CSLA Medium Trust

CSLA Medium Trust

Old forum URL: forums.lhotka.net/forums/t/50.aspx


stayfitsoftware posted on Tuesday, May 09, 2006

I am new to CSLA and am reading the .net 1 version of the book.  I am toying with the idea of converting a current project to use CSLA.  Does anyone know if it works in a medium trust web enviroment?  This is not a deciding factor I am just curious.

Also thanks for the great books and code!!

guyroch replied on Tuesday, May 09, 2006

Here is some good info...

Programs that run on the CLR use something called code access security
(CAS). CAS is different from traditional security systems in that it
assigns trust to code rather than users. To do this, the security
system gathers a set of evidence about every assembly it loads. This
evidence is then compared against the security policy, and a
permission grant is generated.

One of the pieces of evidence that the security system gathers is the
security zone that the code is running from. When you run the code
from your local machine, this will be the MyComputer zone, but when
you run it off of a server, or even a network share mapped to a drive
on your machine, it will be the LocalIntranet zone.

By default any code that is run from the MyComputer zone will get a
permission set of FullTrust (unrestricted permission to do anything it
pleases). However, by default, there is a more restrictive permission
set given to LocalIntranet assemblies.

The way to make an application that works from the MyComputer zone
work from the LocalIntranet zone is to give the assemblies in your
application a strong name, and modify the security policy to trust
this strong name. Hence the need for a key.

In CSLA 1.x, DataPortal and ServicesDataPortal runs in LocalIntranet zone, not sure about CSLA2.0, would need to look a bit deeper to confirm.

Hope this helps

stayfitsoftware replied on Tuesday, May 09, 2006

Thanks for the info.  The reason I ask, is currently my data layer o/r uses reflections and that is not allowed in medium trust atleast not in the implementation I use.  So it kind of shocked me when I moved to .net 2.  Just wanted to get any info I can before implementing CSLA.

CSLA101 replied on Tuesday, May 09, 2006

There are a couple of threads on this subject in the old forum (old if 1 week is old Wink [;)] ). CSLA definitely uses reflection if you make your CRUD calls through the normal static/DataPortal path... so if your goal was to avoid reflection,  you would need to bypass that in some way. Here is a link to one of the old threads. I don't know if there is anywhere else in CSLA where you would get bit with medium trust... but I would like to know that answer. 

Mike  

RockfordLhotka replied on Wednesday, May 10, 2006

To get medium trust you'd have to give up n-level undo and the data portal at a minimum. Both of these features not only use reflection, but also serialization, and serialization requires a high level of trust. Also, if you have the data portal use Remoting, Enterprise Services or WCF you need FullTrust. (Yes, WCF! So there's no relief from this issue in the foreseeable future...)

stayfitsoftware replied on Wednesday, May 10, 2006

I browsed those old post , and the information Rockford just gave was very helpful.  Medium trust seems hard to get to.  Like I said I am still in the early chapters of the book but n-level undo and the data portal seems, like a lot to give up in this framework just for medium trust.   Thanks

CSLA101 replied on Wednesday, May 10, 2006

Rocky,

Let's say one was using CSLA in a non-remoted web application (no remoting, no undo). Can you think of anything esle that would bite you? Someone had mentioned the CSLA date utility or something.... or maybe the safe data reader ... can't remember.

 

 

 

RockfordLhotka replied on Wednesday, May 10, 2006

I can honestly say that I haven't spent a lot of time trying to sort through what would or wouldn't work. My focus has been on building business systems - with the (perhaps incorrect) assumption that those systems will run on computers controlled by a company - and thus the trust issue just hasn't been high on my list of things to consider.

I don't think there's anything else that should bite you. SafeDataReader doesn't do anything special, nor really does SmartDate. The big stuff is the use of serialization and reflection in n-level undo and the data portal. And DataMapper in version 2.0. And the ObjectAdapter - perhaps that's what you are thinking of.

I think though, that CAS is a dead concept. Microsoft didn't make it practical to use partial trust from day 1 and now we have years worth of development using technologies like COM interop, Enterprise Services and reflection - all of which require high trust. And in the future WCF requires high trust - so even Microsoft continues to provide very key tools that only work at high trust.

This is like the Amiga years and years ago. From day 1 it supported the idea of protected memory (where one process couldn't tamper with memory in another process). But they didn't turn it on because the hardware support wasn't there. A few years later, when the hardware support was there, they couldn't turn it on because it would have broken almost every app ever written. This is the same as CAS - if it were to be enforced in a broad sense, the vast majority of .NET apps would simply cease. And most of them couldn't be rewritten to work in partial trust, because .NET doesn't provide the required features at that trust level.

stayfitsoftware replied on Wednesday, May 10, 2006

Rockford, it is nice to hear your take on CAS.  I am a hobbyist who still uses a hosted enviroment for many of my projects, and some of my target client would be non technical people working in a hosted enviroment.  It was kind of a shock when I found out that all of these great features (reflection.. etc)  were gone in medium trust.  I guess I should have done more research but there is only so much time.

Once again thanks for your input.

CSLA101 replied on Wednesday, May 10, 2006

Rocky,

Yeah... I think one could make the case that CSLA isn't really a good fit for hosted web. However, if your goal was to do a proof of concept (test the waters) in a cheap/hosted environment... and do it in such fashion that you didn't have to re-plumb if it took off and made you $ millions ... you might want to just start with the Lexus (CSLA) and figure the workarounds in the hosted world. Of course, if $ millions were in your future, one could afford the rewrite. :)

Thanks for the input.... as usual.

 

 

 

 

Copyright (c) Marimer LLC