LLBLGen + Rackspace Cloud Sites troubles

Posts   
 
    
KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 25-Mar-2010 16:55:02   

I’m currently testing the Rackspace Cloud Sites platform which runs in a "modified" medium trust. I am running into the following error on every page that contains an LLBLGen datasource control:


Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   SD.LLBLGen.Pro.ORMSupportClasses.EntityCollectionBase`1.GetObjectData(SerializationInfo info, StreamingContext context) +0
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +7634298
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.Serialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +51
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +410
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +134
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +13
   System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +845


I’m using:

Otis wrote:

The exception is caused by the reflection done by the binary serializer which serializes data to the viewstate. Some information is stored in the viewstate and apparently this is causing the problem.

One way to solve this is to store the data not in the viewstate but in the session. Could you try that please? As you're using selfservicing, you can't switch on fastserialization which also solves this. We only have reports about godaddy.com which causes this problem, other hosters have not caused this problem.

Rackspace Cloud Sites has provided a custom config (full file attached) that extends the medium trust privileges and seems like it should allow this to work. Some of the relevant sections:


<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
    <IPermission class="AspNetHostingPermission" version="1" Level="Medium"/>
    <IPermission class="ConfigurationPermission" version="1" Unrestricted="true"/>
    <IPermission class="DnsPermission" version="1" Unrestricted="true"/>
    <IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"/>
    <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>
    <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807"/>
    <IPermission class="SecurityPermission" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"/>
    <IPermission class="SmtpPermission" version="1" Access="ConnectToUnrestrictedPort"/>
    <IPermission class="SqlClientPermission" version="1" Unrestricted="true"/>
    <IPermission class="WebPermission" version="1" Unrestricted="true"/>
    <IPermission class="OleDbPermission" version="1" Unrestricted="true"/>
    <IPermission class="OdbcPermission" version="1" Unrestricted="true"/>
    <IPermission class="SocketPermission" version="1" Unrestricted="true" />
    <IPermission class="ReflectionPermission" version="1" Unrestricted="true"/>
</PermissionSet>

Any advice is appreciated, i'd really like to make this work on the Cloud Sites platform. Thanks!

Attachments
Filename File size Added on Approval
web_customtrust.config 8,062 25-Mar-2010 16:55.36 Approved
MTrinder
User
Posts: 1461
Joined: 08-Oct-2008
# Posted on: 25-Mar-2010 21:08:19   

I'm just wondering if it is related to the File IO permission, as the binary serializer may be trying to write the serialization assemblies out to disk.

We are a bit short of ideas on this to be honest...

What do you your hosting provider have to say about the issue...?

Matt

KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 25-Mar-2010 21:55:43   

Rackspace is currently working a ticket on the problem. They tried some things on there end (not sure what) and I'm still getting the same error.

I'll update the thread once i hear back from them. And if anyone has any ideas, I'd love to hear them. Thanks!

daelmo avatar
daelmo
Support Team
Posts: 8245
Joined: 28-Nov-2005
# Posted on: 26-Mar-2010 03:32:00   

We will wait the RackSpace response.

David Elizondo | LLBLGen Support Team
KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 29-Mar-2010 18:56:01   

Rackspace/Mosso replied with the following:

This points to two issues, either your application needs to have impersonation configured for it in the web.config as per our article located here:

http://cloudsites.rackspacecloud.com/index.php/How_do_I_add_impersonation_to_my_ASP.NET_site%3F

If this does not solve the issue then you're looking at a problem with your application doing something that is violating the Medium Trust configuration on our server.

http://cloudsites.rackspacecloud.com/index.php/Special:Search?search=medium+trust&go=Go

Unfortunately you'll need to develop your application in order to run under the guidelines of our Medium Trust settings.

I tried the suggested impersonation and that didn't fix it.

I have verified that the error occurs every time an LLBLGen datasource control is on the page. I have no problem on pages that don't have the control.

I do want to point out that Rackspace actually put quite a bit of effort into trying to identify the issue and their support has been great.

I'm afraid I'm stuck at this point...any other ideas? Thanks in advance!

Walaa avatar
Walaa
Support Team
Posts: 14946
Joined: 21-Aug-2005
# Posted on: 30-Mar-2010 11:38:11   

I have reviewed this thread (http://www.llblgen.com/TinyForum/Messages.aspx?ThreadID=15694&HighLight=1) which discusses the same issue but the "session" solution (as I understood it) didn’t solve my problem.

Let's investigate this route. Please explain what did you do to implement the session solution, and did it gave you the same exception with the exact stack trace or not?

KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 30-Mar-2010 17:30:17   

I setup the datacontrol as follows:

    <llblgenpro:LLBLGenProDataSource ID="ServicePlanDS" runat="server" 
        DataContainerType="EntityCollection" 
        EntityCollectionTypeName="Stream.Library.CollectionClasses.ServicePlanCollection, Stream.Library" 
        CacheLocation="Session">
    </llblgenpro:LLBLGenProDataSource>

I get the identical error and stack trace whether I use "session" or not (here it is for reference):


Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   SD.LLBLGen.Pro.ORMSupportClasses.EntityCollectionBase`1.GetObjectData(SerializationInfo info, StreamingContext context) +0
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +7634074
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.Serialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +51
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +410
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +134
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +13
   System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +845


I'm not doing anything with the datacontrol in code behind so it's a very simple scenario.

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 31-Mar-2010 10:01:35   

Could you please use the debug build ORMSupportClasses dll in the RuntimeLibs folder? This will give the same stacktrace but with line numbers. It's important to track down what's going on. The following method crashes:


public override void GetObjectData(SerializationInfo info, StreamingContext context)  // line 814
{
    base.GetObjectData( info, context );

    info.AddValue("_maxNumberOfItemsToReturn", _maxNumberOfItemsToReturn);
    info.AddValue("_sortClauses", _sortClauses, typeof(ISortExpression));
    info.AddValue("_entityFactoryToUse", _entityFactoryToUse);
    info.AddValue("_suppressClearInGetMulti", _suppressClearInGetMulti);
    info.AddValue("_containingEntity", _containingEntity, typeof(IEntity));
    info.AddValue("_containingEntityMappedField", _containingEntityMappedField);
}

So one of these lines triggers the security exception. My guess is it's this line: info.AddValue("_entityFactoryToUse", _entityFactoryToUse); // (line 820)

This is because it's a type in the generated code assembly. Could you check whether you have the following line in the generated code project's assemblyinfo file? [assembly: AllowPartiallyTrustedCallers()]

Frans Bouma | Lead developer LLBLGen Pro
KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 31-Mar-2010 21:43:39   

Yes, I do have AllowPartiallyTrustedCallers() in the generated project's AssemblyInfo.vb file.

Here's the stack trace using the ORMSupportClasses debug build:

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   SD.LLBLGen.Pro.ORMSupportClasses.EntityCollectionBase`1.GetObjectData(SerializationInfo info, StreamingContext context) in EntityCollectionBase.cs:824
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +10337012
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +1115
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +231
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +17
   System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +3316

Thanks!

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 01-Apr-2010 10:23:03   

KDL wrote:

Yes, I do have AllowPartiallyTrustedCallers() in the generated project's AssemblyInfo.vb file.

Here's the stack trace using the ORMSupportClasses debug build:

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   SD.LLBLGen.Pro.ORMSupportClasses.EntityCollectionBase`1.GetObjectData(SerializationInfo info, StreamingContext context) in EntityCollectionBase.cs:824
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +10337012
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +1115
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +231
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +17
   System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +3316

Thanks!


public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
    base.GetObjectData( info, context );

    info.AddValue("_maxNumberOfItemsToReturn", _maxNumberOfItemsToReturn);
    info.AddValue("_sortClauses", _sortClauses, typeof(ISortExpression));
    info.AddValue("_entityFactoryToUse", _entityFactoryToUse);
    info.AddValue("_suppressClearInGetMulti", _suppressClearInGetMulti);
    info.AddValue("_containingEntity", _containingEntity, typeof(IEntity));
    info.AddValue("_containingEntityMappedField", _containingEntityMappedField);
} <<<<<<<<<<< line 24

nothing has changed in this file since november 2009 (and you're using 0225 2010 build), so my question to you is: did you alter the code yourself? I have no idea why it crashes on a closing line of a method otherwise.

Frans Bouma | Lead developer LLBLGen Pro
KDL
User
Posts: 24
Joined: 25-Mar-2010
# Posted on: 01-Apr-2010 18:57:34   

No, i haven't altered the code at all. Yesterday I downloaded and installed the 0225 2010 build just to make sure i had the latest of "everything".

I have identified a particular line in the Rackspace Cloud Sites custom trust config file that causes this error but they have refused to change it. It's the first line of the following section (complete file attached to my top post):

<CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="Nothing">
    <IMembershipCondition class="AllMembershipCondition" version="1"/>
    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
        <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/*"/>
    </CodeGroup>
    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
        <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$CodeGen$/*"/>
    </CodeGroup>
    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
        <IMembershipCondition class="ZoneMembershipCondition" version="1" Zone="MyComputer"/>
        <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="Microsoft_Strong_Name" Description="This code group grants code signed with the Microsoft strong name full trust. ">
            <IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="0024000..."/>
        </CodeGroup>
        <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="Ecma_Strong_Name" Description="This code group grants code signed with the ECMA strong name full trust. ">
            <IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="00000000..."/>
        </CodeGroup>
    </CodeGroup>
</CodeGroup>

On the first line, if "Nothing" is changed to "FullTrust" then there's no error.

Bottom line is that if it comes down to Mosso/Rackspace Cloud Sites versus LLBLGen, i'll choose LLBLGen every time. Not to dis Rackspace, they have always been excellent and their techs put a lot of time into trying to help me work around the problem.

Thanks to everyone for your help!