You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-dev@logging.apache.org by "Andrew Arnott (JIRA)" <ji...@apache.org> on 2013/01/02 16:06:12 UTC
[jira] [Commented] (LOG4NET-347) Log4net not working in an ASP.Net
environment with medium trust
[ https://issues.apache.org/jira/browse/LOG4NET-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13542158#comment-13542158 ]
Andrew Arnott commented on LOG4NET-347:
---------------------------------------
The fix is actually much simpler than the one described earlier. Please see the accepted answer on http://stackoverflow.com/questions/9700625/c-sharp-webapp-log4net-partial-trust-high-or-medium-not-working for two approaches to fixing the problem.
Preferably, if you compile log4net differently for .NET 4.x vs. before .NET 4.0, then use #if CLR4 around adding the [SecurityCritical] attribute to all your GetObjectData methods.
As another option, just add this attribute to your assembly:
[assembly: System.Security.SecurityRules(System.Security.SecurityRuleSet.Level1)]
> Log4net not working in an ASP.Net environment with medium trust
> ---------------------------------------------------------------
>
> Key: LOG4NET-347
> URL: https://issues.apache.org/jira/browse/LOG4NET-347
> Project: Log4net
> Issue Type: Bug
> Components: Core
> Environment: Asp.Net environment running in medium trust
> Reporter: Michele Lepri
>
> As you know, .net 4 security policy are changed and are a lot more strict.
> First of all, I'm not an expert about .net 4 security =) and I never
> developed web apps for medium trust: this is my fist time.
> The problem is simple: log4net doesn't work in medium trust.
> the exception is thrown by the [SecurityCritical] Attribute of the
> System.Reflection.TargetInvocationException: Exception has been thrown
> "GetObjectData" method of ReadOnlyPropertiesDictionary class.
> by the target of an invocation. ---> System.TypeLoadException:
> Inheritance security rules violated while overriding member:
> 'log4net.Util.ReadOnlyPropertiesDictionary.GetObjectData(System.Runtim
> e.Serialization.SerializationInfo,
> System.Runtime.Serialization.StreamingContext)'. Security
> accessibility of the overriding method must match the security
> accessibility of the method being overriden.
> at log4net.Repository.Hierarchy.Hierarchy..ctor(ILoggerFactory
> loggerFactory)
> at log4net.Repository.Hierarchy.Hierarchy..ctor()
> --- End of inner exception stack trace ---
> at System.RuntimeTypeHandle.CreateInstance(RuntimeType type,
> Boolean publicOnly, Boolean noCheck, Boolean& canBeCached,
> RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
> at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly,
> Boolean skipCheckThis, Boolean fillCache)
> at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly,
> Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
> at System.Activator.CreateInstance(Type type, Boolean nonPublic)
> at log4net.Core.DefaultRepositorySelector.CreateRepository(String
> repositoryName, Type repositoryType)
> at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType, String repositoryName,
> Boolean
> readAssemblyAttributes)
> at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
> repositoryAssembly, Type repositoryType)
> at log4net.Core.DefaultRepositorySelector.GetRepository(Assembly
> repositoryAssembly)
> at log4net.Core.LoggerManager.GetRepository(Assembly repositoryAssembly)
> at log4net.Config.XmlConfigurator.Configure()
> [CUT]
> According to this:
> http://msdn.microsoft.com/en-us/library/bb924412.aspx
> Serialization in a partially-trusted application should be done in
> another way ([DataContract] attribute must used, you can't use
> [Serializable] attribute and can't use ISerializable interface to
> control the serialization process.
> I patched log4net in a insane way, but it works now: after removed the
> [Serializable] and the ISerializable interface all work fine, but of
> course i "lose" all the code performed by the implementation of the
> ISerializable interface.
> By the way the log is fine for me now and all I need seem to work.
> To be really onest, i don't know what I should loose doing a thing like
> that..
> Other library (like Ninject) provide a separate build for medium trust
> environment and it works great.
> I think would be really great to have a version like that for log4net.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira