HighTechTalks DotNet Forums  

RE: Deserialization in .NET Remoting

Go Back HighTechTalks DotNet Forums Microsoft DotNet Framework Dotnet Framework (Remoting) RE: Deserialization in .NET Remoting

Dotnet Framework (Remoting) microsoft.public.dotnet.framework.remoting


Discuss RE: Deserialization in .NET Remoting in the Dotnet Framework (Remoting) forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
Snowy
 
Posts: n/a

Default RE: Deserialization in .NET Remoting - 07-08-2004 , 11:09 AM





Tom:

What I don't understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.

Any idea why?

Here's the code listing:

This sample app is a remoting server hosted in a windows service with a console client. I'm listing the code below.

First the remoting interface:

public interface IDoStuff{
void setStuff(Stuff stf);
Stuff getStuff();
}

Stuff is a simple serialized class WITHOUT implementing ISerializable:

[Serializable]
public class Stuff {
private string id;
public string ID {
get{ return id; }
set{ id = value; }
}
}

Now the remoting server that implements IDoStuff:

public class TestServiceCtrl : MarshalByRefObject, IDoStuff
{
void IDoStuff.setStuff(Stuff stf){
// Util.WriteLog code not shown here
Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
}

Stuff IDoStuff.getStuff(){
Stuff s = new Stuff();
s.ID = "ID_" + DateTime.Now;
Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
return s;
}
}

And the windows service that exposes the remoting server:

protected override void OnStart(string[] args)
{
IChannel ch = new TcpChannel(50015);
ChannelServices.RegisterChannel(ch);
RemotingConfiguration.RegisterWellKnownServiceType (typeof(TestServiceCtrl),
"testremote",
WellKnownObjectMode.Singleton);
Util.WriteLog("OnStart called, TestServer at port 50015");
}

And finally the client:

class TestClient
{
static void Main(string[] args)
{
new TestClient().run();
}

public void run(){
Type type = typeof(IDoStuff);
IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
Stuff s = ctrl.getStuff();
Console.WriteLine("Client got stuff: " + s.ID);
s.ID += "_client";
Console.WriteLine("Client setting stuff: " + s.ID);
ctrl.setStuff(s); // line 26
}
}

at line 26, following exception is thrown:

Unhandled Exception: System.Runtime.Serialization.SerializationExceptio n:
Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
at System.Security.SecurityRuntime.FrameDescSetHelper (FrameSecurityDescriptor secDesc, PermissionSet demand
Set, PermissionSet& alteredDemandSet)
at System.Runtime.Serialization.FormatterServices.nat iveGetSafeUninitializedObject(RuntimeType type)
at System.Runtime.Serialization.FormatterServices.Get SafeUninitializedObject(Type type)
--- End of inner exception stack trace ---


"Tom" wrote:

Quote:
The chapter 4 lab, "Creating and Consuming .NET Remoting Objects", in the book "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Visual C# .NET" (Exams 70-310 and 70-320) directs you to create a chat application. The application consists of a ChatCoordinator class, Server class and Client class.

Attempting to start Client.exe using the v1.1 .NET Framework generates the following error:

Unhandled Exception: System.Security.SecurityException: Type System.DelegateSerializationHolder and the types derived from it (such as System.DelegateSerializationHolder) are not permitted to be deserialized at this security level.

Using the information contained in the article "Automatic Deserialization in .NET Remoting" in the ".NET Framework Developer's Guide", I modified the application configuration files (Central.config, Client.config) to set the typeFilterLevel attribute of the <formatter> element to to "Full" to solve the problem.

In the Central.config file used by Server.exe modify the channel configuration:

channel ref="http" port="8080"
serverProviders
formatter ref="soap" typeFilterLevel="Full" /
/serverProviders
/channel

In the Client.config file used by Client.exe modify the channel configuration:

channel ref="http" port="0"
serverProviders
formatter ref="soap" typeFilterLevel="Full" /
/serverProviders
/channel

These changes to the application configuration files resolved the error. I was able to run without error the chat application demonstrating the creation and consuming of .NET remoting objects.

Reply With Quote
  #2  
Old   
Sunny
 
Posts: n/a

Default RE: Deserialization in .NET Remoting - 07-08-2004 , 12:11 PM





Hi,
the class Stuff have to be implemented in a separate assembly, which is
accessible (and referenced) both from the client and the server.

