Build 1098 ASP.NET binary not working under medium trust

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Unzip attached project.  Drop ASP.NET binaries released in build 1098 
in Bin directory.
2. Bring up web site in browser.
3. On the page, in the text box, enter a google calendar account that 
allows for public access.  Hit enter.

What is the expected output? What do you see instead?
The code is supposed to fetch events and highlight in calendar dates that 
contain events.  Application works as expected without specifying medium 
trust.  When medium trust is specified (in web.config) SecurityException 
was (believed to be) thrown in AtomFeedParser.Parse().  It is thought that 
ASP.NET binaries are compiled marked with APTCA and would work in medium 
trust environment.

What version of the product are you using? On what operating system?
OS:  Microsoft Vista Home Premium
IDE: Visual Web Developer (with ASP.NET Development Server)
LIB: GData build 1098

Please provide any additional information below.

Original issue reported on code.google.com by szekit...@gmail.com on 6 Jun 2007 at 12:46

Attachments:

• GoogleCalendar.zip

[GoogleCodeExporter]

Original comment by fman...@gmail.com on 11 Jun 2007 at 10:41

• Changed state: Accepted
• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Found the issue and the fix :))

The exception occurs in -  
file : atomfeed.cs
method :public void Parse(Stream stream, AlternativeFormat format) 
line : feedParser.Parse(stream, this);

Cause : internal class  internal class DecodingTextReader in utilities.cs

Fix :
comment the line below in atomfeedparser.cs - parse method 
XmlReader reader = new DecodingTextReader(streamInput, 
this.nameTable.Nametable);
replace with 
XmlReader reader = new XmlTextReader(streamInput, this.nameTable.Nametable);

The code start working.  This is a short term fix.  However, the real fix 
should be 
changing the internal utilities class and the base class it derives from to 
allow to 
work under medium trust.

Cheers
Usha

Original comment by askku...@gmail.com on 7 Jul 2007 at 12:12

[GoogleCodeExporter]

Would love to do the same.
But I really do not understand this library, hwre is the sln solution file 
???????

Original comment by laurent....@gmail.com on 7 Jul 2007 at 2:15

[GoogleCodeExporter]

Why medium trust causes errors: Medium trust does not support "reflection".  
Please 
limit or provide alternatives while using reflection in the sdk.

Thanks
Usha

Original comment by askku...@gmail.com on 11 Jul 2007 at 5:51

[GoogleCodeExporter]

Hi askkushi, can you send me the fixed dll, I have no way to fix it as there is 
no 
solution file for 2005, my email: laurent.duveau _at_ gmail
thanks!

Original comment by laurent....@gmail.com on 14 Jul 2007 at 4:06

[GoogleCodeExporter]

Hi Laurent

I am unable to create a dll file since i do not have the complete solution 
settings 
for the goodle code.  But here is an easier way for you to get this to work.

code all .cs code from the 1099 zip -
1. gdata[1].net.1099\root\clients\cs\src\gbase
2. gdata[1].net.1099\root\clients\cs\src\core

into your project.  Change all references to google.... library to your project 
name. 

comment the line below in atomfeedparser.cs (found in core) - parse method 
XmlReader reader = new DecodingTextReader(streamInput, 
this.nameTable.Nametable);
replace with 
XmlReader reader = new XmlTextReader(streamInput, this.nameTable.Nametable);

Compile your project.

If i compile the project with my solution settings, then it might get difficult 
for 
you to upgrade in future.  If you do as indicated above, you can copy the cs in 
the 
future upgrades from google and upgrade your project.

Please let me know if i am unclear in my explanation.

FMantek - Can you please help?  Can we have the solution file for the project? 
This 
could help us compile changes and distribute in future. 

Thanks for bringing this up Laurent, very valid request for solution file.

Regards
Usha

Original comment by askku...@gmail.com on 16 Jul 2007 at 2:30

[GoogleCodeExporter]

The solution files are part of the download. Fixing this in general is still on 
the
radar, i am just swamped right now

Original comment by fman...@gmail.com on 3 Aug 2007 at 1:12

• Added labels: Client-CSharp

[GoogleCodeExporter]

hi folks,

I've been investigating the issue, and my SecuriyException occurs well before 
the
parsing of the gdata feed. In fact, I had one at WebRequest.Create() (fixed by
modifying web.config), and another one when trying to access 
NetworkCredentials.Password.

I'll try to reproduce the problem with your solution.

Original comment by siwu...@gmail.com on 17 Aug 2007 at 6:48

[GoogleCodeExporter]

Thank you Siwuzzz

You are right - I did face the ones you are currently talking about.  I 
recompiled 
the code within my solution and did not face the webrequest.create issue (but 
would 
love to know the change in web.config you did), regarding the second issue - I 
hardcoded my password for networkcredential in code using appsettings! in 
gauthrequest.cs - Ensurecredentials() - I replaced 
NetworkCredential nc = this.Credentials as NetworkCredential;
with
NetworkCredential nc = new 
NetworkCredential(ConfigurationManager.AppSettings.Get
("username"), ConfigurationManager.AppSettings.Get("password"), "");
and was able to get over this issue!
Thanks for the update and pls let me know if i was not clear.
Usha

Original comment by askku...@gmail.com on 18 Aug 2007 at 1:34

[GoogleCodeExporter]

I am a bit confused. I am trying to reproduce this issue. So i hacked the code 
in
gauthrequest to just hardcode my username/credentials, and that get's me over 
the
point to actually receive the stream from the calendar service. 

But then i get a security violation in Atomfeedparser.cs when 
feedparser.parse() is
called.

