Is it possible to use the .net Breeze Web API in a medium trust server environment?

Question

If not, what are my options? I presume the OData Web API is the next easiest to implement option?

The error message: Attempt by security transparent method 'Breeze.ContextProvider.BreezeConfig.get_Instance()' to access security critical method 'System.AppDomain.add_AssemblyLoad(System.AssemblyLoadEventHandler)' failed.

Assembly 'Breeze.ContextProvider, Version=1.5.0.0, Culture=neutral, PublicKeyToken=f6085f1a45e2ac59' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.

Could you be more specific about what you need, and what the security restrictions are? — Steve Schmitt, Mar 30 '17 at 04:50
Hey Steve - I don't have a lot more details than that. Apparently our IIS servers run in Medium trust mode, so I'm assuming that since the Breeze Sharp library uses Reflection extensively, it requires Full Trust mode. Based on other sources (http://stackoverflow.com/questions/16849801/is-trying-to-develop-for-medium-trust-a-lost-cause), it sounds like the trust settings have been deprecated by Microsoft, but that doesn't help me yet. Is using OData on the server my only real option to get around this hosting issue and still use Breeze? It's a great product. — Josh, Mar 30 '17 at 12:47
Based on a closer reading of the error message, I guess it's probably because of the attempt to dynamically load an assembly. I'm working with our admin to try to get a full trust exception, so hopefully a story with a happy ending. — Josh, Mar 30 '17 at 17:44
[Breeze.Sharp](http://breeze.github.io/doc-cs/introduction.html) is a client-side library for writing .NET clients. [Breeze.Server.NET](http://breeze.github.io/doc-net/) is the server-side WebAPI library. You don't need Breeze.Sharp on your server. — Steve Schmitt, Mar 30 '17 at 18:02
Your error message shows `Breeze.ContextProvider`, which shows you are using Breeze.Server.NET. So you have the right thing. — Steve Schmitt, Mar 30 '17 at 18:09
You are certainly correct - I misspoke. I am using the Breeze Web API flavor of Breeze.Server.NET on the server and BreezeJs in the browser. — Josh, Mar 30 '17 at 18:09

score 0 · Answer 1 · answered May 09 '17 at 16:04

0

Breeze requires Full Trust if using the "Breeze Web API."

answered May 09 '17 at 16:04

Josh

1,876
3
21
35

Is it possible to use the .net Breeze Web API in a medium trust server environment?

1 Answers1