binary serialization get security exception when deployed to web server

Question

User-316642778 posted

 I have a class in my asp.net web project written in c# its a binary serialization and de-serialization function. It works find in my local but when I uploaded it in the web server it post me and error.

 Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

This is my code:
<code lang="c#">
[System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Assert,Unrestricted=true)]  
    public class Click2PaySecurity
    {
         public static string Serialize(string str)
        {
            IFormatter serializer = new BinaryFormatter();
            MemoryStream memStream = new MemoryStream();
            object request = (object)str;

            serializer.Serialize(memStream, request);

            byte[] arrSerialize = memStream.ToArray();

            memStream.Flush();
            memStream.Close();

            return Convert.ToBase64String(arrSerialize);
        }
     }
</code>

Answer 1

User-46888941 posted

Hi,

Try to skip the attribute, or check if you can get a higher trust level on the server.

Answer 2

User-316642778 posted

 Before I put the attribute I already had that error. I believe godaddy has a meduim trust level of security permission. Is there any work around with this

so that my serialization would work?

 

Thanks

Answer 3

User-46888941 posted

Hi,

Try this in web.config with and without that attribute:

<trust level="Medium" originUrl="" />

Answer 4

User-316642778 posted

 I got this error after I put <trust level="Medium" originUrl="" />

 

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: This configuration section cannot be used at this path.  This happens when the site administrator has locked access to this section using <location allowOverride="false"> from an inherited configuration file.

Source Error:

Line 80: </pages> Line 81: Line 82: <trust level="Medium" originUrl="" /> Line 83: <!-- Line 84: The <authentication> section enables configuration

Source File: d:\hosting\clicktopaynow\Click2PayNowDotNet\web.config    Line: 82

---

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

 

Answer 5

User-46888941 posted

Seems like you can´t use binary serialization with medium trust.. Sorry.

http://apnasaathi.blogspot.com/2007/08/binary-serialization-and-medium-trust.html

Answer 6

User-316642778 posted

 so is it recommended to change it to xml serialization? how secure is xml serialization? because ill be sending data over the wire

hope you have any suggestion.

 

thanks

Answer 7

User-46888941 posted

Exactly what are you doing?

If you need to be sure the data is safe you should use SSL.

Answer 8

User-316642778 posted

 I need to send a batch of data from my database over the wire that is why I need it to be serialized

and then the one who receive the serialized data should deserialize it to read the data.

Answer 9

User-46888941 posted

Okay, Xml serialization should work fine. But remember, SSL is making it more secure.

Answer 10

User-316642778 posted

 Thanks for the reply. I am considering also to upgrade my godaddy account to support full trust.

My question is, is full trust level vulnerable to hacker attack? if you any idea hope you share it with me

 

thanks

Answer 11

User-46888941 posted

Hi,

You can use things like reflection, so if you use that in the "wrong way", someone can call other assemblies and things.

But you shouldn´t have to care about it.

Answer 12

User2039630668 posted

Hi Chriskuizon,

I had the same problem & when I add this line of code

[SecurityPermissionAttribute(SecurityAction.Assert, SerializationFormatter = true)]

this error was removed but another security error appeared on the line where I access my database

see the link: http://www.go-mall.com/halla/

try to use that line in your project it may help.

And let me know if you solved your problem, it may help me as well.

Regards

Answer 13

User2039630668 posted

I've the same problem can u explain how could I convert the following code to Xml serialization

BinaryFormatter b = new BinaryFormatter();

MemoryStream m;

foreach (var obj in Session)

{ m =new MemoryStream();

  b.Serialize(m, obj);

  totalSessionBytes += m.Length;

}

where obj is an object of type System.Data.DataTable

I've been facing this problem & can't solve it 2 months ago

thx