dotnet security: .NET 2.0 Medium Trust Issue - CyberSource Payment Processing -- dotnet security

.NET 2.0 Medium Trust Issue - CyberSource Payment Processing

6/22/2007 8:41:17 PM

dotnet security:

Hi,

Hopefully someone can help or at least point me in the right
direction...

I have developed a site that uses the CyberSource system to process
credit cards. All works great locally on my dev. computer. When I
upload to my main server (Shared Hosting, setup with Medium Trust), I
get an error that says "That assembly does not allow partially trusted
callers.".

If the server admins, for testing purposes, set the site to Full
Trust, then the page works perfectly. However, they are unwilling to
leave it that way.

Does anyone know how I can resolve this issue? How can I get this code
to run in Medium Trust? Any suggestions for the server admins to
isolating this and getting it to run?

Thanks!

Re: .NET 2.0 Medium Trust Issue - CyberSource Payment Processing

Dominick Baier
6/23/2007 2:56:53 AM

You seem to use a strong named assembly.

For strong named assembly, the compiler emits an implicit link demand for
all public methods for full trust.

You can turn that off by adding the following attribute to the assembly:

[assembly: AllowPartiallyTrustedCallers]

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]