ASP.NET 1.1 app breaks when moved to shared webhosting with medium trust level

[Andy]

Hi, how do you allow strongly type cast parameters to be passed to C#
functions that use weakly type cast parameters while running under the
"Medium" Trust Level security policy shipped with the ASP.NET 1.1
framework?

I've written a general error reporting routine that formats and returns

error messages for various exceptions. The routine accepts a
System.Object which it then typecasts into the correct exception object

using the object's name property.


When I run this under the "Full" Trust Level security policy, the
routine works and no errors are reported.


When I run this under the "Medium" Trust Level security policy on our
shared webhosting provider, the routine fails to compile because the
..NET code verifier flags all the calls to this error routine as
"unsafe", because the data types of the expected and passed parameters
do not match.


The actual error reported is "System.Security.VerificationException:
Operation could destabilize the runtime". The problem line in the
stack trace points to the function definition line for rptError that
contains the expected System.Object parameter.


The shared webhosting provider has not modified the "Medium" Trust
Level security policy, and has used it "as-is" from the .NET 1.1
framework.


Sample code of the call and function appears below:


try{


... arbitrary code that may throw an exception ...



}catch (Exception e){


result = rptError((System.Object) e);


}


public System.String rptError(System.Object objError)
{
string result="";
switch(objError.GetType().Name)
{
case "Exception":
Exception e=(FormatException)objError;
result = "exception: " + Environment.NewLine +
e.Message + Environment.NewLine +
e.Source + Environment.NewLine +
e.StackTrace;
break;
}
return(result);


}


Can anyone see what is going wrong here?

Andy

 

[Andy]

Here's what I found out

Medium Trust is a default security policy Microsoft ships with its .NET
framework that is intentionally designed to protect shared web hosting
service providers. The design allows such providers to be confident
that clients cannot defeat their security and drop themselves out of
any imposed settings or constraints.

Part of this trust policy is meant to prevent buffer over-run attacks
(a common hacking technique used to load executible code into unused
memory by passing more data into a variable than the variable can
hold). It enforces code verification and type checking to ensure that
only well-defined fixed length parameter passing occurs between
functions.

The policy also prevents an application from having a mechanisim to
access external resources such as webservices since internal resources
on the providers LAN can also be on the same backbone that their
hosting service is. The URI parameter on the <trust> tag actually
takes a regular expression which is used to match the description of
any piece of equipment or webservice on a network, and passing the
regular expression ".*" could give access to anything (internal
printers, hard drives, etc).

This problem isn't really a bug with the Medium Trust Policy, as much
as it is really an indication that the web application was deployed on
the wrong type of web hosting service architecture.

Most often, people choose shared hosting because it is a less costly
alternative to paying for a dedicated server hosting service. In
between these two extremes is Virtual Personal Server (VPS) hosting
where you get the advantages of full administrative rights to what
appears to be a physical dedicated server while enjoying the cost
advantages gained from a shared hosting enviromnent.

VPS hosting services allow full admin rights because each account runs
in its own emulated server, and it is the server emulations that run in
a shared environment (rather than the end-user programs that are now
running within the server emulations). In effect, each VPS server is a
sandbox for its account, and each account user cannot administer
somebody else's emulated server. This is different from a shared
hosting service where user code awaits to be run on demand within a
single gigantic shared resource environment.

VPS has been available for UNIX based hosting for more than 10 years.
But, only recently has VPS started to become available for Windows
hosting environments.

Although a VPS server can be a software emulation of a pentium class
computer, it is usually a physical server that is assigned to a fixed
handful of customers. The processor time on the server is time sliced
across the clients, and the drive space is partitioned with real
harddrive partitions. Most VPS servers are always running, so there
aren't usually any timeout restrictions impossed on the user accounts.

With todays RAID technology, and multi-processor servers, a lot of
customers can share the cost of a single dedicated physical server
bringing the price point for VPS very close to what plain shared
hosting offers.