16.6. Working in Partial Trust

Because the provider works with file-based AzMan policy stores, directory-based AzMan policy stores, and Microsoft SQL Server AzMan policy store, there are two different approaches to getting the provider in a partially trusted application. Regardless of the policy store location, the provider always requires AspNetHostingPermission with at least Low trust (see Chapter 15 on SqlRoleProvider to learn how you can grant this permission in a non-ASP.NET application) during the initialization process.

The provider always checks for AspNetHostingPermission with a setting of Medium for any write-oriented methods. Because Low trust is conceptually a read-only trust bucket, while Medium trust is the conceptual read-write trust bucket, AuthorizationStoreRoleProvider only allows the following methods to work when running in a web application at Medium trust or above:

  • CreateRole

  • DeleteRole

  • AddUsersToRoles

  • RemoveUsersFromRoles

You will see this behavior for ASP.NET applications. If you plan to use the provider outside of ASP.NET in a partial trust application, you effectively need to run at full trust, as is discussed a bit later in this section.

If the policy store is located in an XML file, and you are using the provider inside of an ASP.NET application, then the provider will also partially rely on the application's file I/O code access security (CAS) permissions for read-oriented methods. The idea here is that if you are using a file-based policy store, then ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.