Hi,

I'm currently in the development stage of a website and I confronted an issue with a call being made on one of the LLBLGen Methods. I use Web Forms in ASP.NET Framework 4.5 using Visual Studio 2012 connected to a MS SQL 2012 Database server.

The website successfully authenticates, but when some counters are loaded in the dashboard screen of the Admin section, the following error is generated. This only occurs in the published website located on the hosting server and does not occurs on my machine's localhost. Thanks ahead for any help that can be provided, as I am out of ideas:

Inheritance security rules violated while overriding member: 'MundoBasketball.HelperClasses.ResultsetFields.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

_Exception Details: System.TypeLoadException: Inheritance security rules violated while overriding member: 'MundoBasketball.HelperClasses.ResultsetFields.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[TypeLoadException: Inheritance security rules violated while overriding member: 'MundoBasketball.HelperClasses.ResultsetFields.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.] MB.BLL.bPostComments.GetRecentCommentsForAdmin() in bPostComments.vb:186

[TargetInvocationException: Exception has been thrown by the target of an invocation.] System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0 System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +192 System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +108 System.Web.UI.WebControls.ObjectDataSourceView.InvokeMethod(ObjectDataSourceMethod method, Boolean disposeInstance, Object& instance) +487 System.Web.UI.WebControls.ObjectDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +1609 System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback) +21 System.Web.UI.WebControls.DataBoundControl.PerformSelect() +138 System.Web.UI.WebControls.ListView.PerformSelect() +102 System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +30 System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +105 System.Web.UI.WebControls.ListView.CreateChildControls() +52 System.Web.UI.Control.EnsureChildControls() +83 System.Web.UI.Control.PreRenderRecursiveInternal() +42 System.Web.UI.Control.PreRenderRecursiveInternal() +168 System.Web.UI.Control.PreRenderRecursiveInternal() +168 System.Web.UI.Control.PreRenderRecursiveInternal() +168 System.Web.UI.Control.PreRenderRecursiveInternal() +168 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +974_

Are you using the same version (build) of LLBLGen runtime libraries both in development and in production? Did you deploy LLBLGen libraries into the GAC?

As a work around try adding the following assembly-level attribute to the DBGeneric project.

[assembly: SecurityRules(SecurityRuleSet.Level1)]

Yes, I am using the same build for the localhost environment. I only proceeded to publish the website. The build should generate the correct DLL files as reference.

As for the second question, I am not familiar at all with Global Assembly Cache. In addition, I am using a 1&1 hosting environment (not a Cloud Server) and therefore I do not have any access whatsoever to their server settings, only some IIS settings using a web tool made by them.

As for your suggestion, could you please tell me exactly how to proceed and do that reference? I have never seen this issue and I see a lot of forums talking about an AssemblyInfo.cs file that exists on the project to add assembly references, but my project is a Web Site and not a Web Application (in web sites, this file does not exists) and thus I don't know how to add that reference. Would you be so kind in telling me exactly where to go and how to add the described assembly reference?

Thanks!

This is indeed an annoying problem. We ran into it as well when we compiled the ormsupportclasses for .net 4.5 to add the async code. It only goes away if all the GetObjectdata methods are marked with a security attribute, which is a lot of work, OR if you do this:

Add this attribute to the AssemblyInfo.cs file of your generated code. This file isn't overwritten when you re-generate it. I left the comments below as we have it in our .NET 4.5 specific build of ORMSupportClasses (which is currently in beta with the async api)

// Level1 specified to avoid exception related to ISerializable.GetObjectData, which requires a SecurityCritical attribute on ALL
// implementations, so also overrides in generated code. It's not important anyway, we don't do security related actions.
// Removing AllowPartialTrustedCallers will also remove the requirement for this attribute but we need APTC to be present
// for medium trust environments. 
// In future versions this direect ruleset will be removed and [SecurityCritical] will be added to the proper methods
// however that requires template updates as well.
[assembly: System.Security.SecurityRules(System.Security.SecurityRuleSet.Level1)]

Thanks a lot! This worked. I added the attribute in the AssemblyInfo on the 'My Project' folder for the generated class library where all LLBLGen classes are stored.

The problem is that after adding the attribute, all database calls for Insert, Update and Delete generate an error. I don't know if you suggest that I add the APTC attribute as well in the AssemblyInfo file. The hosting environment is indeed configured as medium trust. Just like I explained before, I have no control over IIS settings since it is a hosting environment.

