Introduction

While working with Entity Framework v1 during KiGG implementation of Entity Framework repositories, I decided to test KiGG for partial trust environment. Particularly Medium Trust support. Will not go through whether KiGG currently support medium trust or not in it current or upcoming version, but I will go through one of the reasons why KiGG currently might not support medium trust. It is because MY implementation of Entity Framework. Note that I am saying MY, because Entity Framework application can run on medium trust.

Running Entity Framework applications with minimum permissions

The following is a snippet from MSDN documentation Security Considerations (Entity Framework):

The following code access permissions are the minimum permissions your Entity Framework application needs:

• FileIOPermission: Write to open the specified metadata files or PathDiscovery to search a directory for metadata files.

• ReflectionPermission: RestrictedMemberAccess to support LINQ to Entities queries.

• DistributedTransactionPermission: Unrestricted to enlist in a System.Transactions Transaction.

• SecurityPermission: SerializationFormatter to serialize exceptions by using the ISerializable interface.

• Permission to open a database connection and execute commands against the database, such as SqlClientPermission for a SQL Server database.

What I am going to focus on is the 2nd point (in bold). Entity Framework request ReflectionPermission with RestrictedMemberAccess to support LINQ to Entities queries. You need to know what is RestrictedMemberAccess.

RestrictedMemberAccess allows access to non-public members, with the restriction that the grant set of the non-public members must be equal to, or a subset of, the grant set of the code that accesses the non-public members.

In Medium Trust environment, ReflectionPermission is granted but with RestrictedMemberAccess. So what does that means?!

It simply means if you have an Entity Class with a non-public property and you are using this property in any of your LINQ to Entities queries, the following exception will be your punishment.

SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission failed

How to enable your Entity Framework implementation to run on medium trust environment?

I think you already guessed the answer. Just make your Entity Classes’ properties that will participate in LINQ to Entities queries public. I would recommend also to make the entities itself public as well.

Conclusion

Don’t think of this as a limitation of Entity Framework, myself I don’t think so. I also expect this behaviour in LINQ to SQL too as. I guess I should correct this in KiGG by marking used properties in queries as public.

I made a sample to demonstrate the exception and its cause. Feel free to download the sample and explore it.