sestocker
commented
12 years ago .NET 4.0 on Rackspace Cloud Sites. I'm assuming medium trust.
Closed sestocker closed 12 years ago
sestocker
commented
12 years ago .NET 4.0 on Rackspace Cloud Sites. I'm assuming medium trust.
sestocker
commented
12 years ago In the Rackspace Cloud Environment, they run in a modified medium trust:
<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ConfigurationPermission" Description="System.Configuration.ConfigurationPermission, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<!-- <SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> -->
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<!-- <SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> -->
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="TypeDescriptorPermission" Description="System.Security.Permissions.TypeDescriptorPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OdbcPermission" Description="System.Data.Odbc.OdbcPermission, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Medium"
/>
<IPermission
class="ConfigurationPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="DnsPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="EnvironmentPermission"
version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"
/>
<IPermission
class="FileIOPermission"
version="1"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>
<IPermission
class="IsolatedStorageFilePermission"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
/>
<!-- <IPermission
class="PrintingPermission"
version="1"
Level="DefaultPrinting"
/> -->
<IPermission
class="ReflectionPermission"
version="1"
Unrestricted="true"
/>
<!-- <IPermission
class="RegistryPermission"
version="1"
Unrestricted="true"
/> -->
<IPermission
class="SecurityPermission"
version="1"
Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
/>
<IPermission
class="SmtpPermission"
version="1"
Access="ConnectToUnrestrictedPort"
/>
<IPermission
class="SocketPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="TypeDescriptorPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="OleDbPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="OdbcPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition
class="AllMembershipCondition"
version="1"
/>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>Based on some feedback from http://blog.willbeattie.net/2009/07/hosting-net-mvc-on-rackspacecloud-cloud.html, I added the following to assemblyinfo.cs:
[assembly: AllowPartiallyTrustedCallers]
This got me past the original error message. I'm now dealing with not being able to write from disk (I can from a page in my app but it seems like third party assemblies cannot).
mwrock
commented
12 years ago Whenever I see "modified" in front of medium trust, a red flag displays in my retina. RequestReduce will run in "normal" medium trust and I have integration tests around that to ensure any new code does not break that. There was another person who had a similar but different issue also hitting the structuremap code who was also in a modified medium trust environment but his issue was clearly related to ReflectionPermission. I also saw that attribute in some research I initially did after your tweet and I'm glad it worked for you.
Regarding the disk writing issue, is RequestReduce not able to write its generated files to disk? Are you using the default directory of ~/RequestReduceContent?
sestocker
commented
12 years ago Yes, using the default. No guarantee this link will work forever, but will at least work for a few days:
http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/RequestReduceContent/Dashboard
Here are the errors:
''' Key: c07c0b13-6f7e-44f0-5d2c-0891843943c2 First errored on: 5/4/2012 7:53:13 AM Last errored on: 5/4/2012 7:53:13 AM Number: 2 Exception #1: There were errors reducing http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/javascripts/modernizr.foundation.js:: Exception #2: Access to the path '\fs3-n02\stor9wc1dfw1\632331\dev.computol.com\web\content\requestreducecontent\c07c0b136f7e44f05d2c0891843943c2-7d179a1a8e4dc8950171d50a22be0531-requestreducedscript.js' is denied. Stack Trace#2: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.IO.File.WriteAllBytes(String path, Byte[] bytes) at RequestReduce.Utilities.FileWrapper.Save(Byte[] content, String fileName) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Utilities\FileWrapper.cs:line 17 at RequestReduce.Store.LocalDiskStore.Save(Byte[] content, String url, String originalUrls) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Store\LocalDiskStore.cs:line 80 at RequestReduce.Reducer.HeadResourceReducerBase`1.Process(Guid key, String urls, String host) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\HeadResourceReducerBase.cs:line 47 at RequestReduce.Module.ReducingQueue.ProcessQueuedItem() in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Module\ReducingQueue.cs:line 162
Key: c98e39c4-811d-601e-f3c0-7e0d1834912d
First errored on: 5/4/2012 7:53:16 AM
Last errored on: 5/4/2012 7:53:16 AM
Number: 2
Exception #1: There were errors reducing http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/stylesheets/foundation.css::http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/stylesheets/app.css::
Exception #2: Access to the path '\fs3-n02\stor9wc1dfw1\632331\dev.computol.com\web\content\requestreducecontent\c98e39c4811d601ef3c07e0d1834912d-5b17474dbb7130ff3a4fde4917404adf.png' is denied.
