logging-log4net-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Arnott (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LOG4NET-347) Log4net not working in an ASP.Net environment with medium trust
Date Wed, 02 Jan 2013 16:08:12 GMT

    [ https://issues.apache.org/jira/browse/LOG4NET-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13542203#comment-13542203
] 

Andrew Arnott commented on LOG4NET-347:
---------------------------------------

The point of either of these approaches is not to reduce the security requirements to invoke
the GetObjectData method, but rather to correctly decorate it so that .NET 4.x won't reject
the type when the type is loaded. Either of these attributes should get the CLR to allow loading
of the type -- invoking the method still requires high trust, but then no one (that I know
of) ever invokes that method anyway.
                
> Log4net not working in an ASP.Net environment with medium trust
> ---------------------------------------------------------------
>
>                 Key: LOG4NET-347
>                 URL: https://issues.apache.org/jira/browse/LOG4NET-347
>             Project: Log4net
>          Issue Type: Bug
>          Components: Core
>         Environment: Asp.Net environment running in medium trust
>            Reporter: Michele Lepri
>
> As you know, .net 4 security policy are changed and are a lot more strict.
> First of all, I'm not an expert about .net 4 security =) and I never
> developed web apps for medium trust: this is my fist time.
> The problem is simple: log4net doesn't work in medium trust.
> the exception is thrown by the [SecurityCritical] Attribute of the
> System.Reflection.TargetInvocationException: Exception has been thrown
> "GetObjectData" method of ReadOnlyPropertiesDictionary class.
> by the target of an invocation. ---> System.TypeLoadException:
> Inheritance security rules violated while overriding member:
> 'log4net.Util.ReadOnlyPropertiesDictionary.GetObjectData(System.Runtim
> e.Serialization.SerializationInfo,
> System.Runtime.Serialization.StreamingContext)'. Security
> accessibility of the overriding method must match the security
> accessibility of the method being overriden.
>   at log4net.Repository.Hierarchy.Hierarchy..ctor(ILoggerFactory
> loggerFactory)
>   at log4net.Repository.Hierarchy.Hierarchy..ctor()
>   --- End of inner exception stack trace ---
>   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type,
> Boolean publicOnly, Boolean noCheck, Boolean& canBeCached,
> RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
>   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly,
> Boolean skipCheckThis, Boolean fillCache)
>   at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly,
> Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
>   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(String
> repositoryName, Type repositoryType)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType, String repositoryName,
> Boolean
> readAssemblyAttributes)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType)
>   at log4net.Core.DefaultRepositorySelector.GetRepository(Assembly
> repositoryAssembly)
>   at log4net.Core.LoggerManager.GetRepository(Assembly repositoryAssembly)
>   at log4net.Config.XmlConfigurator.Configure()
> [CUT]
> According to this:
> http://msdn.microsoft.com/en-us/library/bb924412.aspx
> Serialization in a partially-trusted application should be done in
> another way ([DataContract] attribute must used, you can't use
> [Serializable] attribute and can't use ISerializable interface to
> control the serialization process.
> I patched log4net in a insane way, but it works now: after removed the
> [Serializable] and the ISerializable interface all work fine, but of
> course i "lose" all the code performed by the implementation of the
> ISerializable interface.
> By the way the log is fine for me now and all I need seem to work.
> To be really onest, i don't know what I should loose doing a thing like
> that..
> Other library (like Ninject) provide a separate build for medium trust
> environment and it works great.
> I think would be really great to have a version like that for log4net.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message