Dave's Tech Shop

if your tech is broken, bring it in for repairs

My Links

Post Categories

Archives

Blog Stats

Custom Trust Level For Community Server

Community Server 2.1 (including SP1) will not quite run in Medium Trust. I have found that it needs WebPermissions or the Feed Reader doesn't work correctly. See Community Server Feed Reader Fails in Medium Trust Level. And I have found that it requires ReflectionPermissions because of code in Global Application_End. If  ReflectionPermissions are not granted, you'll see exceptions like this in the Windows Event Viewer (Application section).

This post proposes a solution if you have access to the following folder on your server:
%windir%\Microsoft.NET\Framework\{version}\CONFIG\

By default, this location is C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG

Here are the steps:
  1. Modify your machine-level web.config file:
    1. If you have not changed your machine-level web.config file, simply copy my version (included in the download as web.config) over your existing web.config file in %windir%\Microsoft.NET\Framework\{version}\CONFIG\
    2. Or, if you have customized your machine-level web.config file, simply add the following element to the <securityPolicy> element near the top of the file:
      <trustLevel name="MediumTrustPlusForCS" policyFile="web_mediumTrustPlusForCS.config" />
  2. Copy web_mediumTrustPlusForCS.config into this same folder (%windir%\Microsoft.NET\Framework\{version}\CONFIG\).
  3. Open the web.config file in your CommunityServer Web folder and change the trust element as follows:
        <trust level="MediumTrustPlusForCS" originUrl="" />
Here is the download:
MediumTrustPlusForCS.zip

It includes:
  • web_mediumTrustPlusForCS.config - the new trust-level policy file
  • web.config - the machine-level web.config that goes in %windir%\Microsoft.NET\Framework\{version}\CONFIG\
I added the following permissions to the standard Medium Trust level:
  • WebPermissions (for web services - required for CS Feed Reader)
  • ReflectionPermissions (for reflection access to non-visible members - required to prevent application_end exception)
  • SocketPermissions (required only for some custom code I'm using  -may be required for certain other custom modules)
If you wish, remove SocketPermissions from web_mediumTrustPlusForCS.config unless or until you need it.

Rick Strahl has a nice post on this general topic here with more details.

Print | posted on Sunday, November 12, 2006 11:49 AM

Feedback

No comments posted yet.
Title  
Name  
Url
Comments