Closed GoogleCodeExporter closed 9 years ago
Original comment by haac...@gmail.com
on 3 Aug 2010 at 4:37
I am happy to provide a staging environment in Microsoft VPC format to
developers working on this issue. It is approximately 9GB so you will need a
place for me to upload it.
Original comment by travis.illig
on 3 Aug 2010 at 4:40
Hey, any chance you could put the site in debug mode and put the pdb files
there so we can get line numbers? I'm interested in knowing which line
Subtext.Framework.UI.Skinning.SkinEngine.GetSkinTemplates(Boolean mobile) +897
is failing on
Original comment by haac...@gmail.com
on 3 Aug 2010 at 4:41
I would be happy to if you give me the symbols to put in place. They are not
included in the downloadable zip package.
Original comment by travis.illig
on 3 Aug 2010 at 4:44
I took a deeper look at the stack trace and found a couple problems. The good
news is this shouldn't happen in ASP.NET 4. ;)
The other weird thing is it appears that your code is falling into the
non-medium trust case. In SkinEngine.cs we have a case statement. The code that
appears to be executing is in the following case:
case AspNetHostingPermissionLevel.Unrestricted:
case AspNetHostingPermissionLevel.High:
However, if you're running in Medium trust, you should be falling through to
the default: case, which goes directly to the filesystem.
I have a copy of your VM so I'll try to instrument it and see what's going on
under the hood.
Original comment by haac...@gmail.com
on 3 Aug 2010 at 5:10
I think you're right in where it's failing, but it's failing on getting
SecurityPermission, not AspNetHostingPermission, so maybe there's more than
just AspNetHostingPermission required to do what is being done? (Or maybe it
really is AspNetHostingPermission failing and the error message is misleading.
Code access security is such a pain.)
Original comment by travis.illig
on 3 Aug 2010 at 6:35
It's failing on a call to the getter for HostingEnvironment.ApplicationHost
which has a Security demand for full trust. In .NET 4, this code path wouldn't
call this property.
However, if you're running in a true medium trust, you shouldn't even be going
through the code path that leads to this call in the first place. That's why I
think something is borked about your medium trust settings.
Original comment by haac...@gmail.com
on 3 Aug 2010 at 8:14
My medium trust setup could very well be messed up; hopefully you can see what
it is.
On a larger note, even in .NET 4, I'm betting that hosts don't always run with
exactly the out-of-the-box Medium trust. I know my host is just a tiny more
permissive in certain areas. I wonder if a better practice for future
permission checks/asserts is to check for all of the required permissions
rather than just assuming that if we're set in "medium trust" then it implies
other permissions are available. I'm sure my environment would have failed
those checks and fallen through.
No finger pointing or anything, just something to consider.
(Of course, it's a different permission model altogether in .NET 4 so maybe it
all becomes moot.)
Original comment by travis.illig
on 3 Aug 2010 at 8:21
Created a patch for this issue against the Release2.5 branch so it can be
integrated into an updated build post 2.5.1.20. I will hold off on updating my
production environment until a new release is posted so I can test the new
release in my staging environment.
The root of this issue is that VirtualPathProvider requires more than just
AspNetHostingPermission to function but the test used to determine if VPP
should be used relied solely on AspNetHostingPermission.
It was slightly complicated in that the actual calls using the VPP were inside
LINQ statements which don't actually execute until the IEnumerator actually
gets enumerated (in this case, via a ToDictionary() call).
The patch addresses this by using a try/catch(SecurityException) wrapper around
the entire usage of VPP in the skin engine rather than trying to "sniff" the
trust level using only AspNetHostingPermission.
Original comment by travis.illig
on 18 Oct 2010 at 4:15
Attachments:
Original comment by haac...@gmail.com
on 1 Nov 2010 at 4:05
Fixed in r4136
Original comment by haac...@gmail.com
on 1 Nov 2010 at 4:20
Original comment by haac...@gmail.com
on 1 Nov 2010 at 6:11
Original issue reported on code.google.com by
travis.illig
on 3 Aug 2010 at 4:33