Mar 14 2007

Getting MySQL to function in medium trust

Posted by admin under ASP.NET 2.0

There are multiple steps to be done for getting MySQL to run under medium trust.

1. Recompile the ADO.NET data driver. Cause the first error you will get when using any MySQL.Data.Dll function is

Additional information: That assembly does not allow partially trusted callers

This procedure is described in these articles on Medium trust MySQL ADO.NET driver - also running a project offering (GPL) download of the recompiled ADO.NET driver (sourcecode also available).

However when that is done and you are refencing that new DLL instead ( we are then allowed to call the dll) to you will get the next error:

Unable to connect to any of the specified MySQL hosts.

With the InnerExeption set to

"Request for the permission of type 'System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

The key is to create a special medium trust file - allowing for MySQL access as well.

1. Go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\

2. Copy the file web_mediumtrust.config to a file with name web_MYSQLmediumtrust.config

That file will be the modified medium trust config file

3. Open web_MYSQLmediumtrust.config up and add a SocketPermission securityclass



                        <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
                        <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
...
...
                        <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
...
...
                    </SecurityClasses>

The <SecurityClass Name="SocketPermission" stuff is what's new.

4. In web_MYSQLmediumtrust.config also add a permission inside the namedpermissionsets



                            <IPermission
                                    class="WebPermission"
                                    version="1">
                                <ConnectAccess>
                                    <URI uri="$OriginHost$"/>
                                </ConnectAccess>
                            </IPermission>
...
...
                            <IPermission
                                    class="SocketPermission"
                                    version="1"
                                    Unrestricted="true"
                            />
...
...
                        </PermissionSet>

The <IPermission class="SocketPermission" stuff is new

5. Now open up C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config (not the web.config for your site - this is the global one) and define a new TrustLevel



        <system.web>
            <securityPolicy>
                <trustLevel name="Full" policyFile="internal" />
                <trustLevel name="High" policyFile="web_hightrust.config" />
                <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
                <trustLevel name="Low"  policyFile="web_lowtrust.config" />
                <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
              <trustLevel name="MediumMySQL" policyFile="web_MYSQLmediumtrust.config" />
            </securityPolicy>

The <trustLevel name="MediumMySQL" policyFile="web_MYSQLmediumtrust.config" /> is what's new. Now we have created a custom "medium trust" and calling it MediumMySQL we can now set the for your website to just that:

6. open up web.config of your own website:




      <trust level="MediumMySQL"/>
    </system.web>

And finally - now it should work! If you are in a shared hosting account you really are in the hands of the webhost to do the config changes. However many hosts have done it. Another solution is to place MySQL.Data.Dll in GAC and that solution is also used by some webhosts.