Deploying your website

pmarti · December 21st, 2013, 01:59 AM

Hello Imar or anyone else that might be able to help,

I'm deploying my website to a shared server and am generating security errors. My ISP's Windows environment uses the "Medium" trust level. I thought the website I developed was very benign and not particularly sophisticated so I was surprised with these issues. My website uses .NET memberships and roles (to limit access to web pages and folders) and performs basic CRUD functions against a SQL Server database. Everything works well in my local development environment, which by default is set to "Full" trust. I looked for information on the topic of .Net memberships and roles, and their implications in a medium trust environment, but didn't find much on the specific topic or at least not much that I understood when it came to the security model. Not knowing if something that I did was causing these problems, I decided to create a new website using the ASP.Net Web Forms Site template and not make any modifications to it. I uploaded it to my ISP's server and deployed it. I found that even the template generates security errors when any of the standard web pages (About and Contact) are called by clicking on the navigation hyperlinks. If I manually type the url, the pages work, but if I use the navigation links the server says it can't find the Accounts/Login.aspx page (which is there on the server).

In the book, under Deploying Your Website, there is information on on setting up IIS and moving data but not much on potential security issues. Could you provide me with some ideas about these issues or point me in the right direction for information on this topic? Could I be looking in the wrong direction (membership and roles), could these errors be caused by other components that are automatically inserted into the ASP.NET Web Forms Site template?

In advance, thank you very much.

Imar · December 21st, 2013, 08:32 AM

Hi there,

Medium trust is obsolete nowadays. Microsoft has provided guidance for hosters on how to get rid of medium trust and use other security mechanisms instead:

http://support.microsoft.com/kb/2698981
http://stackoverflow.com/questions/1...t-a-lost-cause

You could ask your host to fix that, or find a new host.

Regarding the broken links: hard to say without seeing the site.

Cheers,

Imar

pmarti · December 23rd, 2013, 01:00 AM

Hi Imar,

Thank you very much for your response. I find it so impressive how you support the folks that read your books and have questions.

I went around and around with my hosting provider, explaining how their Medium Trust level setting seemed to be preventing me from implementing .NET membership and roles security and access. Not surprisingly, they did not change their server settings so I had to switch to another hosting provider. I obviously looked only at hosting providers that offered Full Trust level on their servers. I selected one, uploaded my files, configured the .NET membership and roles to use my MS SQL database and everything worked as it should.

Thank you again for your help, I really appreciate it.

Imar · December 23rd, 2013, 07:45 AM

Excellent, glad to hear it's working. I think your host is mistaken by insisting on using Medium Trust. It's not as secure as they think it is anyway, and causes more problems than it solves.

Quote:

I find it so impressive how you support the folks that read your books and have questions.

Thanks!

Cheers,

Imar