Sunny


In article <59E0611C-E434-426C-BE50-FD0D8C1D7D73 (AT) microsoft (DOT) com>,
tang_ai (AT) hotmail (DOT) com. says...
Quote:
Tom:

What I don't understand is, according to MSDN documentation "Automatic Deserialization in .NET Remoting", the default "Low" deserialization level supports "Reference and value types that are marked with the SerializableAttribute attribute but do not implement the ISerializable interface.". In my test app below, the class Stuff fits in this category, but the security error remains. This was resolved by setting typeFilterLevel = Full.

Any idea why?

Here's the code listing:

This sample app is a remoting server hosted in a windows service with a console client. I'm listing the code below.

First the remoting interface:

public interface IDoStuff{
void setStuff(Stuff stf);
Stuff getStuff();
}

Stuff is a simple serialized class WITHOUT implementing ISerializable:

[Serializable]
public class Stuff {
private string id;
public string ID {
get{ return id; }
set{ id = value; }
}
}

Now the remoting server that implements IDoStuff:

public class TestServiceCtrl : MarshalByRefObject, IDoStuff
{
void IDoStuff.setStuff(Stuff stf){
// Util.WriteLog code not shown here
Util.WriteLog("TestServiceCtrl setStuff: " + stf.ID);
}

Stuff IDoStuff.getStuff(){
Stuff s = new Stuff();
s.ID = "ID_" + DateTime.Now;
Util.WriteLog("TestServiceCtrl getStuff: " + s.ID);
return s;
}
}

And the windows service that exposes the remoting server:

protected override void OnStart(string[] args)
{
IChannel ch = new TcpChannel(50015);
ChannelServices.RegisterChannel(ch);
RemotingConfiguration.RegisterWellKnownServiceType (typeof(TestServiceCtrl),
"testremote",
WellKnownObjectMode.Singleton);
Util.WriteLog("OnStart called, TestServer at port 50015");
}

And finally the client:

class TestClient
{
static void Main(string[] args)
{
new TestClient().run();
}

public void run(){
Type type = typeof(IDoStuff);
IDoStuff ctrl = (IDoStuff)Activator.GetObject(type, "tcp://localhost:50015/testremote");
Stuff s = ctrl.getStuff();
Console.WriteLine("Client got stuff: " + s.ID);
s.ID += "_client";
Console.WriteLine("Client setting stuff: " + s.ID);
ctrl.setStuff(s); // line 26
}
}

at line 26, following exception is thrown:

Unhandled Exception: System.Runtime.Serialization.SerializationExceptio n:
Because of security restrictions, the type TestRemote.Stuff cannot be accessed. ---> System.Security.SecurityException: Request failed.
at System.Security.SecurityRuntime.FrameDescSetHelper (FrameSecurityDescriptor secDesc, PermissionSet demand
Set, PermissionSet& alteredDemandSet)
at System.Runtime.Serialization.FormatterServices.nat iveGetSafeUninitializedObject(RuntimeType type)
at System.Runtime.Serialization.FormatterServices.Get SafeUninitializedObject(Type type)
--- End of inner exception stack trace ---


"Tom" wrote:

The chapter 4 lab, "Creating and Consuming .NET Remoting Objects", in the book "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Visual C# .NET" (Exams 70-310 and 70-320) directs you to create a chat application. The application consists of a ChatCoordinator class, Server class and Client class.

Attempting to start Client.exe using the v1.1 .NET Framework generates the following error:

Unhandled Exception: System.Security.SecurityException: Type System.DelegateSerializationHolder and the types derived from it (such as System.DelegateSerializationHolder) are not permitted to be deserialized at this security level.

Using the information contained in the article "Automatic Deserialization in .NET Remoting" in the ".NET Framework Developer's Guide", I modified the application configuration files (Central.config, Client.config) to set the typeFilterLevel attribute of the <formatter> element to to "Full" to solve the problem.

In the Central.config file used by Server.exe modify the channel configuration:

channel ref="http" port="8080"
serverProviders
formatter ref="soap" typeFilterLevel="Full" /
/serverProviders
/channel

In the Client.config file used by Client.exe modify the channel configuration:

channel ref="http" port="0"
serverProviders
formatter ref="soap" typeFilterLevel="Full" /
/serverProviders
/channel

These changes to the application configuration files resolved the error. I was able to run without error the chat application demonstrating the creation and consuming of .NET remoting objects.

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top