Configuration for Medium Trust environment |
This chapter describes the procedure to run the Kentico CMS in the medium trust level environment and the steps required to configure the system for it. It also describes the Precompilation/Deployment procedure and requirements.
Medium trust level
Medium trust level is often used on shared servers by the providers to disallow the applications to access certain resources that could be harmful to other web sites running on the server. Since version 2.2, Kentico CMS can be used with default medium trust policy provided with the Microsoft .NET Framework. To run the system with medium trust, you need to follow certain rules. There are two main components that require higher than medium trust and must be considered with this trust level:
Virtual path provider
This library provides the interface to the virtual objects stored in the database that can be compiled, such as document transformations and page layouts. The system references the files with virtual path, and VirtualPathProvider provides the control code to the compiler.
Since the virtual provider cannot run in a medium trust environment (requires AspNetHostingPermission with "high" trust level), you need to store the physical files to the system. You can save all the virtual objects to the file system in CMS Site Manager -> Administration -> System -> Deployment interface by clicking the button “Save all virtual objects to disk”. This will make the copies of the virtual objects in following folders:
Please note that these files are just copies of the actual virtual object and will be used by the system only if the VirtualPathProvider cannot start. Also that the changes to the objects through the administration interface will not affect these files until you save all the objects to the disk again.
Please not that you shouldn't run the system in medium trust while developing the web site. You should use this trust level only for the live web site.
Content staging (Microsoft Web Services Extensions 3.0)
This section applies only if you're using content staging.
Library Microsoft.Web.Services3.dll from the Web Services Extensions 3 (WSE) package which is used by the Content staging module requires Full trust permissions because of the low level operations related to the communication protocols. To ensure the proper functionality, the library needs to be registered in the Global Assembly Cache (GAC) of the server. The library is provided by Microsoft and most of the hosting providers pre-install it on their shared servers.
If you manage the server, please follow these steps:
If your hosting provider cannot install the library to GAC, you need to manually remove some of the system components. See the paragraph Special cases for details.
Running the web site
Now the system should work under medium trust level properly. Restart your IIS for configuration changes to take effect and run the web site.
If your web site uses any third-party components that do not support medium trust level by default, you may need to configure the system for them. In this case, please contact their author to get the information how to configure the environment to run it in the medium trust environment.
Special cases
You may not be able to access the GAC or convince your hosting provider to add the WSE library to the GAC. In this case, you may still run Kentico CMS in medium trust level, but you will not be able to use the Content staging module.
If this is your case, please delete the file bin/Microsoft.Web.Services3.dll from your web project if it's present
After these changes, your system will work correctly in the medium trust environment but you will not be able to use the Content staging operations. |