Libraries in my toolkit - Another lesson in Partial Trust


I compiled a list of the libraries we use day-to-day in my company. There are a couple of home-grown libraries, but most are commercially available, or open source.

"Yeah great... another person telling us which libraries they use...". I hear you all say... The reason I've done this is because nearly all our sites operate under a partial trust environment. To get some of these libraries working under partial trust I've done the following:

  • I've recompiled them myself
  • I've had to provide detailed instructions on how to replicate issues
  • I've been told "BAD LUCK", we're not going to bother getting our dll working, so find a new one. (This was my personal favourite)

All this and the only error you usually get is the dreaded "SecurityException" and an obfuscated stack trace.

So, here they are... the libraries I use with great success.

Libraries I Use


This library is used to display a modal popup when a long-running process is occurring.


We use it for a couple of reasons:

  1. to let the user know they really did press that "FINISH" button 
  2. to stop the user from pressing that "FINISH" button again

This library relies on the following:

  • ICSharpCode.SharpZipLib.dll

To get this to work under partial trust, we needed to recompile both dll's.

BusyBoxDotNet website

Aspose.Words, Aspose.Pdf

These 2 libraries combined make up an AWESOME PDF generator. The ability to have one of our clients create their own report in Word using mail merge fields, and for us to deploy just a .doc file to a server is FANTASTIC.

It took a little while for us to get this working under a partial trust environment. A couple of issues were logged with ASPOSE to rectify some things, but it all worked out in the end. This library is now working extremely well. Getting it working fast (less than 0.5 seconds per document) with Unicode characters and using all fonts (not just the default PDF fonts of Times and Courier) was an interesting exercise. I'll try to publish an article in the near future about how we got this working...

Basically we can go from a Word document like this below...


To a PDF document like this...


Aspose Website


This is a relatively new library for us and it does mostly what we need. There are a few things I've noticed about not running under partial trust. This is usually around setting and executing excel formulas in cells. Lucky for us, we use this mostly as a reporting tool and just dump tabular data into a spreadsheet.


For more general PDF manipulation, we use iTextSharp. We use this library for the following (using a helper library we've created):

  • joining 2 or more PDF files into 1 to email to a user (rather than making a user download 4 PDF files, we roll them all up into 1 PDF and send that to them instead.... it make it easier for them to print that way)
  • watermarking an existing PDF

You can use iTextSharp to do PDF generation, but its extremely low-level. Given the amount of times end-users change their mind when it comes to documents generated from our systems, it was well worth the money to ASPOSE to allow users to create their documents in Word.

To get iTextSharp working under partial trust, we had to sign and recompile the whole library (and a related library from memory)

Microsoft Enterprise Library

We just use the Data Access Layer functionality from EntLib version 3.1 (and probably just a really small portion of that). We run all our data access through stored procedures and usually return either DataSets or DataReaders (depending on what we need).

To get this working under partial trust was a MAMMOTH effort. The compiled libraries didn't come signed or partially trusted... thus they didn't work. We had to recompile the whole enterprise library.
NOTE: I think the compiled libraries available for download are now signed.

Enterprise Library website


NLog is a really good logging library. We've use it in every project we start now.

We believe that when designing and writing applications, supportability is key.
When logging information we keep the following information:

  • every stored procedure we run (including all the aspnet membership SPs). We re-wrote them to include logging. Basically every stored proc run logs to a table before it exits
  • every page execution (who, when and how long it took to run). I do this as a page handler (I'll try to write about this in the future)
  • any exception (we have a global error page that handles errors which logs and display a friendly error to the user)
  • anything else we way think necessary to help with diagnosis or supportability. eg run-times of reports

To get NLog working under partial trust required us to recompile the whole library from source.

Nlog Website

AJAX - AjaxControlToolKit, System.Web.Extensions

What web application could you start now without including AJAX somewhere in there???. For AJAX we use:

  • System.Web.Extensions
  • AjaxControlToolkit
  • NhsCui toolkit - We used this primarily for the "time picker" control. A very nice one... I like it. This was a pain to get working under partial trust though... In the file "CommonAssemblyInfo.cs" there is an attribute which requests full trust. In this web application this wasn't necessary, and works when you remove this attribute.

    [assembly: PermissionSet(SecurityAction.RequestMinimum, Name = "FullTrust")]


We use NVelocity as our templating engine. Basically we use it as a mail-merge engine where we really just want either HTML or text as our output. We have wrapped a helper library around the standard NVelocity library as we don't use any of the functionality that reads templates from .vm files. We always pass in the template (usually stored in the DB) and our "merge fields" and retrieve the output from NVelocity.

NVelocity website

Home Grown Libraries we use for nearly every project

There are a couple of other home-grown libraries we use in almost every project.

Running our applications on our hosting server, we can't get access to any IIS settings, specifically relating to SSL. Instead we have a HttpHandler that intercepts the page request, and redirects it to the same page, but using SSL.

Post Code Picker
This control is similar to a Date Picker or Colour Picker. This control was written as a Extender using the AjaxControlToolkit and then turned into a composite user control. The user enters in the "Post Code" (Zip Code) and a list of available Suburbs (and States) appear retrieved from a web service.



Convert RTF to text
One of our applications requires us to interface with an application that stores data in a BLOB field formatted as Rich Text (RTF). We've written a convertor that takes the raw RTF data and converts it to raw text (removes all formatting codes etc.). I'll try to publish how we do this later as well.

ABN Lookup helper
The Australian Government allows us to access company records using a publicly exposed web service. In Australia (as with most countries I guess) each company has an ABN (Australian Business Number). This web service is great, as is stops duplicate records from being entered in applications we've written and verifies that the ABN that a client has given us is really theirs.

We've written a helper wrapper around the web service and drop this into our applications as a library, rather than reference the web service directly in every application we write.

Payment Provider (Commerce Starter Kit)
In quite a few of our applications we have to interface with a payment gateway to process credit card transactions. We've taken the Payment Gateway provider that came with the original Commerce Starter Kit and re-rolled it. This allows us to:

  • use the provider based model to connect to different gateways
  • plug in a test gateway that approves all transactions (this is good for testing as most payment gateways use the cents value of the transaction to approve/decline a payment). eg 00 cents will pass, but 02 cents will return an error... Error number 02..


  • Thanks for sharing would be very interested in your rtf parsing library if u care to share!

  • Nice article.

  • Btw Aspose.Words now has its own rendering to PDF and also rendering to XPS.

  • @romeok - I've tried this version a little while ago (probably in the last 6 months), but I wasn't able to get it working under partial trust. Ended up getting the dreaded SecurityException.

    I thought I'd give it a quick go to see if the native PDF rendering was quicker the going through Words, then PDF, but because of the Exception, and also what we've got already works, I parked this.

    I should probably re-try this as I was going to write an article sometime soon about rendering PDFs using ASPOSE in Partial Trust.

  • @kevin - We're running the 1.0 version of NLog. I haven't tried to use the latest v2.0. I was thinking about writing a post on how to get NLog to run in partial trust as there is another fix in the v1.0 code of the FileAppender that you need to change to allow partial trust to work. If you don't make this change, NLog runs without problem (no SecurityException), but if you try to use a File target, it will swallow all output.

    I think you just given me the prod I needed to write this post....


    PS: did you strong name sign the DLL?

Comments have been disabled for this content.