Security attributes in the System.Exception class RRS feed

  • Question

  • Hi,

    I was hoping to use the Unity IoC container in .Net 4, but due to the fact that the GetObjectData method previously had SecurityPermission attributes, but now has a SecurityCritical attribute, inheritance security rules are violated (Exception subclass in Unity dlls), which leaves me in something of a pickle. Is there a workaround for this?

    This would presumably be the case in other areas of code also. Is there a definitive list of these changes that may prevent backwards compatibility?

    Thanks in advance

    Monday, January 18, 2010 11:34 AM

All replies

  • So your question in fact is about Exception.GetObjectData and its change of security attributes in 4.0 which are part of overall new security model in .NET 4.0 - http://msdn.microsoft.com/en-us/library/dd233103(VS.100).aspx, right?

    General list of .NET 4.0 (Beta2) breaking changes is here: http://blogs.msdn.com/netfxcompat/archive/2010/01/05/.Net-framework-4-beta-2-compatibility-info.aspx
    Security CAS replacement is described here: http://msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx
    I guess that you need to use the CAS Policy legacy option (but I am not expert on security, so I don't know that for sure).

    I hope it helps,
    Monday, January 18, 2010 4:52 PM
  • Rather than using the LegacySecurityPolicy setting, what you need to do here is to ensure that the Unity DLLs are running with the security transparency model which they were coded for.  That is, since these assemblies were written with the v2 security model in mind, they should run with that model until they are migrated forward.

    You can do this by applying the following assembly level attribute on your Unity DLLs:
    [assembly: SecurityRules(SecurityRuleSet.Level1)]
    Some more information about the differences between the security rule sets can be found here: http://blogs.msdn.com/shawnfa/archive/2009/11/12/differences-between-the-security-rule-sets.aspx

    -Shawn Farkas [MS]
    • Proposed as answer by ShawnFa Monday, January 18, 2010 6:16 PM
    • Unproposed as answer by RichROK Wednesday, January 20, 2010 2:39 PM
    Monday, January 18, 2010 6:16 PM
  • Karel, my question was intended to be more general than solely about one method. I only intended to use that method as an example. With hindsight I see that I didn't word it too well! I shall try again:

    In .Net 4 some methods are now decorated with different security attributes than they were in previous versions. When overriding these methods the relative security accessibilities must match, however if using legacy (not .Net 4) 3rd party assemblies the code is already compiled (metadata has already been generated) and hence we cannot load any type from those assemblies that overrides a method that now has the new SecurityCritical attribute. Is there a workaround/solution for this?

    Thanks Shawn, but I only have the Unity dlls, not the source code, is it still possible to add this metadata?

    Thank you both for your time
    Tuesday, January 19, 2010 10:41 AM