locked
binary serialization get security exception when deployed to web server RRS feed

  • Question

  • User-316642778 posted

     I have a class in my asp.net web project written in c# its a binary serialization and de-serialization function. It works find in my local but when I uploaded it in the web server it post me and error.

     Security Exception
    Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    This is my code:
    <code lang="c#">
    [System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Assert,Unrestricted=true)]  
        public class Click2PaySecurity
        {
             public static string Serialize(string str)
            {
                IFormatter serializer = new BinaryFormatter();
                MemoryStream memStream = new MemoryStream();
                object request = (object)str;

                serializer.Serialize(memStream, request);

                byte[] arrSerialize = memStream.ToArray();

                memStream.Flush();
                memStream.Close();

                return Convert.ToBase64String(arrSerialize);
            }
         }
    </code>

    Wednesday, May 13, 2009 11:14 AM

Answers

All replies

  • User-46888941 posted

    Hi,

    Try to skip the attribute, or check if you can get a higher trust level on the server.

    Wednesday, May 13, 2009 1:02 PM
  • User-316642778 posted

     Before I put the attribute I already had that error. I believe godaddy has a meduim trust level of security permission. Is there any work around with this

    so that my serialization would work?

     

    Thanks

    Wednesday, May 13, 2009 1:51 PM
  • User-46888941 posted

    Hi,

    Try this in web.config with and without that attribute:

    <trust level="Medium" originUrl="" />

    Wednesday, May 13, 2009 2:02 PM
  • User-316642778 posted

     I got this error after I put <trust level="Medium" originUrl="" />

     

    Configuration Error

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: This configuration section cannot be used at this path.  This happens when the site administrator has locked access to this section using <location allowOverride="false"> from an inherited configuration file.

    Source Error:

    Line 80: 		</pages>
    Line 81:
    Line 82: <trust level="Medium" originUrl="" />
    Line 83: <!--
    Line 84: The <authentication> section enables configuration

    Source File: d:\hosting\clicktopaynow\Click2PayNowDotNet\web.config    Line: 82


    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

     

    Wednesday, May 13, 2009 2:18 PM
  • User-46888941 posted

    Seems like you can´t use binary serialization with medium trust.. Sorry.

    http://apnasaathi.blogspot.com/2007/08/binary-serialization-and-medium-trust.html

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 13, 2009 2:42 PM
  • User-316642778 posted

     so is it recommended to change it to xml serialization? how secure is xml serialization? because ill be sending data over the wire

    hope you have any suggestion.

     

    thanks

    Wednesday, May 13, 2009 3:15 PM
  • User-46888941 posted

    Exactly what are you doing?

    If you need to be sure the data is safe you should use SSL.

    Wednesday, May 13, 2009 4:03 PM
  • User-316642778 posted

     I need to send a batch of data from my database over the wire that is why I need it to be serialized

    and then the one who receive the serialized data should deserialize it to read the data.

    Wednesday, May 13, 2009 4:15 PM
  • User-46888941 posted

    Okay, Xml serialization should work fine. But remember, SSL is making it more secure.

    Wednesday, May 13, 2009 4:23 PM
  • User-316642778 posted

     Thanks for the reply. I am considering also to upgrade my godaddy account to support full trust.

    My question is, is full trust level vulnerable to hacker attack? if you any idea hope you share it with me

     

    thanks

    Thursday, May 14, 2009 10:52 AM
  • User-46888941 posted

    Hi,

    You can use things like reflection, so if you use that in the "wrong way", someone can call other assemblies and things.

    But you shouldn´t have to care about it.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 14, 2009 11:04 AM
  • User2039630668 posted

    Hi Chriskuizon,

    I had the same problem & when I add this line of code

    [SecurityPermissionAttribute(SecurityAction.Assert, SerializationFormatter = true)]

    this error was removed but another security error appeared on the line where I access my database

    see the link: http://www.go-mall.com/halla/

    try to use that line in your project it may help.

    And let me know if you solved your problem, it may help me as well.

    Regards

    Tuesday, March 5, 2013 8:05 AM
  • User2039630668 posted

    I've the same problem can u explain how could I convert the following code to Xml serialization

    BinaryFormatter b = new BinaryFormatter();

    MemoryStream m;

    foreach (var obj in Session)

    { m =new MemoryStream();

      b.Serialize(m, obj);

      totalSessionBytes += m.Length;

    }

    where obj is an object of type System.Data.DataTable

    I've been facing this problem & can't solve it 2 months ago

    thx

    Tuesday, March 5, 2013 9:27 AM