I have tried running both the Zip for .NET and Real-Time Zip for .NET components in GoDaddy's shared hosting environment (Medium trust level) and I get the following error:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

 

I've had a look at http://msdn2.microsoft.com/en-us/library/aa302436.aspx and http://msdn2.microsoft.com/en-us/library/aa302436.aspx however I don't see anything that helps.

Do Xceed components actually work in a shared hosting environment?

If so, what do I need to do to get them working?

Your application needs to have "full trust" to allow a writing (and reading) access on the FileSystem. However, to be sure, we would need more informations on the error. After looking at the exception with one of the developer, it seems more related to the application then our Zip/RT-Zip component.

---

Charles Bérubé-Rémillard
Technical Support
Xceed Software Inc.

I don't think file write access is the problem, since in the medium trust level, file access is permitted within the application's virtual directory hierarchy.

Here is a list of the capabilities and restrictions of the medium trust level, taken from How To: Use Code Access Security in ASP.NET 2.0:

Permissions are limited to what the application can access within the directory structure of the application.
No file access is permitted outside of the application's virtual directory hierarchy.
Can access SQL Server.
Can send e-mail by using SMTP servers.
Limited rights to certain common environment variables.
No reflection permissions whatsoever.
No sockets permission.
To access Web resources, you must explicitly add endpoint URLs—either in the originUrl attribute of the <trust> element or inside the policy file.

Godaddy.com's shared hosting servers use this level with the addition of OleDbPermission, OdbcPermission, and a less-restrictive WebPermission, and they explicity state that "file system access is limited to the application's virtual directory hierarchy": What Is Medium trust level and how does it affect my hosting account?

On my side, I have tried adding <trust level="Medium" originUrl=""/> to my application's web.config file however I get an error stating that this cannot be overridden. I do not have access to change anything outside of my application. If you can suggest anything else that I can do on my end then please do so.

I think it's the components themselves that need to be changed. I have done some research and found that there are various modifications that can be made if they have not already been done.

For example, you may need to mark your assemblies with the AllowPartiallyTrustedCallersAttribute, which should be declared at the assembly level (in Assemblyinfo.cs or Assemblyinfo.vb).
e.g. in C#: [assembly:AllowPartiallyTrustedCallers]
or in Visual Basic: <assembly:AllowPartiallyTrustedCallers>

Your assemblies should also be strong-named.

I have read about other third-party components that have had this error and with some slight modification and recompile, the error was gone.

Here are some pages that look useful: 

Allowing Partially Trusted Callers
Flickr.Net API and Medium Trust

By not fixing this error you are restricting your market. Not everyone runs their web sites on dedicated servers. I hope this can be fixed soon.

Since version 3.5, we use Reflection in Zip to detect if PPMd assembly is present or not. This is surely the reason why you get this exception.

---

Christian Nadeau
Software Developer
Xceed Software Inc.

Reflection is allowed on GoDaddy's servers, as you would have read if you clicked on the link that I had provided to the GoDaddy.com page: http://help.godaddy.com/article/1039.

If you don't want to click on the link, I will provide the text here, and bold the part that mentions Reflection:

Trust level refers to permissions set in the Web.config file that dictate what operations can and cannot be performed by Web applications. Our ASP.NET 3.5 shared hosting servers use the default Medium trust level with the addition of OleDbPermission, OdbcPermission, and a less-restrictive WebPermission.

Applications operating under a Medium trust level have no registry access, no access to the Windows event log, and cannot use ReflectionPermission (but can use Reflection). Such applications can communicate only with a defined range of network addresses and file system access is limited to the application's virtual directory hierarchy.

Using a Medium trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound http and https traffic.

 

Do you have any plans to fix this problem?

For security issue, we require full trust on our assemblies. One thing that could be done is to contact GoDaddy's hosting and ask to add trust for our assemblies for your shared application folder. You can also contact our sales department for more informations on BluePrint edition so you can recompile with the desired security level.

---

Christian Nadeau
Software Developer
Xceed Software Inc.