Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
microsoft.public.dotnet.framework.remoting
Re: Deserialization in .NET Remoting
Allen Anderson
7/7/2004 2:42:00 PM
this is a basic security change Microsoft made from 1.0 to 1.1 of the
..net framework. Check out this article for more information.
http://www.glacialcomp...
/ArticleDetail.aspx?articleID=Serializatio...
Cheers,
Allen Anderson
http://www.glacialcomp...
mailto: allen@put my website base here.com
On Thu, 1 Jul 2004 07:19:02 -0700, Tom <Tom@discussions.microsoft.com>
wrote:
>The chapter 4 lab, "Creating and Consuming .NET Remoting Objects", in the book "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Visual C# .NET" (Exams 70-310 and 70-320) directs you to create a chat application. The application consists of a ChatCoordinator class, Server class and Client class.
>
>Attempting to start Client.exe using the v1.1 .NET Framework generates the following error:
>
>Unhandled Exception: System.Security.SecurityException: Type System.DelegateSerializationHolder and the types derived from it (such as System.DelegateSerializationHolder) are not permitted to be deserialized at this security level.
>
>Using the information contained in the article "Automatic Deserialization in .NET Remoting" in the ".NET Framework Developer's Guide", I modified the application configuration files (Central.config, Client.config) to set the typeFilterLevel attribute of the <formatter> element to to "Full" to solve the problem.
>
>In the Central.config file used by Server.exe modify the channel configuration:
>
> <channel ref="http" port="8080">
> <serverProviders>
> <formatter ref="soap" typeFilterLevel="Full" />
> </serverProviders>
></channel>
>
>In the Client.config file used by Client.exe modify the channel configuration:
>
><channel ref="http" port="0">
> <serverProviders>
> <formatter ref="soap" typeFilterLevel="Full" />
> </serverProviders>
></channel>
>
>These changes to the application configuration files resolved the error. I was able to run without error the chat application demonstrating the creation and consuming of .NET remoting objects.
>
3 Answers
Snowy
7/8/2004 3:09:00 PM
0
Allen:
What I don''t understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.
Any idea why?
Here''s the code listing:
This sample app is a remoting server hosted in a windows service with a console client. I''m listing the code below.
First the remoting interface:
public interface IDoStuff{
void setStuff(Stuff stf);
Stuff getStuff();
}
Stuff is a simple serialized class WITHOUT implementing ISerializable:
[Serializable]
public class Stuff {
private string id;
public string ID {
get{ return id; }
set{ id = value; }
}
}
Now the remoting server that implements IDoStuff:
public class TestServiceCtrl : MarshalByRefObject, IDoStuff
{
void IDoStuff.setStuff(Stuff stf){
// Util.WriteLog code not shown here
Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
}
Stuff IDoStuff.getStuff(){
Stuff s = new Stuff();
s.ID = "ID_" + DateTime.Now;
Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
return s;
}
}
And the windows service that exposes the remoting server:
protected override void OnStart(string[] args)
{
IChannel ch = new TcpChannel(50015);
ChannelServices.RegisterChannel(ch);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(TestServiceCtrl),
"testremote",
WellKnownObjectMode.Singleton);
Util.WriteLog("OnStart called, TestServer at port 50015");
}
And finally the client:
class TestClient
{
static void Main(string[] args)
{
new TestClient().run();
}
public void run(){
Type type = typeof(IDoStuff);
IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
Stuff s = ctrl.getStuff();
Console.WriteLine("Client got stuff: " + s.ID);
s.ID += "_client";
Console.WriteLine("Client setting stuff: " + s.ID);
ctrl.setStuff(s); // line 26
}
}
at line 26, following exception is thrown:
Unhandled Exception: System.Runtime.Serialization.SerializationException:
Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demand
Set, PermissionSet& alteredDemandSet)
at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
--- End of inner exception stack trace ---
"Allen Anderson" wrote:
> this is a basic security change Microsoft made from 1.0 to 1.1 of the
> ..net framework. Check out this article for more information.
>
>
http://www.glacialcomp...
/ArticleDetail.aspx?articleID=Serializatio...
>
> Cheers,
> Allen Anderson
>
http://www.glacialcomp...
> mailto: allen@put my website base here.com
>
Allen Anderson
7/8/2004 9:17:00 PM
0
so does it actually work though if you kick the type filter level up
to full?
On Thu, 8 Jul 2004 08:09:03 -0700, "Snowy"
<tang_ai@hotmail.com.(donotspam)> wrote:
>Allen:
>
>What I don''t understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.
>
>Any idea why?
>
>Here''s the code listing:
>
>This sample app is a remoting server hosted in a windows service with a console client. I''m listing the code below.
