Bug #65036 Entity Framework + MySQL Connector/NET in partial trust throws exceptions
Submitted: 19 Apr 2012 13:05 Modified: 19 Oct 2012 19:02
Reporter: Sven Buccauw Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S1 (Critical)
Version:6.5.4.0 OS:Microsoft Windows
Assigned to: Gabriela Martinez Sanchez CPU Architecture:Any
Tags: 6.5.4, asp.net, CAS, entity framework, MySQL Connector/Net, PermissionSet

[19 Apr 2012 13:05] Sven Buccauw
Description:
I use Entity Framework with MySQL Connector/NET to access a MySQL-database on a website in a hosted environment (Vevida). This used to work fine until Vevida upgraded to version 6.5.4.0 of MySQL Connector/Net. On my local workstation, it's still working fine.
On the hosted environment though, I get a SecurityException when the Entity Framework tries to retrieve data.
Vevida was kind enough to provide me with their trust configuration files. When I apply these locally, I get the same exception.
When I change ReflectionPermission from RestrictedMemberAccess to MemberAccess, the SecurityException isn't thrown. But Vevida ensures me that this is not the way to go in a hosted environment.
Moreover, after this change, I get another exception (System.Data.MetadataException: Schema specified is not valid). I'm not able to find the exact permission that causes this, but when I put unrestricted=true in the permissionset of ASP.NET, everything works again.
Could MySQL Connector/NET be adjusted so that it works with Entity Framework in partial trust?

How to repeat:
Make a simple .net web application that uses Entity Framework and MySQL Connector/NET. In web.config set trust level to less than Full.

(MySQL developers: see Private comment for a ready-made project)
[13 Aug 2012 22:46] ramon de klein
Is there already any progress on this issue? I hit the exact same bug with SoHosted that is also using 6.5.4.
[14 Aug 2012 18:13] Marco Vervoort
I'm having the same problem, running on www.sohosted.com. The only working version for hosting is MySQL Connector/NET 6.4.5
[14 Aug 2012 18:16] Gabriela Martinez Sanchez
Hi Ramon, thank you for this bug report. There is no bug on the implementation to support the Medium trust but a missing configuration. In order to set up your .Net/MySQL Application using C/Net you need to add it in your Medium Trust Policy file so when running your web server can give the appropriated permissions. The way you should do this set up is as follow:

Open you medium trust policy file normally you will find it under (%windir%\Microsoft.NET\Framework\{version}\CONFIG)

1 - For the section of the SecurityClasses you should add the definition of the MySQLClientPermission class. Please replace the x in the version field with the exact version of Connector/Net 6.5 you're using.

 <SecurityClass Name="MySqlClientPermission"  Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.x.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />

2 - For the section of the NamedPermissionSets add:

<IPermission class="MySqlClientPermission" version="1">

 <add connectionString="Server=;Database=;User=;Password=;Port=;Pooling=;"

 restrictions=""

 KeyRestrictionBehavior="PreventUsage" />

 </IPermission>

 Notice that this includes all the properties you'll be using in all your connections strings. If you want to use a none restricted you can use:

   <IPermission  class="MySqlClientPermission"   version="1"  Unrestricted="true"  />

We always encourage you to make a back up before doing any changes to avoid any configuration issue after this set up.

After this set up you should be able to run your medium trust application. You can test it in your local machine too using the <trust level="Medium" /> in your config file.

Please give it a try and let us know if this works for you.

Regards,
[20 Aug 2012 8:57] Sven Buccauw
I don't know about Ramon's problem, but these settings were already in my medium trust policy file. So this is not a solution for me. Please notice that the problem only occurs when using the Entity Framework, not when using standard ADO.NET.
[24 Sep 2012 22:03] Gabriela Martinez Sanchez
Verified. 

Suggested Fix:
Add on MySql.Data.Entity AllowPartiallyTrustedCallers attribute for Medium Trust compatibility.
[5 Oct 2012 21:42] Gabriela Martinez Sanchez
A fix for this has been commited and pushed in the following branches: 6.5 and 6.6
that will be released in the upcoming versions: 6.5.5 and 6.6.3
[19 Oct 2012 19:02] John Russell
Added info about this fix/enhancement to 6.6.4 changelog, specifically the includesecurityasserts config option. A 6.5.x release with this change is not currently available. See http://dev.mysql.com/doc/refman/5.1/en/connector-net-medium-trust.html for the latest info.