Running Full Trust applications under Windows Azure.
July 12, 2009 by MK
Filed under ASP.NET, Hosting, web development
What is Windows Azure?
Microsoft’s Azure Services Platform is a cloud platform (cloud computing platform as a service) offering that “provides a wide range of Internet services that can be consumed from both on-premises environments or the Internet (though the platform itself will not be made available for on-premises deployments.
To read more about Azure please visit Microsoft’s Official Website on Azure Services Platform.
What is Full Trust and why is it required?
Full trust (CAS - Code Access Security Level) allows ASP.NET applications to execute native code, to read from the Registry and Windows Event Log, and to read and write to files outside of the application’s virtual directory. In short, with full trust one web application could delete the entire contents of another web application.
To read more on Full Trust Hosting please visit What is ASP.NET Full trust hosting?
Looking for good Full Trust Windows / ASP.NET Hosting Plans - Try Webhost4life OR Alentus (We have been using them for years now)
Windows Azure and Full Trust.
Windows Azure now offers the option of running the code in your Web and Worker roles under full trust. As a developer this opens up a lot of exciting and compelling options -
- Inter-process Communication via Named Pipes:
If you application spawns processes, you can communicate among them via named pipes.
- Invoking non-.NET Code:
Many developers have existing investments in native code or may choose to use native code for some specialized tasks. .NET full trust makes it possible to use native code via spawning processes or Platform Invoke (P/Invoke).
- Using .NET Libraries that Require Full Trust:
Certain .NET libraries, including libraries in the .NET Services SDK, require full trust and can now be used in Windows Azure.
To enable full trust, simply add the enableNativeCodeExecution attribute to your role in the Service Definition file and set the attribute value to true:
<?xml version=”1.0″ encoding=”utf-8″?>
<ServiceDefinition name=”MyService” xmlns=”http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition”>
<WebRole name=”WebRole” enableNativeCodeExecution=”true”>
<InputEndpoints>
<InputEndpoint name=”HttpIn” protocol=”http” port=”80″ />
</InputEndpoints>
</WebRole>
</ServiceDefinition>
Windows Azure applications run with restricted “User” privileges in the cloud. Accordingly, certain operations such as modifying the registry and writing to the system directory are not possible at this time (even though they may succeed in your local development environment). To read more on more on Custom Trust visit Why Full Trust hosting is not recommended when using a shared ASP.NET or shared Windows hosting plan?
What is hosts file and how to edit hosts file in Win XP and Win Vista?
Most of the times when we visit a web site e.g. http://www.coolwebdeveloper.com by typing in the domain name, our browser sends a request to the DNS (Domain Name Server or System) to map that name with the IP address of the web server. The DNS server will then query other servers on the Internet that know the correct information for that domain name, and then return to the web server’s IP address.
DNS stands for Domain Name System and is the standard domain name resolution service used on the Internet. Whenever a device connects to another device on the Internet it needs to connect to it via the IP address of the remote device. In order to get that IP address, DNS is used to resolve that domain name to its mapped IP address.
There is another way to resolve domain names without using the Domain Name System, and that is by using your HOSTS file. Almost every OS that communicates via TCP/IP, the standard of communication on the Internet, has a file called the HOSTS file. This file allows you to create mappings between domain names and IP addresses.
The HOSTS file is a text file that contains IP addresses separated by at least once space and then a domain name, with each entry on its own line. For example, imaging that we wanted to make it so that if you typed in www.google.com, instead of going to Google we would go to www.coolwebdeveloper.com. In order to do this you would need to find out one of the IP addresses of Yahoo and map www.google.com to that IP address.
One of the IP addresses for www.coolwebdeveloper.com is 216.110.120.72. If we wanted to map Google to that IP address we would add an entry into our HOSTS file as follows:
216.110.120.72 www.google.com
Note the space between the 2 entries, this is important.
| Operating System | Location on Hard Drive |
| Linux/Unix | /etc/hosts |
| Windows 3.1/95/98/ME | c:\windows\hosts |
| Windows NT/2000/XP Pro | c:\winnt\system32\drivers\etc\hosts or c:\windows\system32\drivers\etc\hosts |
| Windows XP Home | c:\windows\system32\drivers\etc\hosts |
| Netware | SYS:ETC/HOSTS |
| Apple | System Folder:Preferences and in the System Folder itself. |
| Win Vista | c:\windows\system32\drivers\etc\hosts |
For editing hosts file in Win Vista you will need administrative privileges, and you will not be able to edit as a regular user. Here are the steps that you need to follow to edit hosts file in win vista.
- Click Start , click All Programs, click Accessories, right-click Notepad, and then click Run as administrator.