>
>First the remoting interface:
>
> public interface IDoStuff{
> void setStuff(Stuff stf);
> Stuff getStuff();
> }
>
>Stuff is a simple serialized class WITHOUT implementing ISerializable:
>
> [Serializable]
> public class Stuff {
> private string id;
> public string ID {
> get{ return id; }
> set{ id = value; }
> }
> }
>
>Now the remoting server that implements IDoStuff:
>
> public class TestServiceCtrl : MarshalByRefObject, IDoStuff
> {
> void IDoStuff.setStuff(Stuff stf){
> // Util.WriteLog code not shown here
> Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
> }
>
> Stuff IDoStuff.getStuff(){
> Stuff s = new Stuff();
> s.ID = "ID_" + DateTime.Now;
> Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
> return s;
> }
> }
>
>And the windows service that exposes the remoting server:
>
> protected override void OnStart(string[] args)
> {
> IChannel ch = new TcpChannel(50015);
> ChannelServices.RegisterChannel(ch);
> RemotingConfiguration.RegisterWellKnownServiceType(typeof(TestServiceCtrl),
> "testremote",
> WellKnownObjectMode.Singleton);
> Util.WriteLog("OnStart called, TestServer at port 50015");
> }
>
>And finally the client:
>
> class TestClient
> {
> static void Main(string[] args)
> {
> new TestClient().run();
> }
>
> public void run(){
> Type type = typeof(IDoStuff);
> IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
> Stuff s = ctrl.getStuff();
> Console.WriteLine("Client got stuff: " + s.ID);
> s.ID += "_client";
> Console.WriteLine("Client setting stuff: " + s.ID);
> ctrl.setStuff(s); // line 26
> }
> }
>
>at line 26, following exception is thrown:
>
>Unhandled Exception: System.Runtime.Serialization.SerializationException:
>Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
> at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demand
>Set, PermissionSet& alteredDemandSet)
> at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
> at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
> --- End of inner exception stack trace ---
>
>
>"Allen Anderson" wrote:
>
>> this is a basic security change Microsoft made from 1.0 to 1.1 of the
>> ..net framework. Check out this article for more information.
>>
>>
http://www.glacialcomp...
/ArticleDetail.aspx?articleID=Serializatio...
>>
>> Cheers,
>> Allen Anderson
>>
http://www.glacialcomp...
>> mailto: allen@put my website base here.com
>>
Snowy
7/9/2004 2:59:00 AM
0
Yes it did work if I set the typeFilterLevel = Full, it''s just I don''t see why I need to do that in my case, since based on the documentation, I should not need to...
"Allen Anderson" wrote:
> so does it actually work though if you kick the type filter level up
> to full?
>
>
> On Thu, 8 Jul 2004 08:09:03 -0700, "Snowy"
> <tang_ai@hotmail.com.(donotspam)> wrote:
>
> >Allen:
> >
> >What I don''t understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.
> >
> >Any idea why?
> >
> >Here''s the code listing:
> >
> >This sample app is a remoting server hosted in a windows service with a console client. I''m listing the code below.
> >
> >First the remoting interface:
> >
> > public interface IDoStuff{
> > void setStuff(Stuff stf);
> > Stuff getStuff();
> > }
> >
> >Stuff is a simple serialized class WITHOUT implementing ISerializable:
> >
> > [Serializable]
> > public class Stuff {
> > private string id;
> > public string ID {
> > get{ return id; }
> > set{ id = value; }
> > }
> > }
> >
> >Now the remoting server that implements IDoStuff:
> >
> > public class TestServiceCtrl : MarshalByRefObject, IDoStuff
> > {
> > void IDoStuff.setStuff(Stuff stf){
> > // Util.WriteLog code not shown here
> > Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
> > }
> >
> > Stuff IDoStuff.getStuff(){
> > Stuff s = new Stuff();
> > s.ID = "ID_" + DateTime.Now;
> > Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
> > return s;
> > }
> > }
> >
> >And the windows service that exposes the remoting server:
> >
> > protected override void OnStart(string[] args)
> > {
> > IChannel ch = new TcpChannel(50015);
> > ChannelServices.RegisterChannel(ch);
> > RemotingConfiguration.RegisterWellKnownServiceType(typeof(TestServiceCtrl),
> > "testremote",
> > WellKnownObjectMode.Singleton);
> > Util.WriteLog("OnStart called, TestServer at port 50015");
> > }
> >
> >And finally the client:
> >
> > class TestClient
> > {
> > static void Main(string[] args)
> > {
> > new TestClient().run();
> > }
> >
> > public void run(){
> > Type type = typeof(IDoStuff);
> > IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
> > Stuff s = ctrl.getStuff();
> > Console.WriteLine("Client got stuff: " + s.ID);
> > s.ID += "_client";
> > Console.WriteLine("Client setting stuff: " + s.ID);
> > ctrl.setStuff(s); // line 26
> > }
> > }
> >
> >at line 26, following exception is thrown:
> >
> >Unhandled Exception: System.Runtime.Serialization.SerializationException:
> >Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
> > at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demand
> >Set, PermissionSet& alteredDemandSet)
> > at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
> > at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
> > --- End of inner exception stack trace ---
> >
> >
> >"Allen Anderson" wrote:
> >
> >> this is a basic security change Microsoft made from 1.0 to 1.1 of the
> >> ..net framework. Check out this article for more information.
> >>
> >>
http://www.glacialcomp...
/ArticleDetail.aspx?articleID=Serializatio...
> >>
> >> Cheers,
> >> Allen Anderson
> >>
http://www.glacialcomp...
> >> mailto: allen@put my website base here.com
> >>
>
>
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Re: Deserialization in .NET Remoting
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password