in .net 4 I get the following exception after adding a custom control with a designer to my page.
Inheritance security rules violated by type: 'WebApplication1.MyDesigner'. Derived types must either match the security accessibility of the base type or be less accessible.
I want to use the new default CAS policy, so setting the RuleSet to Level1 is not an option.
Paul van Bre...
0 Points
4 Posts
SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 08, 2012 09:46 PM|LINK
in .net 4 I get the following exception after adding a custom control with a designer to my page.
Inheritance security rules violated by type: 'WebApplication1.MyDesigner'. Derived types must either match the security accessibility of the base type or be less accessible.
I want to use the new default CAS policy, so setting the RuleSet to Level1 is not an option.
assemblyinfo.cs
[assembly: SecurityTransparent]
[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level2)]
default.aspx.cs
public partial class _default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
this.LoadControl(typeof(MyControl), new object[0]);
}
}
[SecuritySafeCritical]
internal class MyDesigner
: System.Web.UI.Design.ControlDesigner
{
[SecuritySafeCritical]
public MyDesigner() { }
}
[Designer(typeof(MyDesigner))]
[ParseChildren(false), PersistChildren(true)]
public class MyControl : WebControl
{
}
I added the attributed to the designer based on suggestions from StyleCop, but that makes no difference.
Any ideas?
cts-mgraham
Contributor
3318 Points
642 Posts
Microsoft
Re: SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 14, 2012 10:42 AM|LINK
SecurityTransparentAttribute is obsolete in .NET 4. In your assemblyinfo code, remove it or comment it out.
Paul van Bre...
0 Points
4 Posts
Re: SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 15, 2012 09:39 PM|LINK
Removing that attribute doesn't resolve the issue.
And based on the documentation here [0], the attribute doesn't appear to be obsolete.
[0] http://msdn.microsoft.com/en-us/library/dd233102
cts-mgraham
Contributor
3318 Points
642 Posts
Microsoft
Re: SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 16, 2012 02:48 PM|LINK
From your first post, it says that you have this:
[assembly:SecurityTransparent]
Your link shows that you can either not have it at all, or you could use:
[assembly: SecurityRules(SecurityRuleSet.Level2)]
But you can't have [assembly:SecurityTransport] in .NET 4.0.
Paul van Bre...
0 Points
4 Posts
Re: SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 16, 2012 06:14 PM|LINK
I didn't read that in the post I linked... but removing the attribute does not make a difference, nor does moving the designer to a separate assembly.
Paul van Bre...
0 Points
4 Posts
Re: SecurityException when deriving control from System.Web.UI.Design.ControlDesigner
May 16, 2012 06:42 PM|LINK
I resolved this as follows, use the constructor which takes a string for the designer attribute.
[Designer("<namespace.<type>, <assembly>, ....")]
this prevents the clr from loading the type used as a designer, so the exception isn't raised.