/dev/null [tony lombardo]

Anything and everything ASP.NET and more. Expect to see tips and tricks, opinions on new technology, and fun code samples, along with the occasional rant.
ASP.NET Medium Trust Deployment Tips

If you've every tried deploying a web application to a Hosted Environment, I'm sure you've been forced to learn more about CLR permissions and security than you ever wanted to know.  To put it simply, any assembly signed with a Strong Name Key demands that the calling assembly be fully trusted.  While this sounds great in theory, it creates havoc when trying to get your Web Site up and running. 

All Infragistics assemblies are Strong Named, which is why you are able to put them in the Global Assembly Cache (GAC).  Because they have been given a strong name, Infragistics assemblies are placed into an elevated security level.  When running in a medium trust environment, unsigned assemblies are placed in the medium trust zone.  The mismatch that is created causes a security exception to be raised when the unsigned assembly attempts to call the Signed Infragistics Assemblies. 

Fortunately, there are a few solutions to this problem. 

  1. Create a proxy assembly which is used to call the Strong Named assemblies.  Mark the proxy assembly with "AllowPartiallyTrustedCallers".
  2. Raise the Trust Level of your site to Full
  3. Remove the Strong Name from the necessary assemblies
  4. Add "[AllowPartiallyTrustedCallers]" attribute to all strong named assemblies

Of the solutions listed, you only have control over 1 and 3.  The 2nd solution requires action to be taken by your Hosting Provider, which is unlikely.  The 4th solution requires modification of the assemblies from the provider (ie. Infragistics).  We are planning to add the AllowPartiallyTrustedCallers to our assemblies for the upcoming release, but in the mean time, I would recommend the 3rd solution - Remove the Strong Name from the necessary assemblies.

Removing a strong name from an assembly isn't as complicated as you might think.  As a matter of fact, it's amazingly simple given the right tool.  The first step is to download ILMerge (http://research.microsoft.com/~mbarnett/ILMerge.aspx).  We will be taking advantage of an unfortunate side effect of using ILMerge - removal of the strong name key. 

Once you have ILMerge installed, simply run it against each Infragistics Assembly individually.  The usage is pretty straight forward, simply specify the source and destination file, and it will do its job.  When you are done, you will have successfully stripped the assembly of its Strong Name.

The next step is to update your project.  Since we've removed the strong name key from the assembly, you will need to go through all <%@ Register ..> directives pointing towards Infragistics assemblies, and remove the PublicKeyToken portion.  Check your web.config as well, as there may be some references contained inside of the config.  After you have stripped the PublicKeyToken string, add the now unsigned Infragistics assemblies to your bin directory and recompile.  Deployment is now a just a matter of copying the files up. 

The one drawback to this approach is that it may interfere with design-time functionality.  Because of this, you may want to have a separate config file used for deployment, which clears all TagPrefixes and remaps them to the unsigned Infragistics Assemblies.  By modifying the <%@ Register %> directives through the web.config instead of each of your ASPX pages, you can insure the fidelity of your design-time experience.

ILMerge is an amazing tool, with much more power than it is being used for in this context.  If you haven't checked it out yet, I would definitely recommend you do so. 

Posted: 17 Apr 2006, 10:57

Comments

CaledosLAB BLOG said:

I just found the following statement in Tony Lombardo's blog: (http://blogs.infragistics.com/blogs/tony_lombardo/archive/2006/04/17/149.aspx) Because SWACM.dll was signed with CaledosLAB key, this was just our scenario. Removing code signing everit
# October 6, 2006 8:04 AM

jbonds said:

I used the ILmerge utility in a basic web app to remove the strong name from Infragistics2.WebUI.UltraWebGrid.v6.3.dll and then

Infragistics2.WebUI.shared.v6.3.dll. I put both of these assemblies in the ben folder and followed the rest of the instructions about removing  the public tokens in the forms and web config -- but the application still will not compile. It is looking for the Infragistics2.WebUI.shared.v6.3.dll assembly and its token instead of using the one in the ben. What am I doing wrong?

# March 23, 2007 11:26 AM

Tony Lombardo said:

You can use fuslogvw to show you the fusion binding log to find out what assembly is causing webui.shared to load.  Instaed of going through all of the trouble though, I would recommend using our APTCA marked assemblies.  They are included in the 7.1 install, as well as the 6.2 and 6.3 hotfix installers.  In your program files\infragistics\netadvantage folder, you'll find an "aptca" folder.  That contains a duplicate of all of the Infragistics Assemblies, but with the "AllowPartiallyTrustedCallersAttribute" set on it.

# March 29, 2007 9:23 AM

Ashish said:

I have written a a set of dos commands to do it at once for Infragistics. You can just replace the version. Couldnt write batch file.

