.net 覆盖成员时违反了继承安全规则 - SecurityRuleSet.Level2
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3055792/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Inheritance security rules violated while overriding member - SecurityRuleSet.Level2
提问by Page
I have a class that inherits from Exception. In .NET 4, I started receiving a runtime error:
我有一个继承自 Exception 的类。在 .NET 4 中,我开始收到运行时错误:
Inheritance security rules violated while overriding member: MyBusinessException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.
覆盖成员时违反了继承安全规则:MyBusinessException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'。覆盖方法的安全可访问性必须与被覆盖方法的安全可访问性相匹配。
I think the issue is caused by the fact that I am overriding GetObjectData.
我认为这个问题是由我覆盖 GetObjectData 引起的。
I know one answer for resolving the issue is to set the SecurityRuleSet:
我知道解决该问题的一个答案是设置 SecurityRuleSet:
[assembly: SecurityRules(SecurityRuleSet.Level1)]
This is not an acceptable answer, I'd like to know how to fix the issue without having to relax the default security rules in .NET 4.
这不是一个可接受的答案,我想知道如何解决这个问题而不必放宽 .NET 4 中的默认安全规则。
采纳答案by Julien Lebosquain
Mark GetObjectDatawith SecurityCriticalAttribute, because it's applied to Exception.GetObjectData. An overridden member should have the same security accessibility (Critical, Safe Critical or Transparent).
标记GetObjectData用SecurityCriticalAttribute,因为它的应用Exception.GetObjectData。被覆盖的成员应该具有相同的安全可访问性(关键、安全关键或透明)。
Read Security Changes in the .NET Framework 4and Security Transparent Code, Level 2from MSDN for more information.
阅读MSDN中的 .NET Framework 4和安全透明代码,级别 2中的安全更改以获取更多信息。
To avoid all potential security runtime exceptions, enable Code Analysis with the Security rule set. You'll get static analysis warnings that might correspond to runtime errors.
为避免所有潜在的安全运行时异常,请使用安全规则集启用代码分析。您将收到可能与运行时错误相对应的静态分析警告。
回答by Vedran
Had this problem when I was calling an assembly that had AllowPartiallyTrustedCallers attribute:
当我调用具有 AllowPartiallyTrustedCallers 属性的程序集时遇到了这个问题:
[assembly: System.Security.AllowPartiallyTrustedCallers]
Removing it solved my problem without switching to SecurityRuleSet.Level1.
删除它解决了我的问题,而无需切换到 SecurityRuleSet.Level1。
回答by Joe Enzminger
Regarding this error in shared hosting environments that allow full trust applications. When you bin deploy an application, you often overwrite web.config. Under IIS, when you change the trust settings to something different than the default, your web config section is modified with:
关于允许完全信任应用程序的共享托管环境中的此错误。当您对应用程序进行 bin 部署时,您通常会覆盖 web.config。在 IIS 下,当您将信任设置更改为与默认设置不同的设置时,您的 Web 配置部分将修改为:
<system.web>
<trust level="Full" />
<system.web>
Copying a new web.config during deployment often overwrites this setting, however IIS Admin will still show the site as "Full Trust", when in reality the site is running in whatever the default trust level is for your shared host provider (usually medium).
在部署期间复制新的 web.config 通常会覆盖此设置,但是 IIS Admin 仍会将站点显示为“完全信任”,而实际上该站点正在以您的共享主机提供商的默认信任级别(通常为中等)运行.
You'll see this error and do what I did - try to figure out why you would see it even though you know the site is running under full trust, when in actuality, it is not. The solution is either to modify your web config as noted above before deployment, or use IIS Admin to set the site to a different trust level (high, for instance), apply it, then set it back to full. Doing so reinserts the necessary config file information and restarts the application pool in full trust.
您将看到此错误并执行我所做的 - 尝试弄清楚为什么即使您知道该站点在完全信任的情况下运行也会看到它,但实际上并非如此。解决方案是在部署之前修改您的 Web 配置,或者使用 IIS Admin 将站点设置为不同的信任级别(例如高),应用它,然后将其设置回完全。这样做会重新插入必要的配置文件信息并以完全信任的方式重新启动应用程序池。
回答by Charlie Kilian
For me, the problem was with the log4net library. I downloaded the source, and added the project file into my solution so that I could step into external libraries. However, log4net needed the NET_4_0symbol defined for conditional compilation. By default, it had NET_1_0defined. I went into the log4net project properties and changed NET_1_0to NET_4_0, and this fixed the problem.
对我来说,问题出在 log4net 库上。我下载了源代码,并将项目文件添加到我的解决方案中,以便我可以进入外部库。但是,log4net 需要NET_4_0为条件编译定义的符号。默认情况下,它已NET_1_0定义。我进入了 log4net 项目属性并更改NET_1_0为NET_4_0,这解决了问题。
Aside:Perhaps I am not following best practices by including the libraries in my project. If that is the case, I would welcome feedback on different ways to do it, and the pros and cons of each choice. My current thinking is, if there is an error, being able to see the library's source will help me understand what the library is expecting, which will help me clear up the error. Also, seeing how other people write source code is nothing if not a valuable learning experience. Basically, I'm trying to follow the advice of Jeff Atwood found here. But if there is a better way to accomplish this, I'm all ears.
旁白:也许我没有通过在我的项目中包含库来遵循最佳实践。如果是这种情况,我欢迎对不同方法的反馈,以及每种选择的利弊。我目前的想法是,如果出现错误,能够看到库的源代码将有助于我了解库所期望的内容,这将有助于我清除错误。此外,如果不是宝贵的学习经验,看看其他人如何编写源代码也算不了什么。基本上,我试图遵循在这里找到的 Jeff Atwood 的建议。但是,如果有更好的方法来实现这一点,我会全力以赴。
回答by Dongolo Jeno
I got this error that made no sense for my case ! I used this simple example https://www.c-sharpcorner.com/article/using-autofac-with-web-api
我得到了这个对我的案例毫无意义的错误!我使用了这个简单的例子https://www.c-sharpcorner.com/article/using-autofac-with-web-api
The problem was that I had no space and did not noticed it so I solved this by making space on my drive.
问题是我没有空间并且没有注意到它,所以我通过在驱动器上留出空间来解决这个问题。
Maybe this will save somebody a few hours of useless investigation.
也许这会为某人节省几个小时的无用调查。
