2

Closed

MustFix: EF6 should work in partial trust

description

This item is to track some changes we need to do in the core bits in order to enable it to work in partial trust, shall we decide that we need to support it.

It is important to keep in mind that the latest guidance from ASP.NET regarding security recommends not using partial trust:

http://support.microsoft.com/kb/2698981
Closed Feb 27, 2013 at 11:29 PM by RoMiller
Verified by Murat

comments

Damiano wrote Jan 12, 2013 at 8:37 AM

I build small sites that do not have big needs data storage, and SQLCE is more than enough for my needs, even for the fact that it works in an environment with trust level Medium, I can choose the cheapest service in shared host. Now many providers even if they have migrated to Windows sever 2008 shall continue to implement higher levels of protection using the old guidelines by the trust level even for compatibility with the 2.0 runtime.
Looking at internert I found many users with the same problem, a lot more than what you might think.
Unfortunately, I am convinced that Medium Trust will be used for many more years, then I would be very happy not to have to give up the improvements in EF6.

Thanks for the great work.

ajcvickers wrote Feb 5, 2013 at 6:27 PM

EF6 should now work when running under partial trust when bin-deployed along with the application. If the EF assembly is GAC'ed (or otherwise running fully trusted) then it cannot be used from a partially trusted application assembly. This means:
  • EF bin-deployed, app bin-deployed, both running under partial trust: works
  • EF bin-deployed, app bin-deployed, both running under full trust: works
  • EF fully trusted (e.g. in GAC), app bin-deployed running under full trust: works
  • EF fully trusted (e.g. in GAC), app bin-deployed running under partial trust: won't work
Please contact the EF team if you have a need to run EF in the GAC but have the app partially trusted.

Note that there are a couple of limitations when running EF under partial trust:
  • Entities used for which dynamic proxies are created (for lazy-loading or change tracking) cannot implement ISerializable. (They can be marked with the Serializable attribute.)
  • An assembly Resolve handler for dynamically generated proxies cannot be set when running under partial trust. This means that binary deserialization of proxy classes may not work correctly under partial trust.
Unlike with previous versions of EF, mapping to private properties is now supported when running under partial trust, so long as the application itself has access to those properties.