I am cleaning up my localization provider code for my presentation tomorrow at PADNUG (uh, today I guess <g>) and while I'm at it checking for proper operation in medium trust. This is the sort of thing I should be doing right from the start - start with Medium trust and then fix things as they come up. There are few problems here and there and It's a real bitch to find some of the problems later on because security exceptions have a way of reporting errors up the chain where it's hard to exactly see where the error originated.
So one thing that blew up immediately is that I'm using a custom configuration section. By default configuration settings are not accessible in medium trust. Hmmm... if you actually define a custom configuration section in web.config WTF would you ever NOT want to access it and restrict access to it? This really seems an odd default.
Now the actual exception that shows up in ASP.NET in the yellow screen of death is not really conducive to fixing the problem:
System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
along with a stack trace that doesn't have any user code lines or ASP.NET level code... The only way to trace this back then is to actually run the debugger. Maybe that could be improved somehow. Certainly optionally seeing the innerException might be handy in the page.
However, I was PLEASANTLY surprised by the inner exception once I got off my ass:
Request for ConfigurationPermission failed while attempting to access configuration section 'wwDbResourceProvider'. To allow all callers to access the data for this section, set section attribute 'requirePermission' equal 'false' in the configuration file where this section is declared.
Now that's a clear error message that actually helps you correct the problem! To be honest I wouldn't have thought of this right away and in fact before I drilled into the InnerException in the debugger I was trying to find out what the permissions requirements are.
Anyway, the fix for this particular problem is simple enough. The ConfigurationSection can be set with a requirePermission attribute set to false:
<configSections>
<section name="wwDbResourceProvider"
type="Westwind.Globalization.wwDbResourceProviderSection"
requirePermission="false"/>
</configSections>
Problem solved, but kudos to whoever is responsible for putting that error message together!
Other Posts you might also like