- 17.05 (released) ...
The account running the Eiffel CodeDom Provider might have restricted permissions such as when used through ASP.NET. This section aims at defining the security permissions required for the execution of the Eiffel CodeDom Provider.
Eiffel Metadata Cache
Both when generating and compiling source code, the Eiffel CodeDom Provider needs to read and write from and to the Eiffel Metadata Cache. This repository stores the mapping information between .NET and Eiffel names for both types and their members. By default the Eiffel Metadata Cache is located in the Assemblies subfolder of the Eiffel CodeDom Provider directory.The path to the Eiffel Metadata Cache folder might be changed via the Eiffel CodeDom Provider Manager , make sure the new folder can be read from and written to by the account running the process that uses the Eiffel CodeDom Provider.
The same requirements apply to the Precompile Cache folder. By default the Precompile Cache folder is located in the Precompile subfolder of the Eiffel CodeDom directory.As with the Eiffel Metadata Cache folder, it is possible to change the location of the Precompile Cache folder but the process running the Eiffel CodeDom Provider must always have read and write access to the folder.
Logging requires registry read access as well as event log write access. By default, the ASP.NET worker process does not have these permissions. The easiest way to grant the required permissions to the ASP.NET worker process is by using ASP.NET impersonation. This mechanism allows the ASP.NET worker process to run under a different account. This is done by providing a web.config file in the root folder of the ASP.NET application. The content of the configuration file needs to include the following declaration:
<identity impersonate="true" userName="Username" password="Password"/>
Username is the name of an account which has all the required permissions and
Password the corresponding password. Refer to the .NET Framework SDK documentation for additional information on ASP.NET impersonation.
The solution described above might not be acceptable on a production web server. However, it is possible to configure the Eiffel CodeDom Provider to log events on a different machine (see Eiffel CodeDom Provider Manager ). The log machine should grant the appropriate permissions to the impersonated account for logging and could only be accessible through the web server. This setting would avoid having to grant additional permissions to the ASP.NET worker process account on the web server while still enabling logging.