Skip Navigation LinksHome / Community & Support / Developer Productivity Tools Forums / Reporting > Telerik Reporting > Support for medium trust environment

Not answered Support for medium trust environment

Feed from this thread
  • cprieto cprieto's avatar

    Posted on Aug 18, 2008 (permalink)

    Are there any plans to support mid-trust environments in a near future? many of the host enviroments people use are shared hosting, and they don't support full trust environments.

    Reply

  • Steve Steve admin's avatar

    Posted on Aug 21, 2008 (permalink)

    Hello kementeus,

    I am afraid that for the time being Telerik Reporting cannot operate in a restricted environment. The reason is that the current implementation relies extensively on things that the Medium Trust security level prohibits. This means that we have to trade some functionality for the Medium Trust which is not acceptable at this stage of the product evolvement.

    This does not mean that we will ban our product from working in Medium Trust, but our current goal is to cover all reporting functionality that other products offer, which seems to be much more important for our customers.
     
    If we are able to fulfil our plans for 2008, we may be to look into Medium Trust in 2009. We're sorry for not being able to be more specific at this time.

    All the best,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Sep 11, 2008 (permalink)

    Hi,
    what changes in medium trust config is necessary to make it work?

    Current stack trace:
    [PolicyException: Required permissions cannot be acquired.] 
       System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +7602199 
       System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission) +57 
     
    [FileLoadException: Could not load file or assembly 'Telerik.ReportConverter.ActiveReports, Version=2.8.8.828, Culture=neutralPublicKeyToken=a9d7983dfcc261be' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)] 
       System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +0 
       System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +43 
       System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +127 
       System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +142 
       System.Reflection.Assembly.Load(String assemblyString) +28 
       System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +46 
     
    [ConfigurationErrorsException: Could not load file or assembly 'Telerik.ReportConverter.ActiveReports, Version=2.8.8.828, Culture=neutralPublicKeyToken=a9d7983dfcc261be' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)] 
       System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +613 
       System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory() +203 
       System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai) +105 
       System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig) +178 
       System.Web.Compilation.BuildProvidersCompiler..ctor(VirtualPath configPath, Boolean supportLocalization, String outputAssemblyName) +54 
       System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp) +227 
       System.Web.Compilation.BuildManager.CompileGlobalAsax() +52 
       System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +337 
     
    [HttpException (0x80004005): Could not load file or assembly 'Telerik.ReportConverter.ActiveReports, Version=2.8.8.828, Culture=neutralPublicKeyToken=a9d7983dfcc261be' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)] 
       System.Web.Compilation.BuildManager.ReportTopLevelCompilationException() +58 
       System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +512 
       System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters) +729 
     
    [HttpException (0x80004005): Could not load file or assembly 'Telerik.ReportConverter.ActiveReports, Version=2.8.8.828, Culture=neutralPublicKeyToken=a9d7983dfcc261be' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)] 
       System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8886319 
       System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +85 
       System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +259 
     

    Reply

  • Steve Steve admin's avatar

    Posted on Sep 11, 2008 (permalink)

    Hello Mattias,

    As we've stated in our previous reply, you need full trust in order to have the Reporting working on your server. If you have <trust level="Medium"/> in your application config file you should delete that or modify it to Full. On shared hosting the security level restrictions are usually implemented on an upper level (machine.config), so you would not be able to run it on shared hosting, unless explicitly specified by the hosting company.

    Sincerely yours,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Sep 11, 2008 (permalink)

    Yes, I know all that!
    But I have a good relationship with the hosting company and if I just tell them what sections in the medium trust machine.config that needs to be changed maybe they will change it for me (they have done it before).
    But for that I need to know what sections to change, cause they will not set the server to run with full trust.
     

    Reply

  • Steve Steve admin's avatar

    Posted on Sep 11, 2008 (permalink)

    Hello Mattias,

    They (as a hosting company) should know what needs to be changed on their end in order for your app to have full trust level enabled, depending on their server configurations. There is nothing that has to be changed in the code on our end. Here is the MSDN article explaining about the changes to the security policies.

    Greetings,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Sep 11, 2008 (permalink)

    Is it my bad English or just you that don't want to understand! :)

    I cannot say to the host company:
    - Change my app to run with full trust.
    They will never do that.

    I need to say:
    - Modify that line and that line in the medium machine config so one of my third party component will work in my app.


    It is your component so you should know how it works and what permissions it needs, right?!
    The host company doesn't know anything about it and I don't think they have the time to start investigate your products for me.

    If I would give it a try with my basic skills and when looking at the stack trace I would say it need some kind of Policy permission, but what kind and what else?


    Reply

  • Steve Steve admin's avatar

    Posted on Sep 11, 2008 (permalink)

    Hello Mattias,

    I am afraid that it is neither of those. What we're trying to stress is that we do not work in medium trust. Our current goal is to cover all reporting functionality that other products offer, which seems to be much more important for our customers and then we would see if we can do some changes to be able to run under trust level different than medium. We do not know what are the exact security policies, which we are violating as we have never researched this due to the reasons stated above.
    The source code for the product is available in your Client.net area, so if you want to try getting it working on shared hosting, you can play around with it and see what are the exact changes needed.

    Thank you for the understanding on the matter.

