Custom object passed to a remote object method - SecurityException

From: Nick Grape (ngrape_at_nospam)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 06:01:42 -0700

Hello,

Perhaps some one knows a solution or can point out what I'm doing wrong...
I get the following error when attempting to pass data in my custom object
to a remote object method:

An unhandled exception of type
'System.Runtime.Serialization.SerializationException' occurred in
mscorlib.dll
Additional information: Because of security restrictions, the type
MyProj.Remoting.MyObj cannot be accessed.

Here is my code:
Shared object in a common assembly accessible both to client and server:
[Serializable]
public class MyObj : ISerializable {
    public string myData;
    public MyObj() { myData = string.Empty; }
    public MyObj(string data) { myData = data; }
    public MyObj(SerializationInfo info, StreamingContext context) {
        myData = info.GetString("myData");
    }

[System.Security.Permissions.SecurityPermissionAttribute(System.Security.Per
missions.SecurityAction.LinkDemand, SerializationFormatter=true)]
    public void GetObjectData(SerializationInfo info, StreamingContext
context) {
        info.AddValue("myData", myData);
        info.AddValue("TypeObj", this.GetType());
    }
}

Server object:
    public class RemoteUser : MarshalByRefObject {
        public void TestCustomObj(MyObj obj) {
            Console.WriteLine(obj.myData);
        }
    }

Client:
    ru = (RemoteUser)Activator.GetObject(typeof(RemoteUser),
knownType.ObjectUrl);
    ru.TestCustomObj(new MyObj("tested")); << EXCEPTION IS HERE

The remote object is configured correctly. This is definitely a security
exception. When I tuned off security checking (caspol -s off), everything
went okay. I tried to grant FullTrust and Everything permission set to my
assemblies via the strong key, but it did help.

Sorry for the long message and thank you for reading it to the end.

TIA
Nick Grape

P.S. below is the stack trace if needed

Unhandled Exception: System.Runtime.Serialization.SerializationException:
Because of security restrictions, the type MyProj.Remoting.MyObj cannot be
accessed. ---> System.Security.SecurityException: Request failed.
   at
System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor
secDesc, PermissionSet demandSet, PermissionSet& alteredDemandSet)
   at
System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObj
ect(RuntimeType type)
   at
System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Ty
pe type)
   --- End of inner exception stack trace ---

Server stack trace:
   at
System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Ty
pe type)
   at
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(Pars
eRecord pr)
   at
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecor
d pr)
   at
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
MapTyped(BinaryObjectWithMapTyped record)
   at
System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
MapTyped(BinaryHeaderEnum binaryHeaderEnum)
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
   at
System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(Head
erHandler handler, __BinaryParser serParser, Boolean fCheck,
IMethodCallMessage methodCallMessage)
   at
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(S
tream serializationStream, HeaderHandler handler, Boolean fCheck,
IMethodCallMessage methodCallMessage)
   at
System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage
(String objectUri, Stream inputStream, Boolean bStrictBinding,
TypeFilterLevel securityLevel)
   at
System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IS
erverChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders
requestHeaders, Stream requestStream, IMessage& responseMsg,
ITransportHeaders& responseHeaders, Stream& responseStream)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
   at MyProj.Remoting.RemoteUser.TestCustomObj(MyObj obj)
   at MyProj.Client.MainForm.Main() in c:\documents and settings\nick\my
documents\MyProj\MyProjclient\mainform.cs:line 271The program '[536]
MyProjClient.exe' has exited with code 0 (0x0).

Relevant Pages

  • Re: Reusing HttpWebRequest.GetRequestStream
    ... After I've created a request: ... > public void SendRequest ... > Additional information: Stream was not writable. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Reusing HttpWebRequest.GetRequestStream
    ... I'm experimenting with HttpWebRequest. ... the second time I send the request I get the following exception: ... An unhandled exception of type 'System.ArgumentException' occurred in ... Additional information: Stream was not writable. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: uh? security problem?
    ... Then you will have "Sharing And Security" in the ... context menu for files, folders, etc. in Windows Explorer. ... > granting access rights to the resource to the ASP.NET request identity. ... > eventArgument) +5 ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: uh? security problem?
    ... It appears that your IIS user account does not have access to that file. ... Try sharing the file and setting the security levels to allow everyone full ... > granting access rights to the resource to the ASP.NET request identity. ... > eventArgument) +5 ...
    (microsoft.public.dotnet.framework.aspnet)
  • [UNIX] Invision Power Board SQL Injection Vulnerability (sources/calendar.php)
    ... Get your security news from a reliable source. ... An SQL injection vulnerability in IPB's calendar support, ... We execute the following request: ... As it is a request of type SELECT, we can use for example the clause ...
    (Securiteam)