Hello all, as you know, .net 4 security policy are changed and are a lot more strict.
First of all, I'm not an expert about .net 4 security =) and I never developed web apps for medium trust: this is my fist time. The problem is simple: log4net don't works in medium trust. the exception is thrown by the [SecurityCritical] Attribute of the System.Reflection.TargetInvocationException: Exception has been thrown "GetObjectData" method of ReadOnlyPropertiesDictionary class. by the target of an invocation. ---> System.TypeLoadException: Inheritance security rules violated while overriding member: 'log4net.Util.ReadOnlyPropertiesDictionary.GetObjectData(System.Runtim e.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden. at log4net.Repository.Hierarchy.Hierarchy..ctor(ILoggerFactory loggerFactory) at log4net.Repository.Hierarchy.Hierarchy..ctor() --- End of inner exception stack trace --- at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at log4net.Core.DefaultRepositorySelector.CreateRepository(String repositoryName, Type repositoryType) at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType, String repositoryName, Boolean readAssemblyAttributes) at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType) at log4net.Core.DefaultRepositorySelector.GetRepository(Assembly repositoryAssembly) at log4net.Core.LoggerManager.GetRepository(Assembly repositoryAssembly) at log4net.Config.XmlConfigurator.Configure() [CUT] According to this: http://msdn.microsoft.com/en-us/library/bb924412.aspx Serialization in a partially-trusted application should be done in another way ([DataContract] attribute must used, you can't use [Serializable] attribute and can't use ISerializable interface to control the serialization process. I patch log4net in a insane way, but it works now: after removed the [Serializable] and the ISerializable interface all work fine, but of course i "lose" all the code performed by the implementation of the ISerializable interface. By the way the log is fine for me now and all I need seem to work. To be really onest, i don't know what I should loose doing a thing like that.. Other library (like Ninject) provide a separate build for medium trust environment and it works great. I think would be really great to have a version like that for log4net. Tell me what do you think about it, how I could help and if I should fill a jira issue. Thanks and best regards michele -- http://michelelepri.blogspot.com/
