C#: Security accessibility of the overriding method must match the security accessibility of the method being overriden

I was porting a .Net 2.0 assembly to .Net 4.0 plugin assembly and faced this particular challenge.

The project had a test app(A WinForm app) and it worked fine on the desktop but when I deployed the logic on server to run as a plugin it gave the following error

xyz..GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext) Security accessibility of the overriding method must match the security accessibility of the method being overriden.
Just notice, the spelling for “overridden” is also not correct. But this is what .Net framework threw.
After some research I found that this behavior is “By Design” i.e. as per security transparency model defined in .Net v4.0. It basically has two models:
1. Level1 (High Level) for v2.0
2. Level2 for v4.0
Here is a a list of critical operations:

1. Call native code

2. Contain unverifiable code

3. Call critical code

4. Perform security asserts

5. Satisfy link demands

6. Derive from non-transparent types

7. Override security critical virtuals

And only full trust code can be security critical.

Hence an overridden member should have the same security accessibility (Critical, Safe Critical or Transparent).
To resolve this error take the following step:
Go to the AssemblyInfo.cs class to your project and add following attributes to it. And this should resolve the exception.

[assembly: SecurityRules(SecurityRuleSet.Level1)] 
[assembly: AllowPartiallyTrustedCallers]

I believe it might be helpful to many as there are lot of Dynamics CRM implementations being upgraded.

Reference links to the differences between both and transparency rules:
http://blogs.msdn.com/b/shawnfa/archive/2009/11/12/differences-between-the-security-rule-sets.aspx
http://blogs.msdn.com/b/shawnfa/archive/2009/11/03/transparency-101-basic-transparency-rules.aspx

Advertisements