I have an ASP.NET WebForms app using Microsoft ASP.NET Universal Providers (NuGet) for membership and roles. Under full trust everything works fine, but when I edit web.config to specify medium trust I get this error when loading a page that accesses the membership:
Type 'System.Web.Providers.DefaultMembershipProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly).
I've searched the web and haven't found much info about whether this is a known limitation or if there is a workaround. I'm working on the open source app Gallery Server Pro, which is distributed in the MS Web Gallery and must support medium trust environments.
Any insight?
[Edit] Per the request, here is the web.config stuff (I'm not using profiles or the session state provider):
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add name="DefaultMembershipProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" passwordFormat="Clear" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="50" minRequiredPasswordLength="2" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" defaultProvider="DefaultRoleProvider">
<providers>
<clear />
<add name="DefaultRoleProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</roleManager>
I think it may be because of catching role in cookies,
<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" ...
Remove that part, or make it false and then check if its working..
As medium security will block cookies and many more things, as cookies are not considered secure. Its basic material for scavengers(hacking data from left over/temp files).
I hope this will do..
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With