Run Oxite in a shared hosting environment

Admin — Tue, 30 Jun 2009 23:22:00 GMT

This site was built using Oxite and hosted by GoDaddy. When I first started this website, I found that there were no instructions on how to setup Oxite on a shared host. Now that I got it installed and working properly, I decided to write this article to document the steps. If you still run into problems, you can look at my source code here.

Lessons learnt from hosting Oxite blog engine on GoDaddy.com

Oxite is an open source, web standards compliant, blog engine built on ASP.NET MVC. By default, ASP.NET application runs with full trust which is problematic in a shared hosting environment, because most hosting company supports only Medium trust level to minimize the risk of misuse. This post will walk you through the steps required to get an Oxite site working on a shared hosting environment such as GoDaddy.com.

For example, GoDaddy's ASP.NET 3.5 shared hosting servers use the default Medium trust level with the addition of OleDbPermission, OdbcPermission, and a less-restrictive WebPermission. Applications operating under a Medium trust level have no registry access, no access to the Windows event log, and cannot use ReflectionPermission. Such applications can communicate only with a defined range of network addresses and file system access is limited to the application's virtual directory hierarchy.

Using a Medium trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound http and https traffic.

Attempt o override the trust level in your web.config will not work because your hosting company has blocked access to this section from an inherited configuration file using <location allowOverride="false">. In order for Oxite to run on GoDaddy.com, I needed to configure the application to operate in Medium trust level. It can be accomplished in the following steps:

1) Upgrade your web server to IIS7

You have an option to upgrade your server from IIS6 to IIS7 on GoDaddy.com. You can perform the upgrade on Hosting Control Center. IIS7 is required for Oxite to run properly because Oxite and many of its dependencies in their latest version run on ASP.NET 3.5. We also need IIS7 in order to use application pool pipeline in integrated mode which is not available in IIS6.

2) Configure IIS7 to use integrated pipeline mode

GoDaddy's Windows hosting accounts running IIS 7 offer two pipeline modes: classic and integrated. Configure the pipeline mode to integrated mode because ASP.NET MVC routing mechanism does not work with application pool pipeline that is configured to the classic mode. Your pipeline mode can be changed anytime through the Hosting Control Center. To Change Pipeline Mode

1. Log in to your Account Manager.
2. In the My Products section, select Hosting.
3. Next to the hosting account you want to modify, click Manage Account.
4. In the Content section of the Hosting Control Center, click the IIS Settings.
5. Click the Advanced icon.
6. In the Advanced Features section, select the appropriate pipeline mode.
7. Click OK.

3) Use only strong-named assemblies

If you try to publish Oxite downloaded from codeplex without any modifications, you will get an error: "System.Security.SecurityException: That assembly does not allow partially trusted callers.". This is obviously a result of enforcing a web application that was designed to run in a fully or highly trusted environment, to run under the Medium or Low trust level. To fix it, sign all the assemblies and configure them to allow partially trusted callers. Since strong-named assemblies can only reference other strong-named assemblies, you have to make sure all your projects are signed by a strong-named key. Get the source code of Oxite and its dependency BlogML, and add them to your solution to make modifications. Change all the references to Oxite and BlogML binaries in your solution to the projects so the modified version of the binaries are used. Do the following steps for them and all the other projects that you might be using:

1. Open project properties -> Signing.
2. Check "Sign the assembly". Create/choose a strong name key file. Enter a digital signature.

3. Open AssemblyInfo.cs under Properties. Set AllowPartiallyTrustedCallersAttribute by adding the following lines:
using System.Security;
[assembly: AllowPartiallyTrustedCallers]

4) Do not use assemblies that allow unsafe code

AntiXSSLibrary is compiled with /unsafe option. It allows unsafe code in AntiXssLibrary.dll, which is not allowed in a Medium trust environment indicated by this error: "Error 97 Could not load file or assembly 'AntiXSSLibrary Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)." Similar to the previous step, get the source code of AntiXSSLibrary and reference it in your solution. Go to project properties -> Build, and disable "Allow unsafe code".

In most cases, doing so will break the assembly that you are using since the compiler can't build any code blocks that explicitly state to use the "unsafe" keyword without the /unsafe option. Fortunately, this is not a problem with AntiXssLibrary. I am not even sure why AntiXssLibrary is built to allow unsafe code, since I don't see unmanaged or unsafe code used anywhere.

5) Ask your hosting provider to give you ConfigurationPermission

If you see this error: "System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration' failed.", it means you don't have ConfigurationPermission on the server. This problem didn't happen with GoDaddy.com, but in case you see this error, you need to ask your hosting provider to grant you ConfigurationPermission. ConfigurationPermission is necessary if your web application uses System.Configuration.ConfigurationManager. I am not aware of a workaround for it (aside from removing the usage of ConfigurationManager in your sources).

Geekizen