Custom Trust Level For Community Server

Community Server 2.1 (including SP1) will not quite run in Medium Trust. I have found that it needs WebPermissions or the Feed Reader doesn't work correctly. See Community Server Feed Reader Fails in Medium Trust Level. And I have found that it requires ReflectionPermissions because of code in Global Application_End. If  ReflectionPermissions are not granted, you'll see exceptions like this in the Windows Event Viewer (Application section).

This post proposes a solution if you have access to the following folder on your server:
%windir%\Microsoft.NET\Framework\{version}\CONFIG\

By default, this location is C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG

Here are the steps:

  1. Modify your machine-level web.config file:
    1. If you have not changed your machine-level web.config file, simply copy my version (included in the download as web.config) over your existing web.config file in %windir%\Microsoft.NET\Framework\{version}\CONFIG\
    2. Or, if you have customized your machine-level web.config file, simply add the following element to the element near the top of the file:
      <trustLevel name="MediumTrustPlusForCS" policyFile="web_mediumTrustPlusForCS.config" />
  2. Copy web_mediumTrustPlusForCS.config into this same folder (%windir%\Microsoft.NET\Framework\{version}\CONFIG\).
  3. Open the web.config file in your CommunityServer Web folder and change the trust element as follows:
    <trust level="MediumTrustPlusForCS" originUrl="" />
       

Here is the download:
MediumTrustPlusForCS.zip

It includes:

  • web_mediumTrustPlusForCS.config - the new trust-level policy file
  • web.config - the machine-level web.config that goes in %windir%\Microsoft.NET\Framework\{version}\CONFIG\

I added the following permissions to the standard Medium Trust level:

  • WebPermissions (for web services - required for CS Feed Reader)
  • ReflectionPermissions (for reflection access to non-visible members - required to prevent application_end exception)
  • SocketPermissions (required only for some custom code I'm using  -may be required for certain other custom modules)

If you wish, remove SocketPermissions from web_mediumTrustPlusForCS.config unless or until you need it.

Rick Strahl has a nice post on this general topic here with more details.