ASP.NET 2.0 + MySQL Connector 1.0.7 + Medium Trust Level
Hi to all
(sorry for my english)
I was looking for a solution from many month, many people talk about this problem on many forums, but no one tell something of usefull.
After many test i think solved the my problem to use MYSQL Connector with ASP.NET WITHOUT OleDBPermission!!
I use VS2005 with VB.NET, Win2003Server, MySQL 5.0 , MySQL Connector 1.07.
Step 1 - Compile a new MySql.Data.dll using the source code.
To produced a mine MySql.Data.dll, that accept not only full trusted level
I used the source code to rebuild the MySql.Data.dll, changing the adding the following code ad the AssemblyInfo.cs:
using ......
using System.Security;
[assembly: ......
[assembly: AllowPartiallyTrustedCallers() ]
Without this step i received the following error:
System.Security.SecurityException: That assembly does not allow partially trusted callers.
After build you need add reference to VS2005 and use this new DLL insteed the original one.
Step 2 - Create a Custom level C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\
Create a file web_mediumMySQLtrust.config (cloning the existing web_mediumtrust.config)
and add the SOCKPermission:
<SecurityClass .............
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
...
..
<IPermission
class="SocketPermission"
version="1"
Unrestricted="true"/>
Save and close the file.
Step 3 - Assign Custom Level modifing the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config on the server machine
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="MediumMySQL" policyFile="web_mediumMySQLtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="MediumMySQL" originUrl="" />
</system.web>
Without SOCK enabling i receive the following error from MySQL.DATA.dll:
Unable to connect to any of the specified MySQL hosts
In this way i'm able to use MYSQL and ASP.NET with no FULL TRUST LEVEL.
My asp.net project work fine now. And this is enought, isn't it?
I'm only not sure what happen to the ASP.NET SECURITY enabling the SOCK, there is some security rick? And if yes wich one? There is some way to do it in more secure way?
I'm continuing testing it, please make the same and let me know your opinion about this method.
Will be glad the MYSQL stuff opinion too.
-----------------------------
Marco
using Visual Studio 2008