- If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Open the Hosts file, make the necessary changes, and then click Save on the Edit menu.
Why Full Trust hosting is not recommended when using a shared ASP.NET or shared Windows hosting plan?
December 9, 2008 by MK
Filed under Hosting, web development
The default trust level for ASP.NET web applications is Full, which grants unrestricted permissions. This is a dangerous trust level when working in a shared environment because it allows one web application to interact with the file system of other web applications on the same server.
For example, if you are in a shared environment that physically arranges its shared web applications in a common folder (i.e., C:\Inetpub\wwwroot\WebApp1, C:\Inetpub\wwwroot\WebApp2, …, C:\Inetpub\wwwroot\WebApp3, and so on), one web application could use the following code to display the Web.config contents of all of the other web applications on the server:
For Each folder As DirectoryInfo In parentPathInfo.GetDirectories()
Dim fileOfInterest As String = Path.Combine(folder.FullName, "Web.config")
If File.Exists(fileOfInterest) Then
Dim webConfigReader As StreamReader = File.OpenText(fileOfInterest)
Response.Write(String.Format("<p><b>Data for File {0}:</b></p><p>{1}</p><hr />", fileOfInterest, _ Server.HtmlEncode(webConfigReader.ReadToEnd())))
webConfigReader.Close()
End If
Next
Since connection strings are usually placed in Web.config, the user running the above code would now be able to connect to other customers databases, where there might be sensitive customer information. The point is, if an ASP.NET application is running in full trust, there’s nothing to stop them from reading, creating, modifying, or deleting files in your web application’s file system.
Looking for good Full Trust Windows / ASP.NET Hosting Plans - Try Webhost4life OR Alentus (We have been using them for years now)
Fortunately, most web hosting companies follow the advice in Microsoft’s ASP.NET 2.0 Hosting Deployment Guide and place their shared web applications in medium trust. This is accomplished by modifying the machine-level Web.config file in the %windir%\Microsoft.NET\Framework\{version}\CONFIG folder. Moreover, this setting can be locked by the web hosting company.
Here are the permissions granted by the medium trust level:
Medium
Permissions are limited to what the application can access within the directory structure of the application.
No file access is permitted outside of the application’s virtual directory hierarchy.
Can access SQL Server
Can send email by using SMTP servers
Limited rights to certain common environment variables
No reflection permissions whatsoever
No sockets permission
To access Web resources, you must explicitly add endpoint ‘URLs’ - either in the originUrl attribute of the element or inside the policy file.
The following exceptions have been granted in addition to the ones listed above:
ODBC
OLEDB
Reflection Permissions
Web Permission
The main differences between ASP.NET 1.1 and ASP.NET 2.0 for the trust levels are the following:
In version 2.0, SQL Server access is available at Medium trust level because the SQL Server .NET Data Provider no longer demands full trust. In version 2.0, SMTP Permission is available at Full, High and Medium trust levels. This allows applications to send email.
To protect shared environment, you can also set the CAS (code access security) Level to Custom (some hosting companies do provide these settings). The custom setting is basically medium level with some exceptions including ODBC, OLEDB, sockets, Reflection Permissions and Web Permissions. Hosting company can set these custom permissions and can add more privileges. This setting cannot be overridden though, which is good.
How to grant Full Trust to your ASP.NET web site on your VPS / Dedicated Server
December 9, 2008 by MK
Filed under Hosting, web development
On your Virtual Private Server or Dedicated server browse to the configuration folder
Normally installation path will be - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
Open the web.config in notepad
Place following lines at the top of you config with the <configuration> directive replacing yourdomain.com with the name of the IIS web you wish to grant full trust to.
<location path=”yourdomain.com” allowOverride=”true”>
<system.web>
<trust level=”Full” originUrl=”" />
</system.web>
</location>
Other Full Trust Hosting and ASP.NET related articles -
Now your web.config will look like -
<?xml version=”1.0″ encoding=”utf-8″?>
<!– the root web configuration file –>
<configuration>
<!–
Using a location directive with a missing path attribute
scopes the configuration to the entire machine. If used in
conjunction with allowOverride=”false”, it can be used to
prevent configuration from being altered on the machine
Administrators that want to restrict permissions granted to
web applications should change the default Trust level and ensure
that overrides are not allowed
–>
<location allowOverride=”true”>
<system.web>
<securityPolicy>
<trustLevel path=”yourdomain.com” name=”Full” policyFile=”internal” />
</securityPolicy>
<trust level=”Full” originUrl=”" />
</system.web>
</location>
<system.net>
<defaultProxy>
<proxy usesystemdefault=”true” />
</defaultProxy>
</system.net>
Looking for good Full or Modified Medium Trust Windows / ASP.NET Hosting Plans - Try Webhost4life OR Alentus (We have been using them for years now)
What is ASP.NET and what is ASP.NET hosting?
