Quick Fix for Medium Trust
- Rename Web.config file to Web.fulltrust.config
- Rename Web.mediumtrust.config to Web.config
- Delete Janrain.OpenId.dll from the /bin folder
- Make sure and visit your /Setup/Default.aspx page, it should tell you a setting you need to add to Web.config for the search engine to get around a medium trust issue.
That should get you up and running in most cases. If you want to learn more about the issues of Trust Level read on.
It is probably a good thing that more and more hosting providers are enforcing a medium trust policy on the .NET web apps running on their servers. This does pose challenges for development of some features that need permission to do things in order to support their feature set but with cooperation from hosting companies we can usually still get the full functionality if they are willing to install libraries that they do trust in the GAC.
A good example in mojoPortal is the use of NeatUpload. NeatUpload (like all ASP.NET upload components) needs the UnmanagedCode SecurityPermission to access the current HttpWorkerRequest, but if installed in the GAC can asssert this permission. You'll also need to either create app_data\NeatUpload_Temp in your app root and make it writable, or explictly specify a different directory using the tempDirectory attribute of the NeatUpload element.
To configure mojoPortal to run in Medium trust you have several issues to consider and several options.
If you can get your host to install NeatUpload that is best, but it can be disabled by commenting out all references to it in the Web.config file and it will gracefully degrade to normal upload functionality. If NeatUpload is in the GAC there are several other web.config settings needed. These are commented in the Web.config file with instructions. I have tested the next version of NeatUpload in the GAC and it does work in Medium trust. You can download this version from here, or visit the NeatUpload site to check for the newest version. You'll want a compiled version, signed with a strong name key so you can install it in the GAC (Global Assembly Cache) which is why you need to download it from the NeatUplaod site. The version included in mojoPortal is not signed and therefore can't be installed in the GAC.
You won't be able to use 3rd Party WebParts in Medium Trust unless they also are installed in the GAC. As of now I don't know of any 3rd Party ASP.NET WebParts in the wild. All I see is Sharpoint "WebParts" which are not the same thing. So probably not much impact there.
The MS SQL ADO.NET Provider is usually already available in the GAC. The MySQL Connector or the npgsql driver for PostgreSQL would also need to be installed in the GAC to work. You would need to download the version signed with a strong name key from the MySQL site here: http://dev.mysql.com/downloads/connector/net/1.0.html or if using PostgreSQL, the npgsql driver from here: http://pgfoundry.org/projects/npgsql because the versions included with mojoPortal are not signed with a strong name key and therefore cannot be installed in the GAC.
In Medium trust there is also a special Web.config setting needed for the Lucene.Net Search engine used by the site. You must uncomment this setting in web.config
add key="Lucene.Net.lockdir" value="c:\__joe\mojodev\Web\Data\Sites\1\index"
and for the value enter the physical path that maps to the Web/Data/Sites/1/index folder beneath your web site.
In a Medium trust installation it is best to not run multiple sites from one installation of mojoPortal because this search feature would not be site specific and may not work.
Another issue to be aware of when running mojoPortal under Medium trust has to do with the skinning. Because mojoPortal is capable of supporting multiple web sites using a single installation (though not under Medium trust) we store the skin files in a site specific folder under Data/Sites[SiteID]/skins/ to keep them separate between the different sites that may be running. To do this we use a custom VirtualPathProvider that directs requests for the skin files to this location even though the runtime "thinks" it is getting these files from App_Themes/Default. The VirtualPathProvider will fail gracefully if there is a security exception caused by Medium trust but you will need to copy your skin files into the App_Themes/Default folder for whichever skin you are using. This makes it s little inconvenient to change skins but this is what is needed under Medium trust.
Another feature that does not work in Medium Trust is the Open ID authentication. If your site is hosted in Medium trust you need to set EnableOpenIDAuthentication = false in Web.config and delete Janrain.OpenId.dll from the bin folder. You will also need to open the /Secure/Login.aspx page with a text editor and cut out this part:
<portal:OpenIDLoginControl id="oidLogin" runat="server"></portal:OpenIDLoginControl>
Related Developer Resources:
Using Code Access Security in ASP.NET
How To Use Code Access Security to Constrain an Assembly
Enabling WePermission in Medium Trust
Medium Trust ASP.NET Applications
Last Updated 2008-01-24