FacebookSDK - AllowPartiallyTrustedCallers Problem

I'm using the latest version of the FacebookSDK (4.0.2) (facebooksdk.codeplex.com)

And I noticed the Src code is made up of several projects namely:

1)

Samples -> Facebook.Samples.AspWebsite Project

Samples -> Facebook.Samples.MvcFacebookApp Project

Samples -> Facebook.Samples.MvcWebsite Project

2)

Tests -> Facebook.Tests

Tests -> Facebook.Web.Tests

3)

Facebook Project

Facebook.Web Project

Facebook.Web.Mvc Project

Okay, so I am building a Facebook Canvas .Net 4.0 MVC 2 application and am simply using the Facebook.Samples.MvcFacebookApp Project and replacing and adding classes and files as I see fit for my situation. However I have come to the point where my site will be running on a Microsoft Azure cloud and I want to abstract the data layer (database) into it's Project. So I went ahead and created a new Project in the solution called BusinessData and added an EntityDataModel to it, so now the solution looks like this:

1)

Samples -> Facebook.Samples ...

2)

Tests -> Facebook.Tests ...

3)

Facebook Project

Facebook.Web Project

Facebook.Web.Mvc Project

BusinessData Project

-> Business.edmx

Great so now I add a reference to the BusinessData Project to my Facebook.Samples.MvcFacebookApp Project and try and access my database. However I get this error in my TrackUserAttribute.cs class in the Facebook.Samples.MvcFacebookApp Project:

System.MethodAccessException occurred
  Message=Attempt by security transparent method 'Facebook.Samples.MvcFacebookApp.Models.T开发者_开发技巧rackUserAttribute..ctor()' to access security critical method 'BusinessData.BusinessEntities..ctor()' failed.

Assembly 'Facebook.Samples.MvcFacebookApp, Version=4.0.2.0, Culture=neutral, PublicKeyToken=null' is marked with the AllowPartiallyTrustedCallersAttribute, and uses the level 2 security transparency model.  Level 2 transparency causes all methods in AllowPartiallyTrustedCallers assemblies to become security transparent by default, which may be the cause of this exception.
  Source=Facebook.Samples.MvcFacebookApp
  StackTrace:
       at Facebook.Samples.MvcFacebookApp.Models.TrackUserAttribute..ctor() in C:\Users\rkara\Desktop\FacebookPazooza\ThuziFacebookSDK\Source\Src\Facebook.Samples.MvcFacebookApp\Models\TrackUserAttribute.cs:line 13
  InnerException:

After some uneventful research and not being fully understood about CAS Policy and how that has evolved with ASP.Net 4.0 my understanding is that the GlobalAssemblyInfo.cs file contained within all of the projects of the FacebookSDK solution has something to do with it.

This line of code in the GlobalAssemblyInfo.cs file:

#if !(SILVERLIGHT || TESTS)
[assembly: AllowPartiallyTrustedCallers]
#endif

seems to be the culprit. According to this Microsoft expert:

http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/

BusinessData has SecurityCritical level privileges. My class TrackUserAttribute.cs only has SecurityTransparent, so therefore cannot does not have privileges to invoke methods in the BusinessData assembly. Is this correct?

I've tried all sorts of things to get this thing to work even removing [assembly: AllowPartiallyTrustedCallers] from the GlobalAssemblyInfo.cs file, but I get another problem with the .edmx file itself saying it can't load the metadata, so I assume it still has something to do with full trust privileges etc.

I am sure there is a simple answer to this and am sure the guys who developed this SDK wrapper would have consider the fact that people will be extending their SDK to suit individual needs.

What is the best approach for me to ensure abstraction of my data and anything else I want to abstract without having to tie it into the projects provided?

For now and to continue with development and not be tied up in this for too long I've just stored my entity model (edmx) into the models folder of the Facebook.Samples.MvcFacebookApp. This works for now but I would much rather store the edmx in its own project.

Cheers Rob

---

Ok so after I left that problem and moved onto installing log4net as a event logger for my application I came across this site:

http://it.toolbox.com/blogs/daniel-at-work/using-log4net-in-cnet-26794

Essentially I wanted to convert log4net to asp.net 4.0 rather than 1.0/2.0 that it was originally written in. Then after reading through this guys instructions on how he got the old log4net code to work in 4.0 the aha! moment came. Essentially all he needed to do was to put this attribute into his AssemblyInfo.cs file:

[assembly: AllowPartiallyTrustedCallers]

So I did the same for my BusinessData project and updated the AssemblyInfo.cs file there, and hey presto it worked!

After some deep contemplation I figured that what this did was allow my Facebook.Samples.MvcFacebookApp partial privileges to call a SecurityCritical assembly including those objects contained within it. Thus I could go ahead now and call my edmx (EntityDataModel) in this assembly from the Mvc application.

The second fix and is not fully known why this is necessary but it fixes the problem is to copy the connection string from the App.config file to the Web.config file in the Mvc application. For some reason the edmx seemed to try to read from the web.config instead of the App.config for the connection string. So now I have the same connection string in the App.config and Web.config file.

Meh! it works and I'm happy ... moving on!

:-D