ILMerge.exe Infragistics2.Excel.v7.1.dll /out:Renamed/Infragistics2.Excel.v7.1.dll

ILMerge.exe Infragistics2.Web.v7.1.dll /out:Renamed/Infragistics2.Web.v7.1.dll

ILMerge.exe Infragistics2.WebUI.Misc.v7.1.dll /out:Renamed/Infragistics2.WebUI.Misc.v7.1.dll

ILMerge.exe Infragistics2.WebUI.Shared.v7.1.dll /out:Renamed/Infragistics2.WebUI.Shared.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebCalcManager.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebCalcManager.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebChart.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebChart.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebGauge.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebGauge.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebGrid.ExcelExport.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebGrid.ExcelExport.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebGrid.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebGrid.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebListbar.v7.1.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebListbar.v7.1.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebListbar.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebListbar.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebNavigator.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebNavigator.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebTab.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebTab.v7.1.dll

ILMerge.exe Infragistics2.WebUI.UltraWebToolbar.v7.1.dll /out:Renamed/Infragistics2.WebUI.UltraWebToolbar.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebCombo.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebCombo.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebDataInput.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebDataInput.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebDateChooser.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebDateChooser.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebHtmlEditor.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebHtmlEditor.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebNavBar.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebNavBar.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebSchedule.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebSchedule.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebScheduleDataProvider.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebScheduleDataProvider.v7.1.dll

ILMerge.exe Infragistics2.WebUI.WebSpellChecker.v7.1.dll /out:Renamed/Infragistics2.WebUI.WebSpellChecker.v7.1.dll

# May 25, 2007 9:57 AM

Sergio said:

I've merged all infragistics assemblies but I've also the following error:

Errore server nell'applicazione '/'.

--------------------------------------------------------------------------------

Errore del parser

Descrizione: Errore durante l'analisi di una risorsa necessaria per soddisfare la richiesta. Rivedere i dettagli relativi all'errore e modificare in modo appropriato il file di origine.

Messaggio di errore del parser: Impossibile caricare il file o l'assembly 'Infragistics2.WebUI.Shared.v7.1, Version=7.1.20071.1045, Culture=neutral, PublicKeyToken=7dd5c3163f2cd0cb' o una delle relative dipendenze. La definizione di manifesto dell'assembly specificato non corrisponde al riferimento all'assembly. (Eccezione da HRESULT: 0x80131040)

Errore nel codice sorgente:

Riga 40: <tr>

Riga 41: <TD vAlign="top" style="border: darkgray 1px solid; height: 462px;">

Riga 42:    <iglbar:ultraweblistbar id="tvLeft" runat="server"

Riga 43: Width="200px" BorderStyle="Solid" BarWidth="100%"

Riga 44: BorderColor="Lavender" BorderWidth="5px" GroupSpacing="0px" ImageTextAlign="NotSet" Height="200px" EnableAppStyling="False">

File di origine: /Default.aspx    Riga: 42

Analisi del caricamento dell'assembly: Le informazioni che seguono possono aiutare a stabilire perché non è stato possibile caricare l'assembly 'Infragistics2.WebUI.Shared.v7.1, Version=7.1.20071.1045, Culture=neutral, PublicKeyToken=7dd5c3163f2cd0cb'.

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

--------------------------------------------------------------------------------

Informazioni di versione: Versione di Microsoft .NET Framework:2.0.50727.42; Versione di ASP.NET:2.0.50727.210

Which is the cause ???

Thank you very much.

# June 23, 2007 11:36 AM

dhiren mistry said:

hello,

my name is dhiren mistry (dhiren_4_u@yahoo.co.in)

i found one tool which is very helpful to me.

i hope you also like it.

Removes strong-signing from assemblies at file level

http://www.andreabertolotto.net/Articles/StrongNameRemove20.aspx

if this make you helpful then mail me on above link.

thanks,

dhiren mistry

# February 20, 2008 8:22 AM

MikeAtSoftware said:

I'm using Infragistcis NetAdvantage V8.1. I'm deploying to a Medium trust environment, and no  matter which version of the Infragistics assemblies I use (out of the box, APTCA, APTCS signed), I always get this error:

Could not load file or assembly 'Infragistics2.WebUI.UltraWebGrid.v8.1' or one of its dependencies. Strong name signature could not be verified.  The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045) .

Can anyone suggest what I can do to fix this, becasue having followed the Infragistics documented instructions exactly, I'm pretty much out of ideas?

Thanks in advance

Mike

# June 28, 2008 4:29 AM

Tony Lombardo said:

@Mike - I get that error internally when I use a delay signed assembly (which wasn't fully signed), but those assemblies should never leave the Infragistics doors.  I have seen similar errors when an assembly is somehow corrupted.  I've resolved it in the past by re-gacing the assebmly in question.  If the assembly truely isn't signed, you won't be able to gac it.  If you still can't get it going, send me an email through the contact link at the top of the page.

# October 7, 2008 4:54 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS