search

terrajobst / nquery

NQuery is a relational query engine written in C#. It allows you to execute a SELECT query against .NET objects.
MIT License
72 stars 20 forks source link

Security Exception #18

Open terrajobst opened 9 years ago

terrajobst commented 9 years ago

Ported from CodePlex

When I try to use NQuery in my local server it works fine but when I upload it to my hosting provider then it doesn't work and it show the Error Message below:

Note: I created a web site with VB language.

Can some help me?

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

  1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

    <%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:

[SecurityException: That assembly does not allow partially trusted callers.] ArticleTree.BlogSearch.GetBlogListing() +0 ArticleTree.BlogSearch.Page_Load(Object sender, EventArgs e) +320 System.Web.UI.Control.OnLoad(EventArgs e) +99 System.Web.UI.Control.LoadRecursive() +47 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154 System.Web.UI.Page.ProcessRequest() +86 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18 System.Web.UI.Page.ProcessRequest(HttpContext context) +49 ASP.search_blogsearch_aspx.ProcessRequest(HttpContext context) +29 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

terrajobst commented 9 years ago

The security exception is caused by NQuery because it does not specify the assembly attribute AllowPartiallyTrustedCallers. Unfortunately, just applying this attribute does not solve the actual problem. In order to improve performance of expression evaluation NQuery uses .NET lightweight code generation (LCG) to emit MSIL at runtime. To make this work with websites you will need at least a trust level of "High" (which is not an option at all).

At the moment I see to possible ways to circumvent this problem:

  1. Place NQuery in the global assembly cache (GAC). In this case NQuery will have implicitly full-trust. NQuery will assert the needed permissions to allow you to run your web application with any trust level.
  2. If NQuery does not have the permission ReflectionPermissionFlag.ReflectionEmit it is possible to use interpreted expressions. In some scenarios this can be much slower but at least it would work.

Please allow me to ask you a few questions:

  1. Is placing NQuery in the GAC an option for you?- How much data needs to be processed by NQuery?
  2. Are you using a lot of queries with nested SELECTS etc?

Answering these questions will help me to decide how to support web site scenarios. Thank you.