Coming Tuesday - dasBlog 2.0 and Medium Trust
Well, the plan was to get dasBlog running on Medium Trust and 2.0 and releasing quickly.
Of course, the best laid plans of mice and men, right?
- NOTE: Remember, you never need to wait for us, you can always get the code with Subversion (I like TortoiseSVN on Windows, and there's a 64-bit version) using this URL: https://dasblogce.svn.sourceforge.net/svnroot/dasblogce/trunk. This blog, my blog, will almost always be running the "HEAD," meaning, the latest stuff as I am right now. The many dasBlog contributors often run the head. Folks like John Forsythe either run custom modified versions or use Custom Macros to make their sites very unique. If you're a developer, don't be too afraid of living on the edge, er, the "HEAD" of the source tree. Just keep backups! Also, don't forget that we welcome patches. Here's a HOW-TO contribute a patch to an Open Source Project like dasBlog.
We've set the date for the dasBlog 2.0 Medium Trust Release for this coming Tuesday. Personally, I'm compiling it with Visual Studio 2008 with no problems, and I've recently got it dasBlog compiling and running on IIS7 on Vista 64 with very little trouble. It's Not Scary™.
Tony Bunce has a fine write-up on the issues we ran into with dasBlog on Medium Trust. Here's some highlights:
"The goal of medium trust is for hosting providers to provide functional ASP.NET 2.0 hosting while also protecting against rogue or malicious applications. Unfortunately that protection comes at the cost of application flexibility. ...There are a few features that are limited in a medium trust environment: SMTP on alternative ports and Mail to Weblog via POP3...dasBlog will let you know that you don't have these privileges by displaying warnings on the configuration page.
There is some good news though, these limitations won't affect most users. Many hosting providers that run limited trust environments don't run in the default medium trust, but rather a "modified full trust". In that case you may already have all the permissions you need for all of the features to work."
Go check out his post for more details. The most interesting issue we bumped into was that you aren't supposed to be able to call out via HTTP on the server side to any other connections unless they match your originURL in your web.config. In other words, my blog at www.hanselman.com can't call to any other site that isn't hanselman.com. However, you can set you originUrl to a regular expression like ".*" and then you can connect anywhere. Phil Haack noticed this and got the fix from Cathal Connollys.