I’m trying to implement email functionality in my application that runs in a medium trust hosting environment. The email sending feature works perfectly when running under full trust, but I get security exceptions when deployed to medium trust.
The error I’m encountering looks like this:
[SecurityException: Request for permission of type 'System.Net.Mail.SmtpPermission' was denied]
After checking the configuration files, I discovered that SMTP permissions are limited to Connect access only:
<SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System"/>
<IPermission class="SmtpPermission" version="1" Access="Connect"/>
From what I understand, Connect permission only allows connections on port 25, but Gmail’s SMTP service operates on port 587. Has anyone found a way to work around this limitation or alternative approaches for sending emails through Gmail in medium trust scenarios?
same exact headache with gmail smtp on medium trust here. gave up fighting the smtp restrictions and switched to a web api approach instead - worked perfectly and killed all those security exceptions.
I faced a similar issue with email functionality in a medium trust scenario. Utilizing third-party services such as SendGrid or Mailgun can circumvent the SMTP restrictions effectively. Additionally, many hosting providers offer SMTP relay that could simplify the process. If you are determined to use Gmail’s SMTP, consider implementing a backend service running in full trust that can interface with your application. This may involve extra development effort, but it ultimately helps in overcoming the limitations of medium trust.
You’re correct in identifying the Connect permission as the challenge. Medium trust environments severely limit SMTP options. In my experience, using HTTP-based email APIs like SendGrid, Amazon SES, or Mailgun provides a robust solution since they rely on standard REST calls instead of SMTP. Additionally, it’s worth checking if your hosting provider offers a local SMTP service that operates on port 25, compatible with the Connect permission. While switching to an API may require some code adjustments, the benefits in delivery rates and monitoring make it a worthwhile investment.