    Greetings,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Sep 11, 2008 (permalink)

    Ok, that clarified it! :)

    If I get some time over I will spend some hours to investigate the permissions needed for an overrided medium config. :)

    Reply

  • Mattias Master avatar

    Posted on Sep 16, 2008 (permalink)

    Hi again!
    I have looked into the medium config now and modify it so reporting will work. :)
    These changes need to be made:
    ... 
    <SecurityClasses> 
    ... 
                <!-- added --> 
                <SecurityClass Name="ConfigurationPermission" Description="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> 
    ... 
    </SecurityClasses> 
     
     
    ... 
    <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net"
    ... 
                <!-- added --> 
                <IPermission class="ConfigurationPermission" version="1" Unrestricted="true"/> 
     
                <!-- modified--> 
                <IPermission class="FileIOPermission" version="1" Unrestricted="true"/> 
     
                <!-- modified--> 
                <IPermission class="SecurityPermission" version="1" Unrestricted="true" /> 
    ... 
    </PermissionSet> 
    ... 

    Good thing: It's not that much to change! :)
    Bad thing: I can't send these changes to host company, they will never for example allow FileIOPermission to the whole server.

    So Steve and you other guys at Telerik, could you please explain what each permission does in the reporting component and if they can be modified even more, like specify folders in the FileIOPermission for example.




    Reply

  • Mattias Master avatar

    Posted on Sep 16, 2008 (permalink)

    Two updates:
    The SecurityPermission needs flag UnmanagedCode and FileIOPermission needs Read and PathDiscovery to c:\windows
    <IPermission class="SecurityPermission" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, UnmanagedCode"/> 
     
    <IPermission class="FileIOPermission" version="1" Read="c:\windows;$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="c:\windows;$AppDir$"/> 
    What is UnmanagedCode?
    Why Read and PathDiscovery to windows?
    And what does ConfigurationPermission do in Reporting?

    Reply

  • Svetoslav Svetoslav admin's avatar

    Posted on Sep 18, 2008 (permalink)

    Great work, Mattias!

    As we have already explained Telerik Reporting does not operate in a restricted environment, because some modules demand more permissions than the Medium Trust level allows. Unfortunately up until now we haven't got the chance to dive into this problem and we still have no answers to most of the questions related to the secured environments (like why do Telerik Reporting demand the Read and PathDiscovery permissions for the Windows folder).

    Anyway our short term plans are to investigate this problem and we will do our best to workaround it without breaking the current functionality.

    Sincerely yours,
    Svetoslav
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Jan 13, 2009 (permalink)

    Hi again!
    Are you making any progress regarding medium trust?

    I've just got an email from our host company saying they have modified their medium trust config as I described above except for FileIOPermission.
    They wont add read and pathdiscovery permissions to c:\windows.

    Why does it needs read and pathdiscovery permission to c:\windows? Can you change that in a future release?

    Regards,
    Mattias

    Reply

  • Steve Steve admin's avatar

    Posted on Jan 13, 2009 (permalink)

    Hello Mattias,

    We have taken your suggestion into consideration and would change that for the Q1 release expected at the end of February.

    Thank you for the patience and understanding.

    All the best,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Jan 13, 2009 (permalink)

    Hi Steve,
    that is probably the best news I've got this year! :)

    Waiting patiently! 

    Reply

  • Mattias Master avatar

    Posted on Feb 11, 2009 (permalink)

    Hi again!
    I just wanted to check if the updates is still planned to be included in Q1 release?

    /Mattias

    Reply

  • Steve Steve admin's avatar

    Posted on Feb 11, 2009 (permalink)

    Hello Mattias,

    We have not forgotten about this and would do our best to have it included as part of the Q1 release.

    All the best,
    Steve
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Reply

  • Mattias Master avatar

    Posted on Mar 23, 2009 (permalink)

    You didn't include it in 2009 Q1 right?

    Reply

  • Chavdar Chavdar admin's avatar

    Posted on Mar 23, 2009 (permalink)

    Hello Mattias,

    We are still working on this issue. We have found a problem with the current fix and will need some additional time to address it. Hopefully the final solution will be available for the service pack in a few weeks.

    We are sorry for the inconvenience.

    Best wishes,
    Chavdar
    the Telerik team

    Check out Telerik Trainer , the state of the art learning tool for Telerik products.

    Reply

  • André avatar

    Posted on Apr 29, 2009 (permalink)

    Some months further... Is the medium trust issue solved?

    Reply

  • Steve Steve admin's avatar

    Posted on Apr 29, 2009 (permalink)

    Hi André,

    You can find the latest info on the topic in this post.

    All the best,
    Steve
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.

    Reply

  • Angelo avatar

    Posted on Aug 2, 2009 (permalink)

    Hello Telerik,

    Is the medium trust issue solved?

    Reply

  • Steve Steve admin's avatar

    Posted on Aug 3, 2009 (permalink)

    Hello Angelo,

    We're in the process of testing at the moment and hope to have it working for the service pack this week.

    All the best,
    Steve
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.

    Reply

  • Angelo avatar

    Posted on Aug 3, 2009 (permalink)

    great news...

    thks...

    Reply

Back to Top

Skip Navigation LinksHome / Community & Support / Developer Productivity Tools Forums / Reporting > Telerik Reporting > Support for medium trust environment
Related resources for "Support for medium trust environment"

Features  |  Documentation  |  Demos  |  Telerik TV  |  Knowledge Base  |  Code Library  |  Step-by-step Tutorial  |  Blogs  |  Whitepaper  ]