2
Vote

Exception in w/.NET 4 and Medium Trust

description

If you try to use the module in a shared hosting environment (like rackspace) you will get the following exception:

Message:Inheritance security rules violated while overriding member: 'DotNetNuke.Modules.Reports.Exceptions.LocalizedText.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

StackTrace:
InnerMessage:Inheritance security rules violated while overriding member: 'DotNetNuke.Modules.Reports.Exceptions.LocalizedText.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.
InnerStackTrace:
at DotNetNuke.Modules.Reports.ReportsController.GetDataSource(String type)
at DotNetNuke.Modules.Reports.ReportsController.ExecuteReport(ReportInfo objReport, String cacheKey, Boolean bypassCache, PortalModuleBase hostModule, Boolean& fromCache)
at DotNetNuke.Modules.Reports.ViewReports.AutoExecuteReport(VisualizerControlBase ctlVisualizer, ReportInfo report, DataTable& results, Boolean fromCache)
at DotNetNuke.Modules.Reports.ViewReports.RunReport()
at DotNetNuke.Modules.Reports.ViewReports.RunReportButton_Click(Object sender, EventArgs e)
at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

The bottom line is that Microsoft changed the security requirements and transparency with .NET 4.

I found 2 solutions
1) Add the following lines to the Assembly.vb file:
<Assembly: AllowPartiallyTrustedCallers()>
<Assembly: SecurityRules(SecurityRuleSet.Level1)>

2) Recode the exceptions to use the SecuritySafe serialization:
CA2140: Transparent code must not reference security critical items
https://msdn.microsoft.com/en-us/library/bb264475.aspx

comments

PatrickF wrote Apr 18, 2015 at 8:38 AM

Solution 1 worked for me with the following minor changes:

AssemblyInfo.vb file modified (not Assembly.vb)

and I had to fully qualify the method calls:

<Assembly: System.Security.AllowPartiallyTrustedCallers()>
<Assembly: System.Security.SecurityRules(System.Security.SecurityRuleSet.Level1)>

leupold wrote Feb 2, 2016 at 11:27 AM

Medium Trust is no longer suggested by Microsoft and DNN now requires Full Trust as well.