 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / December 2006ASP.NET Medium Trust Level, and passing mixed parameters to C# functions
Hi, how do you allow strongly type cast parameters to be passed to C# functions that use weakly type cast parameters while running under the "Medium" Trust Level security policy shipped with the ASP.NET 1.1 framework? I've written a general error reporting routine that formats and returns error messages for various exceptions. The routine accepts a System.Object which it then typecasts into the correct exception object using the object's name property. When I run this under the "Full" Trust Level security policy, the routine works and no errors are reported. When I run this under the "Medium" Trust Level security policy on our shared webhosting provider, the routine fails to compile because the .NET code verifier flags all the calls to this error routine as "unsafe", because the data types of the expected and passed parameters do not match. The actual error reported is "System.Security.VerificationException: Operation could destabilize the runtime". The problem line in the stack trace points to the function definition line for rptError that contains the expected System.Object parameter. The shared webhosting provider has not modified the "Medium" Trust Level security policy, and has used it "as-is" from the .NET 1.1 framework. Sample code of the call and function appears below: try{ ... arbitrary code that may throw an exception ... }catch (Exception e){ result = rptError((System.Object) e); } public System.String rptError(System.Object objError) { string result=""; switch(objError.GetType().Name) { case "Exception": Exception e=(FormatException)objError; result = "exception: " + Environment.NewLine + e.Message + Environment.NewLine + e.Source + Environment.NewLine + e.StackTrace; break; } return(result); } Can anyone see what is going wrong here? Andy Here's what I found out: Medium Trust is a default security policy Microsoft ships with its .NET framework that is intentionally designed to protect shared web hosting service providers. The design allows such providers to be confident that clients cannot defeat their security and drop themselves out of any imposed settings or constraints. Part of this trust policy is meant to prevent buffer over-run attacks (a common hacking technique used to load executible code into unused memory by passing more data into a variable than the variable can hold). It enforces code verification and type checking to ensure that only well-defined fixed length parameter passing occurs between functions. The policy also prevents an application from having a mechanisim to access external resources such as webservices since internal resources on the providers LAN can also be on the same backbone that their hosting service is. The URI parameter on the <trust> tag actually takes a regular expression which is used to match the description of any piece of equipment or webservice on a network, and passing the regular expression ".*" could give access to anything (internal printers, hard drives, etc). This problem isn't really a bug with the Medium Trust Policy, as much as it is really an indication that the web application was deployed on the wrong type of web hosting service architecture. Most often, people choose shared hosting because it is a less costly alternative to paying for a dedicated server hosting service. In between these two extremes is Virtual Personal Server (VPS) hosting where you get the advantages of full administrative rights to what appears to be a physical dedicated server while enjoying the cost advantages gained from a shared hosting enviromnent. VPS hosting services allow full admin rights because each account runs in its own emulated server, and it is the server emulations that run in a shared environment (rather than the end-user programs that are now running within the server emulations). In effect, each VPS server is a sandbox for its account, and each account user cannot administer somebody else's emulated server. This is different from a shared hosting service where user code awaits to be run on demand within a single gigantic shared resource environment. VPS has been available for UNIX based hosting for more than 10 years. But, only recently has VPS started to become available for Windows hosting environments. Although a VPS server can be a software emulation of a pentium class computer, it is usually a physical server that is assigned to a fixed handful of customers. The processor time on the server is time sliced across the clients, and the drive space is partitioned with real harddrive partitions. Most VPS servers are always running, so there aren't usually any timeout restrictions impossed on the user accounts. With todays RAID technology, and multi-processor servers, a lot of customers can share the cost of a single dedicated physical server bringing the price point for VPS very close to what plain shared hosting offers. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.