Stack Trace#2:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.IO.File.WriteAllBytes(String path, Byte[] bytes)
at RequestReduce.Utilities.FileWrapper.Save(Byte[] content, String fileName) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Utilities\FileWrapper.cs:line 17
at RequestReduce.Store.LocalDiskStore.Save(Byte[] content, String url, String originalUrls) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Store\LocalDiskStore.cs:line 80
at RequestReduce.Reducer.SpriteManager.Flush() in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\SpriteManager.cs:line 101
at RequestReduce.Reducer.SpriteManager.Dispose() in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\SpriteManager.cs:line 141
at RequestReduce.Reducer.CssReducer.ProcessResource(Guid key, IEnumerable1 urls, String host) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\CssReducer.cs:line 40 at RequestReduce.Reducer.HeadResourceReducerBase1.Process(Guid key, String urls, String host) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\HeadResourceReducerBase.cs:line 37
at RequestReduce.Module.ReducingQueue.ProcessQueuedItem() in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Module\ReducingQueue.cs:line 162
Key: 732bde25-ef0c-d772-174d-9d686187ef8b First errored on: 5/4/2012 7:53:16 AM Last errored on: 5/4/2012 7:53:16 AM Number: 2 Exception #1: There were errors reducing http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/javascripts/foundation.js::http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/javascripts/jquery.scrollTo.js::http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/javascripts/jquery.nav.min.js::http://dev.computol.com.asp1-3.dfw1-1.websitetestlink.com/javascripts/app.js:: Exception #2: Access to the path '\fs3-n02\stor9wc1dfw1\632331\dev.computol.com\web\content\requestreducecontent\732bde25ef0cd772174d9d686187ef8b-7b58c7c490e1d5187841c77900f87633-requestreducedscript.js' is denied. Stack Trace#2: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.IO.File.WriteAllBytes(String path, Byte[] bytes) at RequestReduce.Utilities.FileWrapper.Save(Byte[] content, String fileName) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Utilities\FileWrapper.cs:line 17 at RequestReduce.Store.LocalDiskStore.Save(Byte[] content, String url, String originalUrls) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Store\LocalDiskStore.cs:line 80 at RequestReduce.Reducer.HeadResourceReducerBase`1.Process(Guid key, String urls, String host) in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Reducer\HeadResourceReducerBase.cs:line 47 at RequestReduce.Module.ReducingQueue.ProcessQueuedItem() in C:\Users\sstocker.COMPUTOL\Desktop\mwrock-RequestReduce-5f5f8fa\RequestReduce\Module\ReducingQueue.cs:line 162 '''
sestocker
commented
12 years ago Is there anything in the modified medium trust file that throws up red flags for you? You have to use impersonation to write to disk - but that seems reasonable enough.
mwrock
commented
12 years ago No. nothing stands out in the file for me. Definitely a perms issue somewhere here. The identity that runs your app pool needs to have FullControl access to your webroot folder.
Inheritance security rules violated while overriding member: 'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.TypeLoadException: Inheritance security rules violated while overriding member: 'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[TypeLoadException: Inheritance security rules violated while overriding member: 'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.] StructureMap.InstanceFactory..ctor(PluginFamily family) in InstanceFactory.cs:55 StructureMap.PipelineGraph.<.ctor>b__3(PluginFamily family) in PipelineGraph.cs:37 StructureMap.StringExtensions.Each(IEnumerable
1 enumerable, Action1 action) in Extensions.cs:12 StructureMap.PipelineGraph..ctor(PluginGraph graph) in PipelineGraph.cs:35 StructureMap.Container.construct(PluginGraph pluginGraph) in Container.cs:569 StructureMap.Container..ctor(PluginGraph pluginGraph) in Container.cs:55 RequestReduce.IOC.RRContainer.InitContainer() in RRContainer.cs:25 RequestReduce.IOC.RRContainer..cctor() in RRContainer.cs:20[TypeInitializationException: The type initializer for 'RequestReduce.IOC.RRContainer' threw an exception.] RequestReduce.IOC.RRContainer.get_Current() in RRContainer.cs:125 RequestReduce.Module.RequestReduceModule.IsInRRContentDirectory(HttpContextBase httpContextWrapper) in RequestReduceModule.cs:286 RequestReduce.Module.RequestReduceModule.HandleRRContent(HttpContextBase httpContextWrapper) in RequestReduceModule.cs:242 RequestReduce.Module.RequestReduceModule.b__2(Object sender, EventArgs e) in RequestReduceModule.cs:26
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75