Partial Trust, System.ServiceModel.Activation.WebServiceHostFactory and ASP.NET Development Server

  • Article

Recently I was doing some testing in partial trust scenarios with RESTful services and I ran into a problem.  If you use the WebServiceHostFactory to create your RESTful service and  you have no System.ServiceModel configuration (which you don’t need – that is why you are using the factory) you will get an exception.

That is the bad news…  The good news is that this scenario works fine with IIS hosting.  The problem occurs only with the ASP.NET Development Server “Cassini”.

Here are the steps to reproduce

  • Create a WCF Service web application
  • Add a reference to System.ServiceModel.Web
  • Delete the IService1.cs file you won’t need it
  • Modify the Service1.svc.cs file
 using System.ServiceModel;

using System.ServiceModel.Web;

[ServiceContract]

public class Service1

{

    [OperationContract]

    [WebGet(UriTemplate = "/")]

    public string Test()

    {

        return "This is a test of partial trust";

    }

}
  • Modify the Service1.svc file
 <%@ ServiceHost 

Language="C#" 

Debug="true" 

Service="Service1" 

CodeBehind="Service1.svc.cs" 

Factory="System.ServiceModel.Activation.WebServiceHostFactory"%>
  • Modify web.config and delete or comment out the entire <system.serviceModel> section and set the site to use partial trust
     <system.web>

      <!--Set the trust level to medium to see the problem-->

      <trust level="Medium"/>
  • Right click on Service.svc and select view in browser and boom!

Server Error in '/' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

 [SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0,…
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +58
   System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca)

Version Information: Microsoft .NET Framework Version:2.0.50727.4900; ASP.NET Version:2.0.50727.4900

Problem

The problem appears to be related to how the ASP.NET Development Server is treating config in partial trust scenarios (update 2/27 – is in how WCF uses the configuration system when running under the ASP.NET Development Server host).  The problem is still being investigated but the good news is that there is a workaround

Workaround

You can work around this issue by using IIS to develop, debug and test the partial trust REST service. 

(update 2/27: One other workaround is to use the <system.serviceModel> configuration section)