Login

Consultor Eletrônico



Kbase P161408: Why does Progress require full trust mode for .NET Open Client applications running under ASP.NET?
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   3/9/2010
Status: Unverified

GOAL:

Why does Progress require full trust mode for .NET Open Client applications running under ASP.NET?

GOAL:

Can .NET Open Client applications run under medium trust mode in ASP.NET?

FACT(s) (Environment):

Windows
OpenEdge 10.x

FIX:

Prior to OpenEdge 10.2B, the .NET Open Client runtime DLL's contained some unmanaged code. Medium trust mode in ASP.NET does not allow the execution of .NET programs that call unmanaged code. That is why (prior to 10.2B) we required full trust mode in ASP.NET.

Starting in 10.2B the unmanaged code has been replaced by 100% .NET managed code so that particular limitation no longer applies. However, medium trust mode removes the ability to use several things which may continue to prevent you from running under medium trust mode. The following list (from Microsoft's documentation) shows what restrictions are in place in medium trust mode:

- OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.

- EventLogPermission is not available. This means you cannot access the Windows event log.

- ReflectionPermission is not available. This means you cannot use reflection.

- RegistryPermission is not available. This means you cannot access the registry.

- WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the <trust> element.

- FileIOPermission is restricted. This means that you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append and PathDiscovery permissions for your application's virtual directory hierarchy.

- You are also prevented from calling unmanaged code or from using Enterprise Services.

If you are using 10.2B or later it is still possible that your .NET Open Client code may conflict with some of these restrictions. For example, you may need to modify the <trust> element and add the IP addresses of your NameServers and AppServers in order to be able to access them.

The best thing to do is to deploy your application using medium trust mode then run a full QA test cycle to ensure that any permissions issues are found and dealt with.