|
||
This chapter describes the procedure of running Kentico CMS in a Medium Trust Level environment and the steps required to configure the system for it. It also describes the Precompilation/Deployment procedure and requirements.
The .NET Framework comes with a batch of predefined code access security policies, categorized into several trust levels, which define the permissions available for applications running on the given machine.
The medium trust level is often used by web hosts on shared servers to prevent applications from accessing certain resources that could be harmful to other websites running on the server. Kentico CMS can be used with the default medium trust policy provided with the Microsoft .NET Framework. To run the system under medium trust, you need to follow certain rules. There are three main components that require higher than medium trust and must be considered in this situation:
•VirtualPathProvider - provides virtual objects (layouts, transformations) from the database.
•Staging module - ensures synchronization of content between production and live site servers.
•Bounced e-mail monitoring - this feature of the newsletters module tracks the amount of unsuccessfully delivered e-mails.
This library provides the interface for virtual objects stored in the database that can be compiled, such as document transformations and page layouts. The system references the files with a virtual path, and the VirtualPathProvider provides the control code to the compiler.
Since the virtual provider cannot run in a medium trust environment (requires AspNetHostingPermission with "high" trust level), you need to store the physical files to the file system. You can save all the virtual objects to the file system in CMS Site Manager -> Administration -> System -> Deployment interface by clicking the “Save all virtual objects to disk” button. This will make copies of the virtual objects in the following folders:
•~/CMSTransformations - contains transformation files for documents and custom tables
•~/CMSLayouts - contains shared page layouts
•~/CMSTemplateLayouts - contains custom page template layouts
•~/CMSAdhocTemplateLayouts - contains custom ad-hoc page template layouts
Please note that these files are just copies of the actual virtual object and will be used by the system only if the VirtualPathProvider cannot start. Also that the changes to the objects through the administration interface will not affect these files until you save all the objects to the disk again.
|
Limitations
In the medium trust environment, the VirtualPathProvider is stopped automatically. When VirtualPathProvider is stopped, you cannot edit transformations and layouts through the user interface without saving them on the disk again.
In the portal development model, you cannot use custom web part code (Web part properties –> Code tab). If you need to add custom code on the Code tab and run the website in a medium trust environment, you need to create user controls, place web parts into the user controls and add your custom code to the web parts. Then, you can place the user controls on the page using the General/User control web part.
|
Please note that you shouldn't run the system in medium trust while developing the website. You should use this trust level only for the live website.
This section applies only if you're using the Staging module.
The Microsoft.Web.Services3.dll library from the Web Services Extensions 3 (WSE) package which is used by the Staging module requires Full trust permissions because of the low level operations related to the communication protocols. To ensure the proper functionality, the library needs to be registered in the Global Assembly Cache (GAC) of the server. The library is provided by Microsoft and most hosting providers pre-install it on their shared servers.
If you manage the server, please follow these steps:
1.Go to Control panel -> Administrative tools -> Microsoft .NET Framework 2.0 Configuration.
2.Select the Assembly cache, click on Add an Assembly to the Assembly Cache and select the bin\Microsoft.Web.Services3.dll library file from your web project.
3.Delete the bin\Microsoft.Web.Services3.dll file from your web project if it's present.
4.Make sure that your project web.config file contains the following item:
<system.web> ... <compilation debug="false" numRecompilesBeforeAppRestart="100"> <assemblies> ...
... </assemblies> </compilation> ... </system.web> |
If you are not able to install the library to the GAC or convince your web host to do so, you may still run Kentico CMS under medium trust, but you will not be able to use the Staging module. If this is the case, you will need to manually remove some of the system components by deleting the bin/Microsoft.Web.Services3.dll file from your web project if it is present.
After these changes, your system will work correctly in a medium trust environment but you will not be able to use content staging operations.
This section is only relevant if you wish to use the bounced e-mails feature of the newsletters module.
To be able to check bounced e-mails, the newsletters module makes use of a component that creates outgoing network connections using POP3, a standard e‑mail protocol for receiving maildrops from an e-mail server. This component requires the SocketPermission for its operation, otherwise it fails when attempting to connect to the server. This permission is denied for applications under medium trust.
If you cannot raise the trust level or create a custom security policy that includes this permission, the only solution is to attempt to convince the hosting administrators to grant the SocketPermission to your application. If you are unable to do so, the bounced e‑mail monitoring feature will unfortunately not be functional in a medium trust environment.
The Reporting module utilizes Microsoft Chart Controls to generate its graphs. If your application uses the 3.5 SP1 version of the .NET Framework and is hosted in a medium trust environment, it is necessary to have the MS Chart package installed on the server to ensure that the appropriate library is available in the Global Assembly Cache. The installation executable can be downloaded from the Microsoft website: http://www.microsoft.com/download/en/details.aspx?id=14422
The required assemblies are already included in .NET Framework 4.0, so the installation is not necessary if your application uses this version.
Now the system should work under a medium trust level properly. Restart your IIS in order for the configuration changes to take effect and run the website.
If your website uses any third-party components that do not support a medium trust level by default, you may need to configure the system for them. In this case, please contact their author to get the information how to perform the configuration required to run in a medium trust environment.