Uploaded image for project: 'Log4net'
  1. Log4net
  2. LOG4NET-347

Log4net not working in an ASP.Net environment with medium trust



    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.12
    • Component/s: Core
    • Labels:
    • Environment:
      Asp.Net environment running in medium trust


      As you know, .net 4 security policy are changed and are a lot more strict.

      First of all, I'm not an expert about .net 4 security =) and I never
      developed web apps for medium trust: this is my fist time.

      The problem is simple: log4net doesn't work in medium trust.

      the exception is thrown by the [SecurityCritical] Attribute of the

      System.Reflection.TargetInvocationException: Exception has been thrown
      "GetObjectData" method of ReadOnlyPropertiesDictionary class.

      by the target of an invocation. ---> System.TypeLoadException:
      Inheritance security rules violated while overriding member:
      System.Runtime.Serialization.StreamingContext)'. Security
      accessibility of the overriding method must match the security
      accessibility of the method being overriden.
      at log4net.Repository.Hierarchy.Hierarchy..ctor(ILoggerFactory
      at log4net.Repository.Hierarchy.Hierarchy..ctor()
      — End of inner exception stack trace —
      at System.RuntimeTypeHandle.CreateInstance(RuntimeType type,
      Boolean publicOnly, Boolean noCheck, Boolean& canBeCached,
      RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
      at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly,
      Boolean skipCheckThis, Boolean fillCache)
      at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly,
      Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
      at System.Activator.CreateInstance(Type type, Boolean nonPublic)
      at log4net.Core.DefaultRepositorySelector.CreateRepository(String
      repositoryName, Type repositoryType)
      at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
      repositoryAssembly, Type repositoryType, String repositoryName,
      at log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly
      repositoryAssembly, Type repositoryType)
      at log4net.Core.DefaultRepositorySelector.GetRepository(Assembly
      at log4net.Core.LoggerManager.GetRepository(Assembly repositoryAssembly)
      at log4net.Config.XmlConfigurator.Configure()

      According to this:

      Serialization in a partially-trusted application should be done in
      another way ([DataContract] attribute must used, you can't use
      [Serializable] attribute and can't use ISerializable interface to
      control the serialization process.

      I patched log4net in a insane way, but it works now: after removed the
      [Serializable] and the ISerializable interface all work fine, but of
      course i "lose" all the code performed by the implementation of the
      ISerializable interface.
      By the way the log is fine for me now and all I need seem to work.
      To be really onest, i don't know what I should loose doing a thing like

      Other library (like Ninject) provide a separate build for medium trust
      environment and it works great.

      I think would be really great to have a version like that for log4net.


        1. log4net-347.patch
          1 kB
          Andrew Arnott

          Issue Links



              • Assignee:
                nachbarslumpi Dominik Psenner
                michele_lepri Michele Lepri
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: