While working with Entity Framework v1 during KiGG implementation of Entity Framework repositories, I decided to test KiGG for partial trust environment. Particularly Medium Trust support. Will not go through whether KiGG currently support medium trust or not in it current or upcoming version, but I will go through one of the reasons why KiGG currently might not support medium trust. It is because MY implementation of Entity Framework. Note that I am saying MY, because Entity Framework application can run on medium trust.
Running Entity Framework applications with minimum permissions
The following is a snippet from MSDN documentation Security Considerations (Entity Framework):
The following code access permissions are the minimum permissions your Entity Framework application needs:
What I am going to focus on is the 2nd point (in bold). Entity Framework request ReflectionPermission with RestrictedMemberAccess to support LINQ to Entities queries. You need to know what is RestrictedMemberAccess.
RestrictedMemberAccess allows access to non-public members, with the restriction that the grant set of the non-public members must be equal to, or a subset of, the grant set of the code that accesses the non-public members.
In Medium Trust environment, ReflectionPermission is granted but with RestrictedMemberAccess. So what does that means?!
It simply means if you have an Entity Class with a non-public property and you are using this property in any of your LINQ to Entities queries, the following exception will be your punishment.
SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission failed
How to enable your Entity Framework implementation to run on medium trust environment?
I think you already guessed the answer. Just make your Entity Classes’ properties that will participate in LINQ to Entities queries public. I would recommend also to make the entities itself public as well.
Don’t think of this as a limitation of Entity Framework, myself I don’t think so. I also expect this behaviour in LINQ to SQL too as. I guess I should correct this in KiGG by marking used properties in queries as public.
I made a sample to demonstrate the exception and its cause. Feel free to download the sample and explore it.