Configuring Log4Net with ASP.NET 2.0 in Medium Trust

log4net logging aspnet 0 comments suggest edit

UPDATE: Mea Culpa! It seems like Log4Net has no problems with medium trust and an external log4net file. I have written an updated post that talks about the problem I did run into and how I solved it.

A while ago I wrote a quick and dirty guide to configuring Log4Net for ASP.NET. Unfortunately, this technique does not work with ASP.NET 2.0 when running in medium trust.. This technique continues to work with medium trust!

While digging into the problem I found this blog post (from an aptly titled blog) by Kevin Jones.

This article from Microsoft discusses the ramifications of running ASP.NET 2.0 in medium trust more thoroughly. Here is a list of constraints placed on medium trust applications.

The main constraints placed on medium trust Web applications are:

  • OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.
  • EventLogPermission is not available. This means you cannot access the Windows event log.
  • ReflectionPermission is not available. This means you cannot use reflection.
  • RegistryPermission is not available. This means you cannot access the registry.
  • WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the <trust> element.
  • FileIOPermission is restricted. This means you can only access files in your application’s virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application’s virtual directory hierarchy.

You are also prevented from calling unmanaged code or from using Enterprise Services.

Fortunately there is a way to specify that a configuration section within web.config should not require ConfigurationPermission. Simply add the requirePermission="false" attribute to the <section> declaration within the <configSections> area like so:

    <section name="log4net" 
      , log4net"     

Unfortunately this applies to configuration sections within the web.config file. I have not found a way to specify that ASP.NET should not require ConfigurationPermission on an external configuration file. As I stated in my post on Log4Net, I prefer to put my Log4Net configuration settings in a separate configuration file. If anyone knows a way to do this, please let me know!

So in order to get Log4Net to work, I added the declaration above to the web.config file and copied the settings within the Log4Net.config file (pretty much cut and paste everything except the top xml declaration) into the web.config file. I then removed the assembly level XmlConfigurator attribute from AssemblyInfo.cs as it is no longer needed. Instead, I added the following line to the Application_Start method in Global.asax.cs.

protected void Application_Start(Object sender, EventArgs e)

So in summary, here are the changes I made to get Log4Net to work again in medium trust.

  • Added the log4Net section declaration in the configSections section of web.config and made sure the requirePermission attribute is set to the value false.
  • Moved the log4Net settings into web.config.
  • Removed the assembly attribute XmlConfigurator
  • Added the call to XmlConfigurator.Configure() to the Application_Start method in Global.asax.cs.

I have been working on getting the version of Subtext in our Subversion trunk to run in a medium trust environment, but there have been many challenges. Some of the components we use do not appear to run in a medium trust environment such as the FreeTextBox. Fortunately, we have a workaround for that issue which is to change the RichTextEditor node in web.config to use the PlainTextRichTextEditorProvider (which is a mouthful and should probably be renamed to PlainTextEditorProvider).

Found a typo or error? Suggest an edit! If accepted, your contribution is listed automatically here.



16 responses

  1. Avatar for July 9th, 2006

    You've been kicked (a good thing) - Trackback from

  2. Avatar for Joe Brinkman
    Joe Brinkman July 9th, 2006

    Couple of notes:
    1. Reflection is restricted but not eliminated in medium trust. The real restriction is that you can reflect non-public members of a type. So as long as you limit your reflection to public members then relection is permissible. This is why you can serialize objects with the XMLSerializer and not the Binary Serializer. XML only serializes public members while binary serialization serializes all state including private variables, hence it will not work in medium trust.
    2. FreeTextBox has been running for DotNetNuke in Medium Trust for almost 2 years. I do not think we do anything special to make it work. I will check further, but it is something that definitely is possible.
    3. You may want to investigate the FCK Editor which, according to many users, provides a much better editor. A provider was just put out for DotNetNuke for this editor and it is likely that this will become the default editor for DNN.
    4. Lastly, we use multiple config files throughout DNN so I am not sure where the disconnect is here. Maybe we can coordinate via email to track down this issue.

