C# Driver
  1. C# Driver
  2. CSHARP-348

Test the driver in a Medium Trust environment

    Details

    • Type: Improvement Improvement
    • Status: Resolved Resolved
    • Priority: Minor - P4 Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 1.3
    • Fix Version/s: 1.5
    • Component/s: None
    • Labels:
      None
    • # Replies:
      6
    • Last comment by Customer:
      true

      Description

      Test the driver in a Medium Trust environment.

      At the very least the type initializer for ObjectId apparently fails under Medium Trust. There may be other issues as well.

      Note: we may end up determining that we won't support the driver in a Medium Trust environment. A final determination will be made when more information is available.

        Activity

        Hide
        David Baxter
        added a comment -

        By not working in a medium trust environment you are basically killing the ability to use mongodb for c# in any shared hosting setting.

        Considering a large portion of developers at least start in a shared environment, I would hope this gets bumped up to a higher priority.

        As for my project, I have to go back to using another driver until this is fixed even though I would prefer to the official driver.

        Show
        David Baxter
        added a comment - By not working in a medium trust environment you are basically killing the ability to use mongodb for c# in any shared hosting setting. Considering a large portion of developers at least start in a shared environment, I would hope this gets bumped up to a higher priority. As for my project, I have to go back to using another driver until this is fixed even though I would prefer to the official driver.
        Hide
        Robert Stam
        added a comment -

        From my research so far apparently "medium trust" is a bit of an undefined term. It basically means less than full trust, but exactly which permissions are taken away depend on settings controlled by the provider.

        Any recommendations on how to determine exactly what medium trust means?

        Anyone know how to run NUnit tests under medium trust? That would be by far the easiest way to get decent code coverage under medium trust, since there are no compiler errors related to medium trust, only runtime errors.

        I also want to mention that we do lots of things that are apparently not allowed under medium trust (reflection, IL code generation, compiling lambdas, etc...) so there's a pretty high probability that we are not going to support medium trust.

        Note also that Azure now runs all web applications under full trust. They found that too many things just don't work under medium trust and it was causing too many support issues.

        Show
        Robert Stam
        added a comment - From my research so far apparently "medium trust" is a bit of an undefined term. It basically means less than full trust, but exactly which permissions are taken away depend on settings controlled by the provider. Any recommendations on how to determine exactly what medium trust means? Anyone know how to run NUnit tests under medium trust? That would be by far the easiest way to get decent code coverage under medium trust, since there are no compiler errors related to medium trust, only runtime errors. I also want to mention that we do lots of things that are apparently not allowed under medium trust (reflection, IL code generation, compiling lambdas, etc...) so there's a pretty high probability that we are not going to support medium trust. Note also that Azure now runs all web applications under full trust. They found that too many things just don't work under medium trust and it was causing too many support issues.
        Hide
        Daniel Sinclair
        added a comment -

        Medium trust doesn't mean a custom trust level. They are well defined, although may vary by version. There's a definition of Partial Trust for Azure for instance.

        Show
        Daniel Sinclair
        added a comment - Medium trust doesn't mean a custom trust level. They are well defined, although may vary by version. There's a definition of Partial Trust for Azure for instance.
        Hide
        Robert Stam
        added a comment -

        Can you provide links to where medium trust is well defined?

        Show
        Robert Stam
        added a comment - Can you provide links to where medium trust is well defined?
        Hide
        Craig Wilson
        added a comment -

        There are 2 issues that prevent the driver from working in ASP.NET Medium trust and Azure Partial Trust.
        1) The static ObjectId constructor calls Process.GetCurrentProcess().Id. This requires FullTrust period. There doesn't seem to be anyway to create a "custom" trust config to enable this. However, it is possible to simply not use ObjectId's in your classes and use some other type for a document's identifier (Guid, int, etc...).

        2) Communication with MongoDB occurs over a TCP socket which, in our case, appears to require unrestricted permissions. You can create a custom trust config to enable this by appling the following to a copy of web_mediumtrust.config.

        • Add <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
        • Add <IPermission class="SocketPermission" version="1" Unrestricted="true"/>

        In addition, the driver will need to include the [AllowPartiallyTrustedCallers] attributes into our assemblies.

        Show
        Craig Wilson
        added a comment - There are 2 issues that prevent the driver from working in ASP.NET Medium trust and Azure Partial Trust. 1) The static ObjectId constructor calls Process.GetCurrentProcess().Id. This requires FullTrust period. There doesn't seem to be anyway to create a "custom" trust config to enable this. However, it is possible to simply not use ObjectId's in your classes and use some other type for a document's identifier (Guid, int, etc...). 2) Communication with MongoDB occurs over a TCP socket which, in our case, appears to require unrestricted permissions. You can create a custom trust config to enable this by appling the following to a copy of web_mediumtrust.config. Add <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> Add <IPermission class="SocketPermission" version="1" Unrestricted="true"/> In addition, the driver will need to include the [AllowPartiallyTrustedCallers] attributes into our assemblies.
        Hide
        Craig Wilson
        added a comment -

        These changes will be available in the next release, version 1.5.

        Notes:
        1) Because of our need to have a Tcp Socket opened for connection to the mongodb server, it is impossible to run in default ASP.NET Medium Trust. If modifying the trust level slightly is permissible, you can do what the previous comment says related to adding unrestricted socket permissions. In reality, you don't need unrestricted, but rather a smaller subset related to only outgoing socket creation and only the Tcp Protocol. For this, you would also need to specify the allowable hosts and ports.
        2) This should work without any modification in Azure Partial Trust. However, Azure is configured to run in FullTrust unless you specify it to run more securely.

        Show
        Craig Wilson
        added a comment - These changes will be available in the next release, version 1.5. Notes: 1) Because of our need to have a Tcp Socket opened for connection to the mongodb server, it is impossible to run in default ASP.NET Medium Trust. If modifying the trust level slightly is permissible, you can do what the previous comment says related to adding unrestricted socket permissions. In reality, you don't need unrestricted, but rather a smaller subset related to only outgoing socket creation and only the Tcp Protocol. For this, you would also need to specify the allowable hosts and ports. 2) This should work without any modification in Azure Partial Trust. However, Azure is configured to run in FullTrust unless you specify it to run more securely.

          People

          • Votes:
            2 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since reply:
              1 year, 43 weeks, 6 days ago
              Date of 1st Reply: