6.21.2 Configuring Partial Trust with Connector/Net Library Installed in GAC

If the library is installed in the GAC, you must include the connection option includesecurityasserts=true in your connection string. This is a new requirement as of Connector/Net 6.6.4.

The following list shows steps and code fragments needed to run a Connector/Net application in a partial trust environment. For illustration purposes, we use the Pipe Connections protocol in this example.

  1. Install Connector/Net: version 6.6.1 or higher, or 6.5.4 or higher.

  2. After installing the library, make the following configuration changes:

    In the SecurityClasses section, add a definition for the MySqlClientPermission class, including the version to use.

    
    <configuration>
      <mscorlib>
        <security>
          <policy>
            <PolicyLevel version="1">
              <SecurityClasses>
                ....
                <SecurityClass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.6.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
    
    

    Scroll down to the ASP.Net section:

    
    <PermissionSet  class="NamedPermissionSet"  version="1"  Name="ASP.Net">
    
    

    Add a new entry for the detailed configuration of the MySqlClientPermission class:

    
    <IPermission class="MySqlClientPermission" version="1" Unrestricted="true"/>
    
    

    Note: This configuration is the most generalized way that includes all keywords.

  3. Configure the MySQL server to accept pipe connections, by adding the --enable-named-pipe option on the command line. If you need more information about this, see Installing MySQL on Microsoft Windows.

  4. Confirm that the hosting provider has installed the Connector/Net library (MySql.Data.dll) in the GAC.

  5. Optionally, the hosting provider can avoid granting permissions globally by using the new MySqlClientPermission class in the trust policies. (The alternative is to globally enable the permissions System.Net.SocketPermission, System.Security.Permissions.ReflectionPermission, System.Net.DnsPermission, and System.Security.Permissions.SecurityPermission.)

  6. Create a simple web application using Visual Studio 2010.

  7. Add the reference in your application for the MySql.Data.MySqlClient library.

  8. Edit your web.config file so that your application runs using a Medium trust level:

    
    <system.web>
      <trust level="Medium"/>
    </system.web>
    
    
  9. Add the MySql.Data.MySqlClient namespace to your server-code page.

  10. Define the connection string, in slightly different ways depending on the Connector/Net version.

    Only for 6.6.4 or later: To use the connections inside any web application that will run in Medium trust, add the new includesecurityasserts option to the connection string. includesecurityasserts=true that makes the library request the following permissions when required: SocketPermissions, ReflectionPermissions, DnsPermissions, SecurityPermissions among others that are not granted in Medium trust levels.

    For Connector/Net 6.6.3 or earlier: No special setting for security is needed within the connection string.

    MySqlConnectionStringBuilder myconnString = new MySqlConnectionStringBuilder("server=localhost;User Id=root;database=test;");
    myconnString.PipeName = "MySQL55";
    myconnString.ConnectionProtocol = MySqlConnectionProtocol.Pipe;
    // Following attribute is a new requirement when the library is in the GAC.
    // Could also be done by adding includesecurityasserts=true; to the string literal
    // in the constructor above.
    // Not needed with Connector/Net 6.6.3 and earlier.
    myconnString.IncludeSecurityAsserts = true;
    
  11. Define the MySqlConnection to use:

    MySqlConnection myconn = new MySqlConnection(myconnString.ConnectionString);
    myconn.Open();
    
  12. Retrieve some data from your tables:

    MySqlCommand cmd = new MySqlCommand("Select * from products", myconn);
    MySqlDataAdapter da = new MySqlDataAdapter(cmd);
    DataSet1 tds = new DataSet1();
    da.Fill(tds, tds.Tables[0].TableName);
    GridView1.DataSource = tds;
    GridView1.DataBind();
    myconn.Close()
    
  13. Run the program. It should execute successfully, without requiring any special code or encountering any security problems.