I haven't debugged it yet because I made the change late at night yesterday and I am not sure if they are related, but I will get back to you tonight with the results.

Thanks

If you add the APTC attribute, and you compile against .net 4.5, you have to add the attribute I gave above. If you don't add the APTC attribute (IMHO, you don't have to), you don't have to add the attribute I gave above.

What does 'gave an error' mean? Please specify the error and stack trace.

Thanks for the reply, Otis. I will provide the stack trace as soon as I get home in the afternoon. I only saw the errors on the hosted site based on the try/catch messages that I establish. I have to debug them, but the thing is that the last time I tested the web site before implementing the Assembly Attribute everything was working.

I will provide all necessary information on the afternoon.

Thanks a lot for your excellent support.

And by the way, I established the SecurityRules attribute you outlined above and that solved my initial problem. Based on what you explained, this means I have to add the other APTC one, too. Is that accurate?

The APTC attribute is needed for medium trust environments. Otherwise you might remove it.

Thanks for confirming. Yes, the hosting environment is medium trust. I need to add it, then.

Is this the correct attribute?

[assembly:AllowPartiallyTrustedCallers]

Correct.

Thank you very much. I'll confirm during the afternoon if everything works as expected now.

You only have to add it to the generated code, as it's not needed you add it to the webapplication, as nothing is going to call that code from another assembly

Thanks for your help, guys.

Unfortunately, this other issue that was occurring is because 1and1 does not allow the use of LLBLGen code within a hosting site, so that's why all transactions were failing. I have to transition into a dedicated Windows server.

Thanks for all your help!!!!

Wait... they simply refuse our code, even if it's medium trust compatible?

Here's the E-mail Thread. I'm using 1and1 as the hosting company, just for the record.

My question to them was the following:

The problem that I'm confronting now is that all functionality managed by LLBLGen procedures is not working as expected (insert, update and delete actions). I'm trying to solve this issue and I found the following statement on your help center:

"For instance, no ASP.NET application may access the registry or carry out file accesses outside a particular user directory. Nor may the execution of so-called "unmanaged code"” (i.e. code that is not administrated by the .NET framework and which, for instance, carries out its own storage administration) be permitted."

I'm using LLBLGen Pro as the OR Mapper for my database actions (insert, Update and Delete). Do you consider this licensed product as part of your restrictions?

Their answer was the following:

Dear Marcos Santana,

Thank you for contacting us.

Since you are using LLBLGen Pro for your database actions like; insert, Update and Delete. This is actually not allowed. Since you are hosting your website on 1&1, you need to use our database for this and you can only manage your database using our MyAdmin. This is part of our shared hosting restrictions. Using a third party database application is not possible on our Shared Hosting packages due to MS SQL restrictions.

If you have any further questions please do not hesitate to contact us.

Sincerely, Leofe Sagolili Technical Support 1&1 Internet

After that, they confirmed that if I used a dedicated server then I can manage the security however I want and there will be no restrictions whatsoever.

Thank you guys! Best Regards

Marcos Santana

I think they assume LLBLGen Pro is a different database system. Tell them it's a data-access technology like EF, to access SQL Server. How else are you supposed to access their shared DB? Plain-old ADO.NET?

OMG, you won't believe what they answered! NEVER buy a shared hosting location with 1and1 if you intend to do custom development:

Dear Marcos Santana,

Thank you for contacting us.

Our administrators have informed us that as far as they know the entity framework is not supported however if you wish you can still try to use it to see if it works for you, as they are not 100% certain if this is the case.

If you have any further questions please do not hesitate to contact us.

-- Sincerely, Christopher Stezar Technical Support 1&1 Internet

Holy Mother of God! They DO intend for us to use ADO.NET

Best Regards, Otis. Thanks for the help.

Huh... in what age do they live? Even if the RDBMS service is shared, it's not 'shared' among other applications accessing it: each web application runs in its own application pool. At least I hope so for them.... So everything is already separated, whatever they use: ado.net, low-level ODBC using C... doesn't matter.

Incredible.

Isn't ADO.NET even with LLBLGenPro and EF at the end. I mean ORMs are usually built on top of ADO.NET. Why would they care from what assembly ado.net is called?

I agree with you guys 100%. It doesn't make sense at all. But it is what it is.