After working on an ASP.NET MVC 5 site for months, I set off, ready to find a Windows web host to move the site to production. Thus far, I’ve only bought Linux hosting packages from several different providers and had limited knowledge of Windows hosting outside of local IIS development.
After some research (not enough, obviously) I landed on using HostGator as my Windows web host. I already use HostGator for a few of my PHP sites, and their Windows hosting looked like exactly what I was looking for: cheap and reliable. I compared their Windows hosting packages and added one of the shared plans to my account. “Perfect!” I thought to myself, as I waited for my initial FTP transfer of the site to move over onto the HostGator server.
Security ExceptionDescription: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
After double and triple checking the application’s settings using HostGator’s control panel, I decided to try their chat support. After around 40 minutes of waiting, I was greeted by their level 1 support chat staff. This person realized they were unable to help, and transferred me to chat level 2. Insert another 40 minutes of waiting here. HostGator support 2 person says they are unable to help me because they doesn’t have the tools to look at the server.
A support ticket is opened for me and I get an email a while later telling me that HostGator shared Windows hosting only supports medium trust applications, and not full trust:
Upon visiting ‘http://shopremit.com/‘ I am presented with a permission error as the application that you are attempting to run on the server needs full trust, but the server only allows medium trust applications to be hosted.
This caught me by surprise, as I had even set the (apparently fake) option in the HostGator control panel for my site.
As of this date, September 2016, ASP .NET MVC 6 is the latest version of Microsoft’s MVC framework. Support for medium trust applications using .NET MVC died with MVC version 4 (which was released in 2012). If removing support for it wasn’t enough, Microsoft even released this article warning against using it:
Code Access Security in .NET Framework should not be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects.
Not only is HostGator saying they only support technology up to 2012, they are actively using unsafe practices for all of their windows hosting customers.
I asked the HostGator customer service representative to invoke the “Money Back Guarantee!” that I had seen during check out.
As a previous HostGator customer, I was not applicable for the “guarantee”. Note there are no asterisks or footnotes regarding this in the screen shot above.
Please note that our 45-day Money Back Guarantee is only applicable for new customers trying our services for the first time.
My choice of actions were to: 1) reconfigure my application to run on medium trust, which meant to rebuild it using the old 2012 MVC 4, or 2) to cancel my plan and find a new web host.
Needless to say, I moved everything that same day to WinHost. I had my site up and running within 15 minutes. WinHost is much easier to use than HostGator Windows hosting, supports the latest releases of Windows frameworks, and has comparable pricing.