System.Security.Permissions.ReflectionPermission

olley

Guppy
Is there a chance to get System.Security.Permissions.ReflectionPermission allowed for .NET 4.0?

I am getting an error when I try using standard .NET classes for JSON serialization.

Here is the stack trace:

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Code:
[SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark) +31
   System.Security.CodeAccessPermission.Demand() +46
   System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Module m, StackCrawlMark& stackMark, Boolean skipVisibility) +248
   System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Module m, Boolean skipVisibility) +49
   System.Runtime.Serialization.Json.CriticalHelper.BeginMethod(CodeGenerator ilg, String methodName, Type delegateType, Boolean allowPrivateMemberAccess) +162
   System.Runtime.Serialization.Json.CriticalHelper.GenerateClassWriter(ClassDataContract classContract) +144

If I am not mistaken, JodoHost has this permission granted for .NET 2.0 (see http://support.jodohost.com/showthread.php?t=7974&highlight=ReflectionPermission topic). May be it is time to add it to the list of granted permissions for .NET 4.0 too?
 
Here is a simple ASPX page for testing.

Code:
<%@ Page Language="C#" %>

<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Runtime.Serialization.Json" %>
<%@ Import Namespace="System.Runtime.Serialization" %>


<script runat="server">

    [DataContract]
    class Foo
    {
        [DataMember]
        public bool bar = true;
    }
    
    class Tester
    {

        public static string DoStuff()
        {
            DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(Foo));
            MemoryStream memStream = new MemoryStream();

            Foo foo = new Foo();

            serializer.WriteObject(memStream, foo); // Fails on this line
            memStream.Position = 0;
            StreamReader reader = new StreamReader(memStream);
            return reader.ReadToEnd();
        }
    }    

</script>

<html>
 <% Response.Write( Tester.DoStuff()); %>
</html>

On my local machine it outputs the JASON representation of the the Foo object: {"bar":true}
On the hosted site it throws the above mentioned exception.
 
still checking it, wasnt in a lot on software side due to some other plans (prep to take dc pics)
 
Check it now and see if any error, I've allowed an additional reflection permission.
 
On reflection, we really can't allow it in full, I have allowed ReflectionEmit and RestrictedMemberAccess (for LINQ functions)

I tried to find which exactly JSON was using, but wasn't able, do you know?
Looks like it is wanting PrivateMemberAccess...
 
Yes, LINQ works for me, I can confirm that. Don't know about JSON error besides what I see in that exception info though...
 
Back
Top