Using System.Transactions in ASP.NET
This topic describes how you can successfully use System.Transactions inside an ASP.NET application.
Enable DistributedTransactionPermission in ASP.NET
System.Transactions supports partially trusted callers and is marked with the AllowPartiallyTrustedCallers
attribute (APTCA). The trust levels for System.Transactions are defined based on the types of resources (for example, system memory, shared process-wide resources, system-wide resources, and other resources) that System.Transactions exposes and the level of trust that should be required to access those resources. In a partial-trust environment, a non-full trust assembly can only use transactions within the Application Domain (in this case, the only resource being protected is system memory), unless it is granted the DistributedTransactionPermission.
DistributedTransactionPermission is demanded whenever transaction management is escalated to be managed by the Microsoft Distributed Transaction Coordinator (MSDTC). This kind of scenario utilizes process-wide resources and particularly a global resource, which is the reserved space in the MSDTC log. An example of this usage is a Web front-end to a database or an application that uses a database as part of the services it provides.
ASP.NET has its own set of trust levels and associates a specific set of permissions with these trust levels through policy files. For more information, see ASP.NET Trust Levels and Policy Files. When you initially install the Windows SDK, none of the default ASP.NET policy files are associated with the DistributedTransactionPermission. As such, when your transaction in an ASP.NET application is escalated to be managed by the MSDTC, the escalation fails with a SecurityException upon demanding the DistributedTransactionPermission. To enable transaction escalation in an ASP.NET partial trust environment, you should grant the DistributedTransactionPermission in the same default trust levels as those of SqlClientPermission. You can either configure your own custom trust level and policy file to support this, or you can modify the default policy files, which are Web_hightrust.config and Web_mediumtrust.config.
To modify the policy files, add a SecurityClass
element for DistributedTransactionPermission
to the SecurityClasses
element under the PolicyLevel
element and add a corresponding IPermission
element under the ASP.NET NamedPermissionSet
for System.Transactions. The following configuration file demonstrates this.
<SecurityClasses>
<SecurityClass Name="DistributedTransactionPermission" Description="System.Transactions.DistributedTransactionPermission, System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
...
</SecurityClasses>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
<IPermission
class="System.Transactions.DistributedTransactionPermission, System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"
/>
...
</PermissionSet>
For more information about ASP.NET security policy, see securityPolicy Element (ASP.NET Settings Schema).
Dynamic Compilation
If you want to import and use System.Transactions in an ASP.NET application that is dynamically compiled on access, you should place a reference to the System.Transactions assembly in the configuration file. Specifically, the reference should be added under the compilation/assemblies
section of the default root Web.config configuration file, or a specific Web application's configuration file. The following example demonstrates this.
<configuration>
<system.web>
<compilation>
<assemblies>
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
</system.web>
</configuration>
For more information, see add Element for assemblies for compilation (ASP.NET Settings Schema).