Hi there,

On a non-full trust server I'm getting a security exception with a query as innocent as this...

var q = from a in m.Account select a.AccountId

... but not with this...

var q = from a in m.Account select a

So is one only allowed to select a full entity?

Cheers, Ian.

What is the text of the exception you are getting...?

Matt

With this in web.config...

<trust level="Medium" originUrl="" />

...this code...

var q = (from a in m.Account select a.AccountId).ToList();

...produces...

System.MethodAccessException was unhandled by user code Message=System.Runtime.CompilerServices.StrongBox1..ctor(System.__Canon) Source=mscorlib StackTrace: at System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Linq.Expressions.ExpressionCompiler.AddGlobal(Type type, Object value) at System.Linq.Expressions.ExpressionCompiler.GenerateConstant(ILGenerator gen, Type type, Object value, StackType ask) at System.Linq.Expressions.ExpressionCompiler.GenerateConstant(ILGenerator gen, ConstantExpression c, StackType ask) at System.Linq.Expressions.ExpressionCompiler.Generate(ILGenerator gen, Expression node, StackType ask) at System.Linq.Expressions.ExpressionCompiler.GenerateArgs(ILGenerator gen, ParameterInfo[] pis, ReadOnlyCollection1 args) at System.Linq.Expressions.ExpressionCompiler.GenerateMethodCall(ILGenerator gen, MethodInfo mi, ReadOnlyCollection1 args, Type objectType) at System.Linq.Expressions.ExpressionCompiler.GenerateMethodCall(ILGenerator gen, MethodCallExpression mc, StackType ask) at System.Linq.Expressions.ExpressionCompiler.Generate(ILGenerator gen, Expression node, StackType ask) at System.Linq.Expressions.ExpressionCompiler.GenerateConvert(ILGenerator gen, UnaryExpression u) at System.Linq.Expressions.ExpressionCompiler.Generate(ILGenerator gen, Expression node, StackType ask) at System.Linq.Expressions.ExpressionCompiler.GenerateConvert(ILGenerator gen, UnaryExpression u) at System.Linq.Expressions.ExpressionCompiler.Generate(ILGenerator gen, Expression node, StackType ask) at System.Linq.Expressions.ExpressionCompiler.GenerateLambda(LambdaExpression lambda) at System.Linq.Expressions.ExpressionCompiler.CompileDynamicLambda(LambdaExpression lambda) at System.Linq.Expressions.LambdaExpression.Compile() at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProProvider2.SetupProjectionElementsForExecution(QueryExpression toExecute) at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProProvider2.ExecuteValueListProjection(QueryExpression toExecute) at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProProviderBase.ExecuteExpression(Expression handledExpression) at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProProviderBase.Execute(Expression expression) at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProProviderBase.System.Linq.IQueryProvider.Execute(Expression expression) at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProQuery1.Execute() at SD.LLBLGen.Pro.LinqSupportClasses.LLBLGenProQuery1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source)

InnerException: System.Security.SecurityException Message=Request failed. Source=mscorlib StackTrace: at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) at System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) at System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) at System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) at System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) InnerException:

Take out the line in web.config and it works fine.

Looks like reflection is limited in MediumTrust environments. Have a look at http://www.west-wind.com/Weblog/posts/6344.aspx which has some ideas for overriding specific permissions.

Matt

I suspect our hosting company will suggest that we get some kind of private server.

The word 'trust' didn't bring up any results in the LLBLGen docs. I think it would be good if there was a mention (perhaps in the Linq section 'Remarks and limitations') about what can and cannot be done in a medium trust environment with LinqToLLBLGen. This is the second time I've been caught - before it was when trying to use an aggregate function or something or other.

In general it's possible to use llblgen pro runtime in medium trust environments, but with linq there are some things we need to do to make it work (this is also the reason why other linq providers also fail in medium trust). For example, the projection in your query is compiled from a lamba to a delegate. This is done using a .net library call, so it's not us doing any unwanted reflection. However, without that call, without compiling the lambda, it's not possible to run the queries as it would come down to interpreting the code inside the projection lambda, which could well be a set of delegates (e.g. in-memory code).

But perhaps this post helps: http://blogs.rev-net.com/ddewinter/2009/04/22/using-linq-to-sql-and-ef-in-sharepoint-under-medium-trust/

He mentions a special trust indication for the webconfig.