You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-dev@logging.apache.org by "Dominik Psenner (JIRA)" <ji...@apache.org> on 2013/02/13 10:30:13 UTC

[jira] [Comment Edited] (LOG4NET-347) Log4net not working in an ASP.Net environment with medium trust

    [ https://issues.apache.org/jira/browse/LOG4NET-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13577385#comment-13577385 ] 

Dominik Psenner edited comment on LOG4NET-347 at 2/13/13 9:29 AM:
------------------------------------------------------------------

Much more interesting would be the answer to the question whether this issue affects other .NET versions and Mono or not?
                
      was (Author: nachbarslumpi):
    Much more interesting would be the answer to the question whether this fix resolves the issue for the other .NET versions and Mono or not?
                  
> Log4net not working in an ASP.Net environment with medium trust
> ---------------------------------------------------------------
>
>                 Key: LOG4NET-347
>                 URL: https://issues.apache.org/jira/browse/LOG4NET-347
>             Project: Log4net
>          Issue Type: Bug
>          Components: Core
>         Environment: Asp.Net environment running in medium trust
>            Reporter: Michele Lepri
>         Attachments: log4net-347.patch
>
>
> As you know, .net 4 security policy are changed and are a lot more strict.
> First of all, I'm not an expert about .net 4 security =) and I never
> developed web apps for medium trust: this is my fist time.
> The problem is simple: log4net doesn't work in medium trust.
> the exception is thrown by the [SecurityCritical] Attribute of the
> System.Reflection.TargetInvocationException: Exception has been thrown
> "GetObjectData" method of ReadOnlyPropertiesDictionary class.
> by the target of an invocation. ---> System.TypeLoadException:
> Inheritance security rules violated while overriding member:
> 'log4net.Util.ReadOnlyPropertiesDictionary.GetObjectData(System.Runtim
> e.Serialization.SerializationInfo,
> System.Runtime.Serialization.StreamingContext)'. Security
> accessibility of the overriding method must match the security
> accessibility of the method being overriden.
>   at log4net.Repository.Hierarchy.Hierarchy..ctor(ILoggerFactory
> loggerFactory)
>   at log4net.Repository.Hierarchy.Hierarchy..ctor()
>   --- End of inner exception stack trace ---
>   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type,
> Boolean publicOnly, Boolean noCheck, Boolean& canBeCached,
> RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
>   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly,
> Boolean skipCheckThis, Boolean fillCache)
>   at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly,
> Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
>   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(String
> repositoryName, Type repositoryType)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType, String repositoryName,
> Boolean
> readAssemblyAttributes)
>   at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType)
>   at log4net.Core.DefaultRepositorySelector.GetRepository(Assembly
> repositoryAssembly)
>   at log4net.Core.LoggerManager.GetRepository(Assembly repositoryAssembly)
>   at log4net.Config.XmlConfigurator.Configure()
> [CUT]
> According to this:
> http://msdn.microsoft.com/en-us/library/bb924412.aspx
> Serialization in a partially-trusted application should be done in
> another way ([DataContract] attribute must used, you can't use
> [Serializable] attribute and can't use ISerializable interface to
> control the serialization process.
> I patched log4net in a insane way, but it works now: after removed the
> [Serializable] and the ISerializable interface all work fine, but of
> course i "lose" all the code performed by the implementation of the
> ISerializable interface.
> By the way the log is fine for me now and all I need seem to work.
> To be really onest, i don't know what I should loose doing a thing like
> that..
> Other library (like Ninject) provide a separate build for medium trust
> environment and it works great.
> I think would be really great to have a version like that for log4net.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira