TypeLoadException in Rackspace
43 views
Skip to first unread message
Diego Mijelshon
Apr 18, 2012, 9:51:24 PM4/18/12
to DotNetOpenAuth
Hi fellow developers!
I've developed a MVC site that authenticates using OpenId or OpenAuth
(Facebook).
Everything was working fine, until I had to host it in Rackspace (this
is a requirement of my customer).
I get the following exception when trying to initialize either client:
[TypeLoadException: Inheritance security rules violated while
overriding member:
'DotNetOpenAuth.Messaging.ProtocolException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.]
DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean
condition, String message, Object[] args) +0
DotNetOpenAuth.Messaging.Channel.ValidateAndPrepareBindingElements(IEnumerable`1
elements) +524
DotNetOpenAuth.Messaging.Channel..ctor(IMessageFactory
messageTypeProvider, IChannelBindingElement[] bindingElements) +316
That can come from either of these constructors:
DotNetOpenAuth.OAuth2.WebServerClient..ctor(AuthorizationServerDescription
authorizationServer, String clientIdentifier, String clientSecret)
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor()
According to http://stackoverflow.com/a/3055912/62024 that method
should have [SecurityCriticalAttribute]. I'm not an expert in .NET
code security, so I'll have to take the author's word for it. I don't
know what the implications are.
Is this something that can get fixed easily? Should I open an issue
and/or try to fix it myself and send a pull request?
Rackspace's policy file can be found at http://c4959820.r20.cf2.rackcdn.com/web_custom40.config
Thanks!
Diego
I've developed a MVC site that authenticates using OpenId or OpenAuth
(Facebook).
Everything was working fine, until I had to host it in Rackspace (this
is a requirement of my customer).
I get the following exception when trying to initialize either client:
[TypeLoadException: Inheritance security rules violated while
overriding member:
'DotNetOpenAuth.Messaging.ProtocolException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.]
DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean
condition, String message, Object[] args) +0
DotNetOpenAuth.Messaging.Channel.ValidateAndPrepareBindingElements(IEnumerable`1
elements) +524
DotNetOpenAuth.Messaging.Channel..ctor(IMessageFactory
messageTypeProvider, IChannelBindingElement[] bindingElements) +316
That can come from either of these constructors:
DotNetOpenAuth.OAuth2.WebServerClient..ctor(AuthorizationServerDescription
authorizationServer, String clientIdentifier, String clientSecret)
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor()
According to http://stackoverflow.com/a/3055912/62024 that method
should have [SecurityCriticalAttribute]. I'm not an expert in .NET
code security, so I'll have to take the author's word for it. I don't
know what the implications are.
Is this something that can get fixed easily? Should I open an issue
and/or try to fix it myself and send a pull request?
Rackspace's policy file can be found at http://c4959820.r20.cf2.rackcdn.com/web_custom40.config
Thanks!
Diego
Diego Mijelshon
Apr 18, 2012, 9:54:51 PM4/18/12
to DotNetOpenAuth
I just looked at the code, and the attribute is already there, so
that's not it...
Any ideas?
Diego
On Apr 18, 10:51 pm, Diego Mijelshon <di...@mijelshon.com.ar> wrote:
> Hi fellow developers!
>
> I've developed a MVC site that authenticates using OpenId or OpenAuth
> (Facebook).
> Everything was working fine, until I had to host it in Rackspace (this
> is a requirement of my customer).
> I get the following exception when trying to initialize either client:
>
> [TypeLoadException: Inheritance security rules violated while
> overriding member:
> 'DotNetOpenAuth.Messaging.ProtocolException.GetObjectData(System.Runtime.Se rialization.SerializationInfo,
> System.Runtime.Serialization.StreamingContext)'. Security
> accessibility of the overriding method must match the security
> accessibility of the method being overriden.]
> DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean
> condition, String message, Object[] args) +0
>
> DotNetOpenAuth.Messaging.Channel.ValidateAndPrepareBindingElements(IEnumera ble`1
that's not it...
Any ideas?
Diego
On Apr 18, 10:51 pm, Diego Mijelshon <di...@mijelshon.com.ar> wrote:
> Hi fellow developers!
>
> I've developed a MVC site that authenticates using OpenId or OpenAuth
> (Facebook).
> Everything was working fine, until I had to host it in Rackspace (this
> is a requirement of my customer).
> I get the following exception when trying to initialize either client:
>
> [TypeLoadException: Inheritance security rules violated while
> overriding member:
> 'DotNetOpenAuth.Messaging.ProtocolException.GetObjectData(System.Runtime.Se rialization.SerializationInfo,
> System.Runtime.Serialization.StreamingContext)'. Security
> accessibility of the overriding method must match the security
> accessibility of the method being overriden.]
> DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean
> condition, String message, Object[] args) +0
>
> elements) +524
> DotNetOpenAuth.Messaging.Channel..ctor(IMessageFactory
> messageTypeProvider, IChannelBindingElement[] bindingElements) +316
>
> That can come from either of these constructors:
> DotNetOpenAuth.OAuth2.WebServerClient..ctor(AuthorizationServerDescription
> authorizationServer, String clientIdentifier, String clientSecret)
> DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor()
>
> According tohttp://stackoverflow.com/a/3055912/62024that method
> DotNetOpenAuth.Messaging.Channel..ctor(IMessageFactory
> messageTypeProvider, IChannelBindingElement[] bindingElements) +316
>
> That can come from either of these constructors:
> DotNetOpenAuth.OAuth2.WebServerClient..ctor(AuthorizationServerDescription
> authorizationServer, String clientIdentifier, String clientSecret)
> DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor()
>
Andrew Arnott
Apr 18, 2012, 10:28:01 PM4/18/12
to dotnet...@googlegroups.com
The attribute is only there for the version of the dll that compiles against .NET 4.0 (since that's where the attribute is introduced). Can you confirm (via Reflector or ildasm) that your copy of dotnetopenauth.dll has that attribute for that exception type?
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Diego Mijelshon
Apr 19, 2012, 8:12:25 AM4/19/12
to DotNetOpenAuth
Yes, that's what I did (using R#)
The attribute is definitely there.
Diego
On Apr 18, 11:28 pm, Andrew Arnott <andrewarn...@gmail.com> wrote:
> The attribute is only there for the version of the dll that compiles
> against .NET 4.0 (since that's where the attribute is introduced). Can you
> confirm (via Reflector or ildasm) that *your* copy of dotnetopenauth.dll
> > To post to this group, send email to dotnet...@googlegroups.com<javascript:;>
> > .
The attribute is definitely there.
Diego
On Apr 18, 11:28 pm, Andrew Arnott <andrewarn...@gmail.com> wrote:
> The attribute is only there for the version of the dll that compiles
> against .NET 4.0 (since that's where the attribute is introduced). Can you
> has that attribute for that exception type?
>
>
>
>
>
>
>
>
>
> On Wednesday, April 18, 2012, Diego Mijelshon wrote:
> > I just looked at the code, and the attribute is already there, so
> > that's not it...
>
> > Any ideas?
>
> > Diego
>
> > On Apr 18, 10:51 pm, Diego Mijelshon <di...@mijelshon.com.ar<javascript:;>>
>
>
>
>
>
>
>
>
>
> On Wednesday, April 18, 2012, Diego Mijelshon wrote:
> > I just looked at the code, and the attribute is already there, so
> > that's not it...
>
> > Any ideas?
>
> > Diego
>
> > .
> > To unsubscribe from this group, send email to
> > dotnetopenid...@googlegroups.com <javascript:;>.
Andrew Arnott
Apr 19, 2012, 9:59:45 AM4/19/12
to dotnet...@googlegroups.com
Well yours is the second report I've heard recently about this trouble. I don't have any more ideas currently, but please share if you find a solution.
(perhaps just for kicks you can try the .NET 3.5 targeted build)
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Diego Mijelshon
Apr 19, 2012, 11:56:34 AM4/19/12
to DotNetOpenAuth
That's interesting. The 3.5 version works without a problem (maybe
referencing 2.0 CLR assemblies from 4.0 causes some relaxing of
policies, I dunno)
This does solve my problem for now, which makes me very happy :-)
although I'll have to fix the reference manually when I update the
library (I'm using NuGet)
I'm guessing removing the override completely is out of the
question... right?
Anyway, thanks again for your help!
Diego
On Apr 19, 10:59 am, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Well yours is the second report I've heard recently about this trouble. I
> don't have any more ideas currently, but please share if you find a
> solution.
>
> (perhaps just for kicks you can try the .NET 3.5 targeted build)
>
>
>
>
>
>
>
>
>
> On Thursday, April 19, 2012, Diego Mijelshon wrote:
> > Yes, that's what I did (using R#)
> > The attribute is definitely there.
>
> > Diego
>
> > On Apr 18, 11:28 pm, Andrew Arnott <andrewarn...@gmail.com <javascript:;>>
> > > > dotnetopenid...@googlegroups.com <javascript:;><javascript:;>.
referencing 2.0 CLR assemblies from 4.0 causes some relaxing of
policies, I dunno)
This does solve my problem for now, which makes me very happy :-)
although I'll have to fix the reference manually when I update the
library (I'm using NuGet)
I'm guessing removing the override completely is out of the
question... right?
Anyway, thanks again for your help!
Diego
On Apr 19, 10:59 am, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Well yours is the second report I've heard recently about this trouble. I
> don't have any more ideas currently, but please share if you find a
> solution.
>
> (perhaps just for kicks you can try the .NET 3.5 targeted build)
>
>
>
>
>
>
>
>
>
> On Thursday, April 19, 2012, Diego Mijelshon wrote:
> > Yes, that's what I did (using R#)
> > The attribute is definitely there.
>
> > Diego
>
Andrew Arnott
Apr 19, 2012, 8:39:25 PM4/19/12
to dotnet...@googlegroups.com
Thanks for getting back to us on the result of that test. I suspect that Rackspace has turned on legacy security policies.
Ironically it looks like the override of this method always throws NotImplementedException, so perhaps we can remove it. Not sure what we're supposed to do in that method at this point anyway.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Andrew Arnott
Apr 21, 2012, 5:47:50 PM4/21/12
to dotnet...@googlegroups.com
I've filed Issue #121 for this and checked in a fix for v4.0.2.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Reply all
Reply to author
Forward
0 new messages