Another example of how things can go wrong with CAS can be found in the LLBLGen support forum - a totally unrelated WinForms designer attribute needing FileIO permissions down the road caused us a lot of pain there.
The best diagnostic utility for this kind of scenarios turns out to be the VS2010 Code Analysis tool with Microsoft Security Rules turned on. It is far from perfect, and we are open to all comments and suggestions on how to make ASP.NET code compatible with medium trust.

Going back and applying everything we've learned to MonoX, we have realized that a standard medium trust environment is simply too restrictive for all functionality it offers. Note that even a simple scenario that uses any of the LINQ-related functionality in ASP.NET requires elevation of reflection permissions. Therefore, it is not a big wonder that MonoX needs reflection (for Web part enumeration and loading, accessing Web part framework internal methods, ...), serialization (for ViewState optimization) and Web permissions (for contacting third party services, including anti-spam sites and Amazon S3). We have put together a customized medium trust configuration file that can either be used as is, or in communication with your Web hosting support staff. You can locate it in the root of the MonoX installation folder, and is aptly named web_mediumtrust.monox.config. It is essentially a copy of the standard web_mediumtrust.config file from the .NET configuration folder, but with three key differences:

<IPermission class="SecurityPermission" version="1" Flags="Assertion, SerializationFormatter, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"/>
<IPermission class="WebPermission" version="1" Unrestricted="true">
<IPermission class="ReflectionPermission" version="1" Unrestricted="true"/>

You can test your MonoX-based applications in medium trust by changing the trust level setting in the web.config file and switching the default level (Full) to this:

<trust level="MediumMonoX"...

Setting trust level in this fashion will probably not be possible in the live hosting environment, since most hosting companies do not allow users to override their default settings. In any case, you will be able to communicate your requirements efficiently by mentioning the security requirements for MonoX based on the configuration settings listed above.

If all of this sounds too complicated, note that many of the high-profile shared hosting providers offer full trust ASP.NET environments at bargain prices. More details can be found in our hosting review article series.

Rated 5.00, 3 vote(s). 
By Hassan
I am attempting to install Monox on a Godaddy virtual dedicated server. Unfortunately, I am running into problem with this exception: [SecurityException: That assembly does not allow partially trusted callers.]. I have the ability to change the trust on machine web.config file, but I haven't. What should be my next step in trying to resolve this exception?
As far as we know, GoDaddy is one of the hosters with very restrictive policy for their shared hosts. Changing settings in your web.config file does not help, as their global settings will override it. We can only suggest switching to another shared hosting provider with more reasonable policy (Arvixe, DiscountAspNet, ... - most of them are even less expensive). Please check out the previous posts on our experiences with various hosting providers.
By Tollah
I have a dedicated virtual server which is not quite the same as their share host. Does that not make a difference? Assuming I have all complete access, where would I make the changes to override the permission to override partial trust callers issue? I will take a look at the other guys.
I was not aware of it, all kinds of dedicated servers (including the virtual ones) should work without problems. Could we move this discussion to our support forum so we could diagnose it?
By Tollah
I opened a post in the support section. Thanks.
Hi Denis,

Thank you for the article.

I am hosting a MonoX site in a shared hosting environment and I am having the same issues. My hosting company uses WebsitePanel as their hosting software

Have you come across any methods to resolve hosting in this sort of environment?

Any help would be greatly appreciated.
You need to be able to set the trust-related settings as described here, there is no way around it.