Configuration for Medium Trust environment

This chapter describes the procedure to run the Kentico CMS in the medium trust level environment and the steps required to configure the system for it. It also describes the Precompilation/Deployment procedure and requirements.

 

Medium trust level

 

Medium trust level is often used on shared servers by the providers to disallow the applications to access certain resources that could be harmful to other web sites running on the server. Since version 2.2, Kentico CMS can be used with default medium trust policy provided with the Microsoft .NET Framework. To run the system with medium trust, you need to follow certain rules. There are two main components that require higher than medium trust and must be considered with this trust level:

 

VirtualPathProvider – provides the virtual objects (layouts, transformations) from the database.
ContentStaging – ensures the synchronization of content between production and live site servers.

 

Virtual path provider

 

This library provides the interface to the virtual objects stored in the database that can be compiled, such as document transformations and page layouts. The system references the files with virtual path, and VirtualPathProvider provides the control code to the compiler.

 

Since the virtual provider cannot run in a medium trust environment (requires AspNetHostingPermission with "high" trust level), you need to store the physical files to the system. You can save all the virtual objects to the file system in CMS Site Manager -> Administration -> System -> Deployment interface by clicking the button “Save all virtual objects to disk”. This will make the copies of the virtual objects in following folders:

 

~/CMSTransformations – Contains the document transformation files
~/CMSLayouts – Contains the shared page layouts
~/CMSTemplateLayouts – Contains the custom page template layouts

 

Please note that these files are just copies of the actual virtual object and will be used by the system only if the VirtualPathProvider cannot start. Also that the changes to the objects through the administration interface will not affect these files until you save all the objects to the disk again.

 

 

 

Limitations

 

In the medium trust environment, the VirtualPathProvider is stopped automatically. When VirtualPathProvider is stopped, you cannot edit transformations and layouts through the user interface without saving them on the disk again.

 

In the portal development model, you cannot use custom web part code (Web part properties –> Code tab). If you need to add custom code on the Code tab and run the web site in the medium trust environment, you need to create user controls, place web parts to the user controls and add your custom code to the web parts. Then, you can place the user controls to the page using the General/User control web part.

 

 

 

Please not that you shouldn't run the system in medium trust while developing the web site. You should use this trust level only for the live web site.

 

Content staging (Microsoft Web Services Extensions 3.0)

 

This section applies only if you're using content staging.

 

Library Microsoft.Web.Services3.dll from the Web Services Extensions 3 (WSE) package which is used by the Content staging module requires Full trust permissions because of the low level operations related to the communication protocols. To ensure the proper functionality, the library needs to be registered in the Global Assembly Cache (GAC) of the server. The library is provided by Microsoft and most of the hosting providers pre-install it on their shared servers.

 

If you manage the server, please follow these steps:

 

Go to Control panel -> Administrative tools -> Microsoft .NET Framework 2.0 Configuration
Select the Assembly cache, click on Add an Assembly to the Assembly Cache and select the library file bin\Microsoft.Web.Services3.dll from your web project.
Delete the file bin\Microsoft.Web.Services3.dll from your web project if it's present.
Make sure that your project web.config file contains the following item:

 

<system.web>

       ...

       <compilation debug="false" numRecompilesBeforeAppRestart="100">

           <assemblies>

               ...

<add assembly="Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

...

           </assemblies>

       </compilation>

       ...

</system.web>

 

If your hosting provider cannot install the library to GAC, you need to manually remove some of the system components. See the paragraph Special cases for details.

 

 

Running the web site

 

Now the system should work under medium trust level properly. Restart your IIS for configuration changes to take effect and run the web site.

 

If your web site uses any third-party components that do not support medium trust level by default, you may need to configure the system for them. In this case, please contact their author to get the information how to configure the environment to run it in the medium trust environment.

 

 

Special cases

 

You may not be able to access the GAC or convince your hosting provider to add the WSE library to the GAC. In this case, you may still run Kentico CMS in medium trust level, but you will not be able to use the Content staging module.

 

If this is your case, please delete the file bin/Microsoft.Web.Services3.dll from your web project if it's present

 

After these changes, your system will work correctly in the medium trust environment but you will not be able to use the Content staging operations.