I have to admit, i just don't get code access security. Not the concepts, i
understand that, but the error messages are so cryptic, that i am lost. I am in 
a
DLL, i call to the web, and then i call another method IN THAT DLL, and see 
that in
disassemlby on the call to the method, i die....

Any hints? i must be missing something here

Original comment by fman...@gmail.com on 28 Aug 2007 at 1:55

[GoogleCodeExporter]

Earlier in this thread I had mentioned about this security violation. Here it 
is 
again

The exception occurs in - 
file : atomfeed.cs 
method :public void Parse(Stream stream, AlternativeFormat format) 
line : feedParser.Parse(stream, this); 
Cause : internal class  internal class DecodingTextReader in utilities.cs 
Fix : 
comment the line below in atomfeedparser.cs - parse method 
XmlReader reader = new DecodingTextReader(streamInput, 
this.nameTable.Nametable); 
replace with 
XmlReader reader = new XmlTextReader(streamInput, this.nameTable.Nametable); 

The code starts working.  This is a short term fix.  However, the real fix 
should be 
changing the internal utilities class and the base class it derives from to 
allow to 
work under medium trust. 

Please let me know if you need more info.

Cheers 
Usha 

Original comment by askku...@gmail.com on 30 Aug 2007 at 1:27

[GoogleCodeExporter]

Ok, i give in. HOW did you figure out that this is the cause? is there a 
compiler
setting or a tool i did overlook? I just get a meaningless runtime exception 
with no
additional information. 

I never had to deal with that issue before, and even after researching this, i 
don't
find tools to give me a handle on how to narrow this problem down. So a hint 
would be
appreaciated.

Original comment by fman...@gmail.com on 30 Aug 2007 at 8:00

[GoogleCodeExporter]

If you add this line in the web.config, all the following issues occur:
  <system.web> <trust level="Medium" originUrl=".*"/> ...... </system.web>

1. The exception occurs in -  
file : atomfeed.cs
method :public void Parse(Stream stream, AlternativeFormat format) 
line : feedParser.Parse(stream, this);
HOW to debug : If you step through the code and comment the line as indicated 
above 
it works. Hence to step in further, I did not type cast the decoding text 
reader and 
generalized the cast to xmltextreader and it worked
What i did:
comment the line below in atomfeedparser.cs (found in core) - parse method 
XmlReader reader = new DecodingTextReader(streamInput, 
this.nameTable.Nametable);
replace with 
XmlReader reader = new XmlTextReader(streamInput, this.nameTable.Nametable);

2. When i had to supply userid and password, i got another exception (only in 
medium 
trust).gauthrequest.cs - Ensurecredentials() 
I hardcoded my userid and password in gauthrequest.cs and it worked hence 
adopted 
the following to keep the uid password outside google code. This may be becuase 
this.credentials is not allowed under medium trust.
NetworkCredential nc = this.Credentials as NetworkCredential;
with
NetworkCredential nc = new 
NetworkCredential(ConfigurationManager.AppSettings.Get
("username"), ConfigurationManager.AppSettings.Get("password"), "");

Did i help?  

Regards
Usha
administrator
http://realestate.marketwatch101.com

Original comment by askku...@gmail.com on 31 Aug 2007 at 4:33

[GoogleCodeExporter]

Gdata binaries: Build 1099 (Downloaded Aug 29, 2007)
Development Environment: Vista + Visual Studio 2005
Production Environment: Windows Server 2003 + IIS 6

I have a ASP.NET 2.0 project. I have a problem with calendar services on my 
Vista+VS 
2005 development environment and also on my shared host with Godaddy.  I'm 
going to 
add a new entry to my calendar. But the moment I instantiate the 
CalendarService 
class or any of the other classes in Gdata package and its sub-packages I get 
the 
same exception messages as mentioned above, ie:

SecurityException: That assembly does not allow partially trusted callers.]

Original comment by roozbe...@gmail.com on 1 Sep 2007 at 1:25

[GoogleCodeExporter]

I host with godaddy too. http://realestate.marketwatch101.com
I had the same issues with base.  Instead of using the dll, add the source to 
your 
project and build.  You might have to do a couple of other fixes as mentioned 
in 
this thread, but you can get it to work at godaddy! I have the same environment 
as 
you do.

Original comment by askku...@gmail.com on 1 Sep 2007 at 2:20

[GoogleCodeExporter]

Thanks askkushi.
Would you tell me which classes should be added to my project before I can get 
it 
work?

Original comment by roozbe...@gmail.com on 1 Sep 2007 at 4:08

[GoogleCodeExporter]

I am using realestate items. Hence i added all source code under projects - 
core and 
gbase. You will have to find what dll's from google you will be using and will 
have 
to include all the source code for these projects. 
*Note: one downside for this method - everytime google publishes new code / dll 
you 
will have to recompile if you will be using new features
Good luck
Usha

Original comment by askku...@gmail.com on 2 Sep 2007 at 1:24

[GoogleCodeExporter]

I checked in new binaries into the Subversion repository. Grab them from the 
lib/asp
directory, they should have version 1.9.0.10. There are some required code 
changes
regarding auth, please check the release notes. They work fine in my test 
setups, i
hope they solve this issue. Please test and verify

Original comment by fman...@gmail.com on 3 Sep 2007 at 2:33

[GoogleCodeExporter]

Grabbed the files from subversion and everything works great for me, thanks!

Original comment by cbron...@gmail.com on 5 Sep 2007 at 8:28

[GoogleCodeExporter]

Original comment by fman...@gmail.com on 2 Oct 2007 at 3:57

• Changed state: Fixed