MySql.Data in GAC, still SecurityException

Question

I have a problem with MySql.Data in a partial trusted environment. I've added MySql.Data to the GAC (by installing it with the MSI from the mysql.com site). As you can see here:

>gacutil /l | grep -i mysql
  MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d,
 processorArchitecture=MSIL
  MySql.Data.CF, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c4
4d, processorArchitecture=MSIL
  MySql.Data.Entity, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc889
69c44d, processorArchitecture=MSIL
  MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d,
processorArchitecture=MSIL

>

I've add the following to my web.config:

<configuration>
    <system.web>
      <trust level="Vevida"/>
      <compilation debug="true" targetFramework="4.0">
        <assemblies>
          <add assembly="MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/>
        </assemblies>
      </compilation>
    </system.web>    
</configuration>

But I still get the following exception: Exception Details: System.Security.SecurityException: Request for the permission of type 'MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' failed.

It is thrown when I try to open a connection.

I'm not sure what I can check more. According to the MySql documentation, I need at least the following permissions: System.Net.SocketPermission, System.Security.Permissions.ReflectionPermission, System.Net.DnsPermission, and System.Security.Permissions.SecurityPermission

In my trust level I these:

<IPermission
    class="SocketPermission"
    version="1"
    Unrestricted="true">
</IPermission>
<IPermission
    class="ReflectionPermission"
    version="1"
    Flags="RestrictedMemberAccess"/>
<IPermission
    class="DnsPermission"
    version="1"
Unrestricted="true"/>
<IPermission
    class="SecurityPermission"
    version="1"
    Flags="Execution,ControlPrincipal,ControlThread,SerializationFormatter"/>

As far as I can see in the documentation, this is enough. Also tried to set the SecurityPermission and ReflectionPermission to unrestricted, this didn't help.

Do you have any ideas?

Jan Reilink · Accepted Answer · 2013-02-17T19:53:07.153

MySqlClientPermission has to be added to the medium trust config as SecurityClass and IPermission. My web_mediumtrust.config addition is:

<SecurityClass Name="MySqlClientPermission"
  Description="MySql.Data.MySqlClient.MySqlClientPermission,
  MySql.Data, Version=6.5.4.0, Culture=neutral,
  PublicKeyToken=c5687fc88969c44d"
/>

<IPermission class="MySqlClientPermission" version="1">
  <add connectionString="Server=;Database=;User=;Password=;Port=;Pooling=;"
    restrictions=""
    KeyRestrictionBehavior="PreventUsage" />
</IPermission>

As also posted on http://www.saotn.org/mysql-connector-net-6-5-partial-trust/

score 0 · Answer 2 · answered Mar 21 '12 at 12:49

0

Every time your code opens a MySqlConnection, the MySql client makes a demand for MySqlClientPermission on the connection string. Your application must have this permission, regardless of whether the MySql client assemblies are in the GAC or not.

The permissions listed at http://englishebook.info/1/software-to-download/656-running-connectornet-65-inside-medium-trust-level (the ones that you've mentioned in your question) are the ones need by the MySql client assemblies, not the ones needed by your ASP.NET application. To allow your application to use MySql, you will need to grant it MySqlClientPermission.

answered Mar 21 '12 at 12:49

Nicole Calinoiu

20,843
2
44
49

So I should add the MySqlClientPermission in my trust config? I don't understand it. My hosting provider has sent me their config, where I can open a connection through this assembly, and I don't see this class in their config. I'll try it later this day – Michiel van Vaardegem Mar 21 '12 at 15:05
I think I do something wrong, cause when I add the MySqlClientPermission in my trust file, all I got is errors. Where and what should I add? Can't find anything about this – Michiel van Vaardegem Mar 21 '12 at 17:51
In addition to this, I find that MySqlClientPermission is just a "short-version" of the other 4 permissions, I allready set – Michiel van Vaardegem Mar 21 '12 at 18:10
Where exactly did you find that it's a "short version of the other 4 permissions"? At least in 6.5.4.0, it would appear to be a plain, vanilla CAS permission. It is a subclass of System.Data.Common.DBDataPermission, just like System.Data.SqlClient.SqlClientPermission. – Nicole Calinoiu Mar 21 '12 at 22:27
http://dev.mysql.com/doc/refman/5.1/en/connector-net-medium-trust.html "Optionally, the hosting provider can avoid granting permissions globally by using the new MySqlClientPermission class in the trust policies. (The alternative is to globally enable the permissions System.Net.SocketPermission, System.Security.Permissions.ReflectionPermission, System.Net.DnsPermission, and System.Security.Permissions.SecurityPermission.) " – Michiel van Vaardegem Mar 22 '12 at 07:08
I suspect that those docs may have been authored by someone with an incomplete understanding of code access security. Looking at the 6.5.4 assemblies, I can see no evidence of any scenario in which MySqlClientPermission would not be demanded by MySqlConnection.Open(). Have you actually tried adding MySqlClientPermission to your trust level definition? Also, if things are working at your hosting provider without it, are you sure that they are running version 6.5.4? – Nicole Calinoiu Mar 22 '12 at 14:10
As I stated in my second comment, yes I tried. But IIS gives errors on it. Is there anywere an example how it should be done? – Michiel van Vaardegem Mar 22 '12 at 16:11
You should be able to use the same approach described at http://msdn.microsoft.com/en-us/library/ff648344.aspx#paght000020_oledbpermission for OleDbPermission. If that doesn't work, could you please provide specific information regarding the errors you receive when you try it? – Nicole Calinoiu Mar 23 '12 at 01:12
Looks like I didn't added the correct permission class. There is like zero documentation on it. The answer of @JanReilink seems to do the trick – Michiel van Vaardegem Mar 28 '12 at 18:43

MySql.Data in GAC, still SecurityException

2 Answers2

Linked