  3. Avatar for Haacked
    Haacked July 9th, 2006

    Joe, thanks for the feedback. We actually do have an FCK Editor provider which I will talk about. I just haven't personally tested it so I couldn't be sure it works in Medium trust.
    Regarding #4, do you access those config files via the new Configuration APIs? How do you get around the need for ConfigurationPermission?

  4. Avatar for Griff Townsend
    Griff Townsend July 11th, 2006

    This is not a direct answer for the multiple config file issue, but a workaround for log4net that may help.
    log4net has a method:
    log4net.Config.DOMConfigurator.Configure(XmlElement element) that would allow you to access configuration from any text file that is compatible with the log4net xml structure.
    We actually use this method to read from a resource file (.resx) that we include with our base framework (which is platform independent) and use this method to add the settings. Since log4net is cumulative on appenders, it works pretty well, even in ASP.NET 2.0.

  5. Avatar for Ron Grabowski
    Ron Grabowski July 11th, 2006

    Log4net has detailed internal debugging messages that explain why things are not working. Most FileAppenders fail because the application is setup with incorrect permissions to create files.
    This page exlpains how to enable log4net internal debugging:
    Join/search the mailing lists if you want more detailed help!
    Ron Grabowski
    log4net developer

  6. Avatar for Rexiology@MSDN
    Rexiology@MSDN June 18th, 2007

    Just encountered this problem right now and quickly write the solution here. Should be an old info since

  7. Avatar for Rexiology::Work
    Rexiology::Work June 18th, 2007

    crosspost from Just encountered this problem right now and quickly write

  8. Avatar for rajkumar sharma
    rajkumar sharma August 2nd, 2007

    You said that Medium trust doesn't allow Binary Serialization.
    My Question is "Whether there is some Fixing ( means some code ) so that Binary Serialization can work in Medium trust.

  9. Avatar for Haacked
    Haacked August 2nd, 2007

    @rajkumar A system administrator can customize a medium trust policy to make it work. I'm not sure on the specifics.

  10. Avatar for bach
    bach October 4th, 2007

    Dear Sir,
    Thank you for providing the information. However, you have made a lot of assumptions in your article that make it hard to recreate. Can you be more concise as to what xml element goes where in the web.config? I am having a hard time guessing of what to do while trying to follow your code.

  11. Avatar for Mike Knowles
    Mike Knowles March 26th, 2009

    Great post, thank you! This is exactly what I needed to get things working with GoDaddy hosting service.

  12. Avatar for Robertjan Tuit
    Robertjan Tuit December 17th, 2009

    Would it not be easier to use one extension method:
    public static class LoggerExtension
    public static ILog Logger(this object obj)
    var logger = LogManager.GetLogger(obj.GetType());
    return logger;

  13. Avatar for Robertjan Tuit
    Robertjan Tuit December 17th, 2009

    [Sorry for the recomment, I mistype the code block]
    Would it not be easier to use one extension method:

    public static class LoggerExtension
    public static ILog Logger(this object obj)
    var logger = LogManager.GetLogger(obj.GetType());
    return logger;

  14. Avatar for Ashish Kumar
    Ashish Kumar August 30th, 2011

    I am still having trouble having log4net to work on GoDaddy. I followed all the steps. The log file does get created with no contents. I get the following error:
    ystem.Web.Services.Protocols.SoapException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

  15. Avatar for Erik
    Erik September 25th, 2011

    Exactly the solution I was looking for. My error message was:
    log4net: XmlConfigurator: Application config file location unknown
    Just to direct any search at this easy yet not obvious solution.

  16. Avatar for Renan Serrano Torres
    Renan Serrano Torres July 13th, 2017


    I have a shared host with Medium Trust where I can't get the log4net working.

    I tryed to follow you directions but I don't know if something has changed since your article is from 2006. I'm using Asp.Net 4.5

    I would be happy if you could help me.

    Thank you.