Upgrading to ASP.Net 2? Why Your Website Might Stop Working When You Do

By John Belthoff / In Web / Posted Mar 18, 2006

Asp.Net version 2 was just recently released by Microsoft and contains a feature rich set of classes that can do just about anything imaginable. However if your thinking about hosting your asp.net 2 site on a shared hosting environment there are a few considerations you should know about before you take the plunge. If you have already upgraded you may be wondering why your site that was working fine in version 1.1 but now has problems working in Asp.Net version 2.

Code Access Security

If you receive one of those generic yellow error messages that say something like the following:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

The Reason? - Code Access Security!

As it turns out many shared hosting companies are setting the Security Trust level in the asp.net version 2.0 machine.config files to the default “Medium” setting then locking it down so it can’t be overridden by the application.

This is great from hosting perspective but not so good if you are a developer that uses asp.net functions like xml.load from another website, webrequest, webclient, system.net, etc… or many other classes that a default medium trust setting doesn’t allow.

What can you do?

There are a number of considerations on how to rectify this situation and the first is to contact your hosting company and ask them to create a modified version of the medium trust machine.config file to allow for the features you want to implement.

Microsoft has provided an article that describes this process and if you’re hosting company is not aware of it than shame on them.

The article can be found here: How To: Use Medium Trust in ASP.NET 2.0

Give this a good read as it explains not only how to modify medium trust but also how to code for the medium trust settings.

If that is not an option you might want to consider recoding your entire website to conform to medium trust, not a very good option, or moving to a hosting company that will work with you for your particular needs.

Allowing open socket connections is a security risk for a hosting company, but if you can establish that your code is not malicious a reputable hosting company should provide you with proper security clearance to utilize the rich classes that asp.net version 2.0 has to offer. After all they are claiming to sell you asp.net version 2.0. And if you can’t use version 2’s classes than you are not getting what you paid for.

Over time there will need to be a balance between the hosting companies security needs and the ability of a web developer to utilize the classes that make asp.net version 2.0 so brilliant and I hope that time comes sooner rather than later.