ASP.NET medium security mode to share some experience
- 2020-05-07 19:31:04
- OfStack
Non-generic Web programs or products typically do not deal with the medium security mode of ASP.NET because the user base is relatively fixed or the deployment environment can be determined by the application provider.
But in the general Web products, you have to deal with all kinds of people, some webmasters use foreign space, such as GoDaddy, foreign space business will usually ASP.NET code execution permission control in medium security mode.
In the medium security model, many of the things we take for granted are impossible.
What is the medium security mode of ?
Probably a lot of people haven't been exposed to medium safe mode, and I didn't know there was such a thing as medium safe mode until I started bbsmax.
In simple terms, ASP.NET provides a simple scheme for setting the permission of code execution, called "trust level".
By default, it provides five trust levels: FullTrust, High, Medium, Low, Minimal.
Each trust level setting corresponds to a set of code permission Settings.
This solution allows web site deployers to quickly set up managed code execution permissions for web sites via web.config.
By web.config < system.web > / < trust > The level attribute value of the node is set to set the ASP.NET program to a different trust level.
After ASP.NET is installed, all websites have FullTrust trust level by default, which is also the highest trust level.
The "medium security mode" described in this article corresponds to the Medium trust level.
Because the managed code execution permission model is not the focus of this article, I will only make a simple explanation here, without further discussion of the implementation principle of ASP.NET security level setting, the implementation principle can refer to the last few connections given in this article.
What are the effects of the medium security model?
the following are some of the problems my colleagues and I have encountered in ASP.NET medium security mode:
1. VirtualPathProvider based templating mechanism is not available, because VirtualPathProvider needs to run in High mode at least.
2. BuildProvider doesn't work, which means you can't add your own language implementation if you want to, but most projects don't use anything that advanced.
3. CodeDom, Emit don't work, this is a bad thing, what Ioc, AOP, dynamic injection of high-tech gadgets, all obsolete, these are either based on CodeDom or Emit.
4. Taking over the file download via aspx page is also not possible. Response writes files to the client side, which requires higher code execution permission.
5. Forget large file upload, because large file upload cannot be changed without HttpWorkRequst, and FullTrust mode is required to obtain the code of HttpWorkRequst.
6. SQLite is not working because there are no unmanaged code calls in medium security mode, so everything involving unmanaged code calls except SQLite is dead.
7. Access data cannot be connected with OleDb, because OleDbClient is not available in medium security mode, you can only use ODBC data source.
So, if you're going to consider allowing the user to deploy the program in medium-security mode, the sooner you do compatibility testing in medium-security mode, the better.
Because a lot of the stuff that doesn't work, it's all about the infrastructure.
For example, SQLite and Access don't work. What if your program just happens to make versions of these two databases?
For example, file downloads can't be streamed through Response, which is exactly what your program is doing.
Medium security model is so demanding, how to deal with it?
We have to make a detour, otherwise what? There are ways. Keep trying.
VirtualPathProvider doesn't work, BuildProvider doesn't work, but you need your own template syntax. So I have to generate the aspx page before page access, and then do URL rewrite.
It's easy to say, just one sentence. But I don't know how much code I wrote or how many experiments I did to find the best solution.
So, you still have to find your own way.
Here's the code that determines if the program is running in medium-security mode:
If you encounter logic that you don't have to execute, such as getting the program's memory footprint or uploading a large file, you can judge it before you call it.
According to the data, deploying an assembly into GAC gives you access to the FullTrust level, but I haven't actually tried.
File download scheme provided by Chen:
But in the general Web products, you have to deal with all kinds of people, some webmasters use foreign space, such as GoDaddy, foreign space business will usually ASP.NET code execution permission control in medium security mode.
In the medium security model, many of the things we take for granted are impossible.
What is the medium security mode of ?
Probably a lot of people haven't been exposed to medium safe mode, and I didn't know there was such a thing as medium safe mode until I started bbsmax.
In simple terms, ASP.NET provides a simple scheme for setting the permission of code execution, called "trust level".
By default, it provides five trust levels: FullTrust, High, Medium, Low, Minimal.
Each trust level setting corresponds to a set of code permission Settings.
This solution allows web site deployers to quickly set up managed code execution permissions for web sites via web.config.
By web.config < system.web > / < trust > The level attribute value of the node is set to set the ASP.NET program to a different trust level.
After ASP.NET is installed, all websites have FullTrust trust level by default, which is also the highest trust level.
The "medium security mode" described in this article corresponds to the Medium trust level.
Because the managed code execution permission model is not the focus of this article, I will only make a simple explanation here, without further discussion of the implementation principle of ASP.NET security level setting, the implementation principle can refer to the last few connections given in this article.
What are the effects of the medium security model?
the following are some of the problems my colleagues and I have encountered in ASP.NET medium security mode:
1. VirtualPathProvider based templating mechanism is not available, because VirtualPathProvider needs to run in High mode at least.
2. BuildProvider doesn't work, which means you can't add your own language implementation if you want to, but most projects don't use anything that advanced.
3. CodeDom, Emit don't work, this is a bad thing, what Ioc, AOP, dynamic injection of high-tech gadgets, all obsolete, these are either based on CodeDom or Emit.
4. Taking over the file download via aspx page is also not possible. Response writes files to the client side, which requires higher code execution permission.
5. Forget large file upload, because large file upload cannot be changed without HttpWorkRequst, and FullTrust mode is required to obtain the code of HttpWorkRequst.
6. SQLite is not working because there are no unmanaged code calls in medium security mode, so everything involving unmanaged code calls except SQLite is dead.
7. Access data cannot be connected with OleDb, because OleDbClient is not available in medium security mode, you can only use ODBC data source.
So, if you're going to consider allowing the user to deploy the program in medium-security mode, the sooner you do compatibility testing in medium-security mode, the better.
Because a lot of the stuff that doesn't work, it's all about the infrastructure.
For example, SQLite and Access don't work. What if your program just happens to make versions of these two databases?
For example, file downloads can't be streamed through Response, which is exactly what your program is doing.
Medium security model is so demanding, how to deal with it?
We have to make a detour, otherwise what? There are ways. Keep trying.
VirtualPathProvider doesn't work, BuildProvider doesn't work, but you need your own template syntax. So I have to generate the aspx page before page access, and then do URL rewrite.
It's easy to say, just one sentence. But I don't know how much code I wrote or how many experiments I did to find the best solution.
So, you still have to find your own way.
Here's the code that determines if the program is running in medium-security mode:
if (SecurityManager.IsGranted(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)))
{
}
If you encounter logic that you don't have to execute, such as getting the program's memory footprint or uploading a large file, you can judge it before you call it.
According to the data, deploying an assembly into GAC gives you access to the FullTrust level, but I haven't actually tried.
The appendix A
Reference:
MSDN trust elements (ASP.NET setup architecture)
MSDN How To: Use Medium Trust in ASP NET 2.0
Check Code Security Permissions Granted to your asp
The appendix B
File download scheme provided by Chen:
protected override void OnInit(EventArgs e)
{
Response.ContentType = "application/octet-stream";
using (FileStream stream = File.Open(Server.MapPath("~/test.txt"), FileMode.Open))
{
BinaryWriter writer = new BinaryWriter(Response.OutputStream);
byte[] buffer = new byte[1024];
int l = 0;
while ((l = stream.Read(buffer, 0, buffer.Length)) > 0)
{
writer.Write(buffer, 0, l);
}
}
}