I've been test my application locally for a while and now come to upload it to my clients site (hosted by networksolutions )

When I try to create a Configuration to create a session I get a Security Exception :

Configuration cfg = new Configuration();

causes

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

SecurityException: Security error.]
totowebapp.WebForm1.doQueryButton_Click(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

I tried getting the refusedpermission set but the server is configured to deny that.

this is a shared hosting plan and the nhibernate dll is in my web applications bin directory.

Any clues guys, this could be a complete project failure and require a re-write using regular ADO if I can't get it working.

I've tracked the issue down to the following line

private static readonly ILog log = LogManager.GetLogger( typeof( Configuration ) );

int the NHibernate.Cfg.Configuration class

I don't have a log4j.xml in my project but I assumed I didn't need one, I'll try adding an xml file.

Anyone else come across this and know of a quick fix ?

Grant

You need to set up a configuration section in your config file for log4net. See tests and samples. I think the wiki has some samples that you can use.

I added the log4net configuration to my web.config

I first added the line

[assembly: log4net.Config.DOMConfigurator()]

to my assemblyInfo.cs

still had the error so I created a very basic aspx page called logcheck.aspa :



and I get this exception on the "hosted" server

Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Security error.]
totowebapp.logcheck..cctor() +0


locally it works fine...

Grant.

I got past the Log4net problem by re-compiling with a later log4net

But when I try to get a session from the session factory I get the following error

could not get session System.Security.SecurityException: Security error.
at NHibernate.Util.IdentityMap.InstantiateSequenced()
at NHibernate.Impl.SessionImpl..ctor(IDbConnection connection, SessionFactoryImpl factory, Boolean autoClose, Int64 timestamp, IInterceptor interceptor)
at NHibernate.Impl.SessionFactoryImpl.OpenSession(IDbConnection connection, Boolean autoClose, Int64 timestamp, IInterceptor interceptor)
at NHibernate.Impl.SessionFactoryImpl.OpenSession(IInterceptor interceptor)
at NHibernate.Impl.SessionFactoryImpl.OpenSession()
at totowebapp.utils.SessionManager.GetSession()

I looked at the code for InstantiateSequenced

IHashCodeProvider ihcp = new IdentityHashCodeProvider();
IComparer comp = new IdentityComparer();
return new IdentityMap( new SequencedHashMap( ihcp, comp ) );

not sure iif any of that requires some special permissions...

I wrote a little test page,



this causes:



So HashCode provider is what causes the issue which I just looked at and assume its an issue with inline assembler, that the host doesn't allow it ?

Does anyone solved that problem?? Please let me know, im in the same situation...

This isn't easy to solve, because IdentityHashCodeProvider can't be written in plain C# (it needs to call object.GetHashCode() on a type derived from object). So it has to use inline assembly. There's also a method in .NET 1.1 (System.Runtime.CompilerServices.RuntimeHelpers.GetHashCode(object)) that can be used to get the hash code, but I haven't been able to get it to work.

I think I was in the same situation of realien... and i finally solved the problem :)

My application is hosted in a shared server and those ones generally don't allow applications that require a full trust security policy to work.

If you're in that situation first get the last distribution of log4net (i used 1.2.9), copy the DLL file into the sources of nhibernate and recompile it. To do this you should know the basics of nant build file. As a tip: Always type "nant clean build" to be sure the bin folder is empty for the build.

After this you must throw away the HashCodeProvider class that is included and written in inline assembler. Delete the entry in the build file that copies the HashCodeProvider.dll and license to the bin folder, and create an entry to compile your own implementation of the HashCodeProvider...

My class (that works):



After this you gotta make a build file, type an entry into de NHibernate build file to reference your namespace and modify the NHibernateSolution build file to copy your DLL.

Im not pretty sure that my implementation of the IHashCodeProvider is the best one, but ive test it for a week and works.

I know this explanation sound a little confusing, im a mexican guy and my english is not perfect. if you have worked with nant (or ant ;)) this shouldnt be so difficult.

Anyway if someone need further details or my build of NHibernate just mail me (victor@hartoingenio.com).


C ya
Victor

Your implementation of IdentityHashCodeProvider isn't actually an Identity HashCodeProvider, and your application will probably start mysteriously failing later when you override GetHashCode on any of your entities.

Edit: Now that I thought about it a bit more, I actually think your idea will work correctly, no mysterious bugs. The only requirement for the IdentityHashCodeProvider is that it returns the same hash code for reference-equal (= same) objects. Your implementation fulfills this requirement, it might just be a bit less efficient.

Now all that's needed is code that will try to use the ILASM version of IHCP, and fall back to the plain one in case of a security exception.

Hi



Will there be a general "fix" so all of us running on hosted servers can use NHibernate ?

Thanks in advance.

Best
Steen

Create a JIRA issue and we'll see :)

Hi

I've just created an JIRA issue :)

Best
Steen

Hmm.. added it 9 days ago... still no answer

I've compiled an instance of the IL version and the C# version. The IL version has some small differences that the C# compiler can't match.

C# code:
The difference in resulting IL is quite small. The original implementation:
The C# result:

The difference is "call" vs. "callvirt". From what I've read, the difference is that "callvirt" is doing a null check but "call" is not. The difference in performance could be sizable when this method is getting used a lot.

If there needs to be some security assertions around this method, we'll have to figure out what they should be, then translate them to IL. Has your host given you any indication what those security assertions should be?