log4net in .NET 2.0 Framework

In our organization we use log4net for all our .NET 1.1 applications. For our new projects we use Visual Studio 2005. At this moment there is no public version that supports the .NET 2.0 framework.

In the log4net mailing list people claim you can use the current version but this is only partially true:
It’s true, for application running with trust level full,
but it’s false, for all other trust levels.

When the trust level is set to something other then “Full” a Security Exception will be thrown.

Trustlevels in .NET 1.1

If you want to build a secure ASP.NET Application you do not want your application running with full trust.

A message in the log4net mailing list suggested downloading the latest sources from the subversion repository and build the latest log4net version. The only thing that had to be changed was the build conditional compilation symbol ( from "NET;NET_1_0" to "NET;NET_2_0" ).

Well actually there was a bit more. It turned out that I missed the NUnit Framework (running VS2005 TS) and there was a reference missing to the System.Configuration assembly. After installing the NUnit and setting the references I had a version that compiled without errors or warnings. The next step was running some tests, the results are in the table below.

In our organization we use log4net for all our .NET 1.1 applications. For our new projects we use Visual Studio 2005. At this moment there is no version that supports the .NET 2.0 framework.

In the log4net mailing list people claim you can use the current version but this is only partially true:
It’s true, for application running with trust level full,
but it’s false, for all other trust levels.

When the trust level is set to something other then “Full” a Security Exception will be thrown.

Trustlevels in .NET 2.0

If you compare the two versions you see that the exceptions are gone. Not only the exceptions are gone but there is also no logging in these situations. No logging is obvious but the fact that the “Security Exception” is missing bothers me.

I hope the exception returns in a future version. For now I’m glad we can use log4net again. You can download the bits but keep in mind that this is not an official release.

5 Apr 2006  Comments [2]  .Net development | Web development  
Saturday, May 13, 2006 3:23:54 AM UTC
Hey, I just came across your very relevant blog posting today. I'm trying to get log4net to run in my ISP's medium trust environment and I keep getting the Security Exception you mentioned. I downloaded your version and still get the same problem. I'm testing this on my development machine with the web.config (way down 2.0's CONFIG directory set to <trust level="medium" /> and it's not working. If I set the <trust level="full" /> it works fine, of course. Am I missing anything? This test app is a simple, single page ASP.NET 2.0 web app with log4net configured in the web.config file and a few simple log statements sprinkled here and there for testing. Thanks.

Brian
Brian Beaudet
Saturday, May 13, 2006 11:17:05 PM UTC
Hi Brian,
Keep in mind that the area outside your application domain is still forbidden territory. So if you try to write to a logfile outside your application directory you still run into the Security Exception.
I made the same mistake in my development environment. I tried to write to a "D:\LogFiles" directory from within my application and ran into the Security Exception. It works fine when writing to the root of the application directory i.e. not adding a path. My suggestion would be to write the logfile into a subdirectory of your application root for example "\log". So you can still seperate your code from the logfiles.
Albert
Comments are closed.