Question
I have an ASP.NET WebForms app using Microsoft ASP.NET Universal Providers (NuGet) for membership and roles. Under full trust everything works fine, but when I edit web.config to specify medium trust I get this error when loading a page that accesses the membership:
Type 'System.Web.Providers.DefaultMembershipProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly).
I've searched the web and haven't found much info about whether this is a known limitation or if there is a workaround. I'm working on the open source app Gallery Server Pro, which is distributed in the MS Web Gallery and must support medium trust environments.
Any insight?
[Edit] Per the request, here is the web.config stuff (I'm not using profiles or the session state provider):
https://stackoverflow.com/questions/16039587
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add name="DefaultMembershipProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" passwordFormat="Clear" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="50" minRequiredPasswordLength="2" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" defaultProvider="DefaultRoleProvider">
<providers>
<clear />
<add name="DefaultRoleProvider" applicationName="Gallery Server Pro" connectionStringName="GalleryDb" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</roleManager>
No correct solution
OTHER TIPS
I think it may be because of catching role in cookies,
<roleManager enabled="true" cacheRolesInCookie="true" cookieProtection="Validation" ...
Remove that part, or make it false and then check if its working..
As medium security will block cookies and many more things, as cookies are not considered secure. Its basic material for scavengers(hacking data from left over/temp files).
I hope this will do..
