For the 3.0 release of DotNetNuke, we rewrote a lot of code to ensure that the application could run under a Medium Trust policy, both as a security best practice, and as we'd been advised that as part of the Microsoft Shared Hosting inititive, some hosting providers would be running sites in a partial trust environment. Recently this has been confirmed on the DotNetNuke forums, with users of both Godaddy and Pipex indicating their sites were running under Medium. Most users don't have any application impacts, apart from those looking to use OLEDB sources such as Access, or use COM-interop, but one of drawbacks of Medium trust is that Web service permissions are limited, with the default settings only supporting calls to the current site. I spent some time writing a doc on DotNetNuke and Code Access Security, which can be found in the documentation\public folder of 3.0.10+ releases, but I thought I'd blog it here for those unaware of the potential issue.
Enabling non-local Web service access
Adding a single additional domain
It’s possible to add a single domain in your web.config file by utilising the originUrl= attribute (note: this supports wildcards so you can use url’s such as "http://feeds.moreover.com/*" to access multiple feeds).
<trust level=" " originUrl="http://feeds.moreover.com/*"/>
Adding multiple additional domains
It's possible to add other allowed origins, but this requires access to the machine.config file, which is not always possible in shared hosting scenarios. If you have access to the file, then add the additional domains in the following format to the webpermission node.
<IPermission class="WebPermission" version="1">
<ConnectAccess>
<URI uri="$OriginHost$"/>
<URI uri="http://www.somesite.com/.*"/>
<URI uri="http://servername/.*"/>
<URI uri="http://127.0.0.1/.*"/>
</ConnectAccess>
</IPermission>
Allowing unlimited domains via policy changes
It is possible to alter the medium.config file to enabled all webservices. To do this open the medium.config file, and alter the webpermission block from
<IPermission
class="WebPermission"
version="1">
<ConnectAccess>
<URI uri="$OriginHost$"/>
</ConnectAccess>
</IPermission>
to
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"/>
NOTE: if you wish to enable webservices in this way, it is recommended that you create a custom policy, rather than edit the existing policy file. To create a custom policy, copy the web_mediumtrust.config file, and rename the copied file e.g. web_mymedium.config. Next, alter the file as per the settings above (or any other settings you wish to alter). Finally, you will have to edit the machine.config file , and declare the new trust level e.g.
<trustLevel name="MyMedium" policyFile="web_mymedium.config"/>
Now this policy can be specified either via the machine.config or web.config.
For anyone interested in Medium trust, theres a useful little video intro on MSDN TV called Working with Medium Trust in ASP.NET MSDN TV: Working with Medium Trust in ASP.NET