terrajobst/nquery

Security Exception

Opened this issue · 1 comments

terrajobst commented

Ported from CodePlex

When I try to use NQuery in my local server it works fine but when I upload it to my hosting provider then it doesn't work and it show the Error Message below:

Note: I created a web site with VB language.

Can some help me?

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

  1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

    <%@ Page Language="C#" Debug="true" %>

or:

  1. Add the following section to the configuration file of your application:

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:

[SecurityException: That assembly does not allow partially trusted callers.]
ArticleTree.BlogSearch.GetBlogListing() +0
ArticleTree.BlogSearch.Page_Load(Object sender, EventArgs e) +320
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.search_blogsearch_aspx.ProcessRequest(HttpContext context) +29
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

terrajobst commented

The security exception is caused by NQuery because it does not specify the assembly attribute AllowPartiallyTrustedCallers. Unfortunately, just applying this attribute does not solve the actual problem. In order to improve performance of expression evaluation NQuery uses .NET lightweight code generation (LCG) to emit MSIL at runtime. To make this work with websites you will need at least a trust level of "High" (which is not an option at all).

At the moment I see to possible ways to circumvent this problem:

  1. Place NQuery in the global assembly cache (GAC). In this case NQuery will have implicitly full-trust. NQuery will assert the needed permissions to allow you to run your web application with any trust level.
  2. If NQuery does not have the permission ReflectionPermissionFlag.ReflectionEmit it is possible to use interpreted expressions. In some scenarios this can be much slower but at least it would work.

Please allow me to ask you a few questions:

  1. Is placing NQuery in the GAC an option for you?- How much data needs to be processed by NQuery?
  2. Are you using a lot of queries with nested SELECTS etc?

Answering these questions will help me to decide how to support web site scenarios. Thank you.