SecurityException - Dapper on shared hosting

2019-04-29 21:32发布

问题:

For my current project I use Dapper. Everything perfect. Then I needed to deploy it on shared hosting. The result can be seen here (copied YSOD):

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Stack trace

[SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark) +31
System.Security.CodeAccessPermission.Demand() +46
System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Type owner, StackCrawlMark& stackMark, Boolean skipVisibility) +9461551
System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Type owner, Boolean skipVisibility) +40 Dapperx.SqlMapper.CreateParamInfoGenerator(Identity identity) +537 Dapperx.SqlMapper.GetCacheInfo(Identity identity) +376 Dapperx.d__131.MoveNext() +644
System.Collections.Generic.List
1..ctor(IEnumerable1 collection) +327 System.Linq.Enumerable.ToList(IEnumerable1 source) +58
Dapperx.SqlMapper.Query(IDbConnection cnn, String sql, Object param, IDbTransaction transaction, Boolean buffered, Nullable1 commandTimeout, Nullable1 commandType) +199
...

Is there any way how to solve it for (in .NET 4.0)? As far as I understand what I've read so far, the provider has to allow some parts from reflection for the IIS which might be a security risk for them...

回答1:

Reflection.Emit which is used by Dapper is not allowed in Medium Trust.

You should find a hosting provider that offers Full Trust. discountasp.net is one I have used before.