ASP.NET is a web scripting language that has been around the web application field for many years now. Initially, it was used and coded / related as well-known Visual Studio 2003 based on .NET version 1.0, and more recently as Visual Studio 2008, based on .NET version 3.5. Around 4-5 years ago, several developers took a big jump from the regular ASP to .NET by including several Microsoft applications, application scripts and add-ons. An array of hybrid scripts and applications ensured the development of ASP.Net hosting.
This special ASP web hosting solution provide many intuitive features like cross platform compatibility, quick application development, robust features and an added advantage of using the old VB applications. The magnanimous transformation to a .NET developmental environment was very expensive and costly, and the changeover was not cosmetic at all. It was a huge transformation beyond everybody’s expectation.
Good ASP.NET web hosting plan -
WebHost4Life.com (Click HERE to visit) - WebHost4Life Hosting is the most affordable, reliable and flexible hosting provider. I have a number of sites with them and they are really fantastic.
Using an ASP.NET based web hosting solution is very costly affair and it may create a huge overhead for small to medium sized web sites. Hosting a web site on the platform poses many challenges and difficulties as developers are still trying to overcome.
For example - one of the hosting problems faced by ASP.NET developers is running there ASP.NET web applications with Medium Trust or Full Trust. Not all web hosts provide Full Trust Hosting because of obvious security reasons. But a lot of applications designed in ASP.NET and available on the web do need Full Trust Hosting to run as expected. If you are curious to know more about Medium trust and Full trust hosting, I have written a previous post on Full Trust hosting that can be reached by clicking here - What is ASP.NET Full trust hosting? and A few good Full trust hosting plans.
Some of the advantages of ASP.NET hosting are:
- ASP.NET is the latest technology from Microsoft for the express development of web applications. An intuitive paradigm called .NET Framework makes the backbone of the web application. This special framework along with IIS ensures that the web server created is robust and sturdy and the web application development is a breeze.
- ASP.NET web servers offer you the abilities to develop very powerful database driven applications. It is also subject oriented and includes many special tools for the programmers.
- Applications developed on the web servers are ultra quick and lightening fast. The server response is also quicker and the user’s web experience is excellent. Developers can play around with server cache by using a set of commands via code.
- ASP.NET web hosting allows you to create a cache memory of those pages that your site visitors frequently visit for fresh and updated information.
- It is also possible to integrate several web part controls within the ASP.NET web server. Web Parts is a new breed of efficient controls that enable you to add rich, professional content, design and layout to your website, in addition to the capability to edit and change that content, design and layout directly from an application page.
- It is also fairly easy to include a number of administration, extensibility, management, performance, and scalability enhancements.
- Themes and skins are easy to change with an ASP.NET web hosting package. You can define and set style information as a theme and apply that particular style information on a global basis to pages or controls.
- You do not have to wait for a long time to get your site up and running. You can even start uploading your web applications right away in a moment!
- ASP.NET web hosting also allows you to self manage Backup / Recovery of invaluable customer data and its reinvent facility backs up all data on a daily basis and is readily available for recovery at anytime at your express request.
ASP.NET web hosting is a very good framework for instantly creating a new array of more efficient, highly interactive and personalized web surfing ambience that work across all the most popular browsers like IE, Firefox and Opera. However, one of the prominent disadvantages of ASP.Net web hosting is that it requires hosting only on a Microsoft web server, which should not deter you, unless you have other critical needs and requirements.
At present, most of database driven web sites depend on the fantastic technology of ASP.NET, just to protect and retain their invaluable data and information. As the demand for dynamic web applications grows rapidly, you will need to take a deep look at highly advanced and sophisticated web hosting servers that run and managed by highly efficient ASP.NET technology.
Another issue with ASP.NET application hosting is its deployment. As it was said by some one “There is more to putting up a good Web application than just developing it“. I have collected a few useful links / URLs that will help you host and deploy your ASP.NET web applications effectively.
If you are looking for ASP .Net hosting, here is a high quality ASP.NET web hosting provider -
WebHost4Life.com (Click HERE to visit)
- K. Scott Allen’s “10 Tips for Shrink-wrapping ASP.NET Applications”
- This is one of the many tips from Scott Gu’s ASP.NET 2.0 Tips, Tricks, Recipes and Gotchas series.
- The Microsoft ASP.NET 2.0 Hosting Deployment Guide (downloadable Word doc)
- Top 10 Best Practices for Production ASP.NET Applications by Kyle
