[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.remoting

RE: Deserialization in .NET Remoting

Snowy

7/8/2004 3:09:00 PM

Tom:

What I don't understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.

Any idea why?

Here's the code listing:

This sample app is a remoting server hosted in a windows service with a console client. I'm listing the code below.

First the remoting interface:

public interface IDoStuff{
void setStuff(Stuff stf);
Stuff getStuff();
}

Stuff is a simple serialized class WITHOUT implementing ISerializable:

[Serializable]
public class Stuff {
private string id;
public string ID {
get{ return id; }
set{ id = value; }
}
}

Now the remoting server that implements IDoStuff:

public class TestServiceCtrl : MarshalByRefObject, IDoStuff
{
void IDoStuff.setStuff(Stuff stf){
// Util.WriteLog code not shown here
Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
}

Stuff IDoStuff.getStuff(){
Stuff s = new Stuff();
s.ID = "ID_" + DateTime.Now;
Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
return s;
}
}

And the windows service that exposes the remoting server:

protected override void OnStart(string[] args)
{
IChannel ch = new TcpChannel(50015);
ChannelServices.RegisterChannel(ch);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(TestServiceCtrl),
"testremote",
WellKnownObjectMode.Singleton);
Util.WriteLog("OnStart called, TestServer at port 50015");
}

And finally the client:

class TestClient
{
static void Main(string[] args)
{
new TestClient().run();
}

public void run(){
Type type = typeof(IDoStuff);
IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
Stuff s = ctrl.getStuff();
Console.WriteLine("Client got stuff: " + s.ID);
s.ID += "_client";
Console.WriteLine("Client setting stuff: " + s.ID);
ctrl.setStuff(s); // line 26
}
}

at line 26, following exception is thrown:

Unhandled Exception: System.Runtime.Serialization.SerializationException:
Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demand
Set, PermissionSet& alteredDemandSet)
at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
--- End of inner exception stack trace ---


"Tom" wrote:

> The chapter 4 lab, "Creating and Consuming .NET Remoting Objects", in the book "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Visual C# .NET" (Exams 70-310 and 70-320) directs you to create a chat application. The application consists of a ChatCoordinator class, Server class and Client class.
>
> Attempting to start Client.exe using the v1.1 .NET Framework generates the following error:
>
> Unhandled Exception: System.Security.SecurityException: Type System.DelegateSerializationHolder and the types derived from it (such as System.DelegateSerializationHolder) are not permitted to be deserialized at this security level.
>
> Using the information contained in the article "Automatic Deserialization in .NET Remoting" in the ".NET Framework Developer's Guide", I modified the application configuration files (Central.config, Client.config) to set the typeFilterLevel attribute of the <formatter> element to to "Full" to solve the problem.
>
> In the Central.config file used by Server.exe modify the channel configuration:
>
> <channel ref="http" port="8080">
> <serverProviders>
> <formatter ref="soap" typeFilterLevel="Full" />
> </serverProviders>
> </channel>
>
> In the Client.config file used by Client.exe modify the channel configuration:
>
> <channel ref="http" port="0">
> <serverProviders>
> <formatter ref="soap" typeFilterLevel="Full" />
> </serverProviders>
> </channel>
>
> These changes to the application configuration files resolved the error. I was able to run without error the chat application demonstrating the creation and consuming of .NET remoting objects.
>
>
1 Answer

Sunny

7/8/2004 4:11:00 PM

0

Hi,
the class Stuff have to be implemented in a separate assembly, which is
accessible (and referenced) both from the client and the server.

Sunny


In article <59E0611C-E434-426C-BE50-FD0D8C1D7D73@microsoft.com>,
tang_ai@hotmail.com. says...
> Tom:
>
> What I don''t understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.
>
> Any idea why?
>
> Here''s the code listing:
>
> This sample app is a remoting server hosted in a windows service with a console client. I''m listing the code below.
>
> First the remoting interface:
>
> public interface IDoStuff{
> void setStuff(Stuff stf);
> Stuff getStuff();
> }
>
> Stuff is a simple serialized class WITHOUT implementing ISerializable:
>
> [Serializable]
> public class Stuff {
> private string id;
> public string ID {
> get{ return id; }
> set{ id = value; }
> }
> }
>
> Now the remoting server that implements IDoStuff:
>
> public class TestServiceCtrl : MarshalByRefObject, IDoStuff
> {
> void IDoStuff.setStuff(Stuff stf){
> // Util.WriteLog code not shown here
> Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
> }
>
> Stuff IDoStuff.getStuff(){
> Stuff s = new Stuff();
> s.ID = "ID_" + DateTime.Now;
> Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
> return s;
> }
> }
>
> And the windows service that exposes the remoting server:
>
> protected override void OnStart(string[] args)
> {
> IChannel ch = new TcpChannel(50015);
> ChannelServices.RegisterChannel(ch);
> RemotingConfiguration.RegisterWellKnownServiceType(typeof(TestServiceCtrl),
> "testremote",
> WellKnownObjectMode.Singleton);
> Util.WriteLog("OnStart called, TestServer at port 50015");
> }
>
> And finally the client:
>
> class TestClient
> {
> static void Main(string[] args)
> {
> new TestClient().run();
> }
>
> public void run(){
> Type type = typeof(IDoStuff);
> IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
> Stuff s = ctrl.getStuff();
> Console.WriteLine("Client got stuff: " + s.ID);
> s.ID += "_client";
> Console.WriteLine("Client setting stuff: " + s.ID);
> ctrl.setStuff(s); // line 26
> }
> }
>
> at line 26, following exception is thrown:
>
> Unhandled Exception: System.Runtime.Serialization.SerializationException:
> Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
> at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demand
> Set, PermissionSet& alteredDemandSet)
> at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
> at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
> --- End of inner exception stack trace ---
>
>
> "Tom" wrote:
>
> > The chapter 4 lab, "Creating and Consuming .NET Remoting Objects", in the book "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Visual C# .NET" (Exams 70-310 and 70-320) directs you to create a chat application. The application consists of a ChatCoordinator class, Server class and Client class.
> >
> > Attempting to start Client.exe using the v1.1 .NET Framework generates the following error:
> >
> > Unhandled Exception: System.Security.SecurityException: Type System.DelegateSerializationHolder and the types derived from it (such as System.DelegateSerializationHolder) are not permitted to be deserialized at this security level.
> >
> > Using the information contained in the article "Automatic Deserialization in .NET Remoting" in the ".NET Framework Developer''s Guide", I modified the application configuration files (Central.config, Client.config) to set the typeFilterLevel attribute of the <formatter> element to to "Full" to solve the problem.
> >
> > In the Central.config file used by Server.exe modify the channel configuration:
> >
> > <channel ref="http" port="8080">
> > <serverProviders>
> > <formatter ref="soap" typeFilterLevel="Full" />
> > </serverProviders>
> > </channel>
> >
> > In the Client.config file used by Client.exe modify the channel configuration:
> >
> > <channel ref="http" port="0">
> > <serverProviders>
> > <formatter ref="soap" typeFilterLevel="Full" />
> > </serverProviders>
> > </channel>
> >
> > These changes to the application configuration files resolved the error. I was able to run without error the chat application demonstrating the creation and consuming of .NET remoting objects.
> >
> >
>