Why does this code call the OnDeserializedHandler event?

Why does this code call the OnDeserializedHandler event?

Old forum URL: forums.lhotka.net/forums/t/9402.aspx

bgilbert posted on Wednesday, August 18, 2010

I have an class that creates memorystream objects. When it calls this, it fails inside the OnDeserializedHandler method. None of the objects or values my class is dealing with are based on CSLA classes, although I'm using CSLA for my application identity object. Why is it firing this event and is there a way to stop it from doing so?


Here's the code in question:

Private Shared Function CreateStream(ByVal name As StringByVal fileNameExtension As StringByVal encoding As EncodingByVal mimeType As StringByVal willSeek As BooleanAs Stream
Dim stream As Stream = New MemoryStream()
Return stream
End Function

Private Shared Sub Export(ByVal report As LocalReport)
Dim deviceInfo As String = "<DeviceInfo>" & _
 "<OutputFormat>EMF</OutputFormat>" & _
 "<PageWidth>8.5in</PageWidth>" & _
 "<PageHeight>11in</PageHeight>" & _
 "<MarginTop>0.5in</MarginTop>" & _
 "<MarginLeft>0.5in</MarginLeft>" & _
 "<MarginRight>0.5in</MarginRight>" & _
 "<MarginBottom>0.5in</MarginBottom>" & _
Dim warnings As Warning() = Nothing
m_streams = New List(Of Stream)()
report.Render("Image", deviceInfo, AddressOf CreateStream, warnings)
For Each stream As Stream In m_streams
stream.Position = 0
End Sub


Curelom replied on Wednesday, August 18, 2010

Any object you pull out of a stream has to deserialize, whether it's CSLA or not. 

What code do you have in the deserialize handler?

bgilbert replied on Wednesday, August 18, 2010

Thanks for your reply.

The deserialize handler is in CSLA.Core.BusinessBase (OnDeserializedHandler).

The error I'm getting is "That assembly does not allow partially trusted callers". It's not clear which assembly "that" refers to. All my own assemblies are set to full trust and I've marked them all with AllowPartiallyTrustedCallers. I've beat this issue to death and cannot understand why this is happening. If I could prevent this handler from handling this specific call, it would fix my problems.



RockfordLhotka replied on Wednesday, August 18, 2010

BinaryFormatter and NDCS call a method on deserialization. That method is designated by an attribute. There's a method in the CSLA base classes with that attribute. That method implementation then calls OnDeserialized(), which is virtual so you can override it.

CSLA requires the deserialization notification to do some work - without it some parts of CSLA won't work.

CSLA itself is probably not marked as being safe for calling from partially trusted callers. That could be percieved as a security hole, since I've made no effort to prevent security exploits in that scenario - which isn't to say that there's a problem - just that there could be, and I've never tried to find out.

But you could certainly mark your Csla.dll to allow partially trusted callers and assume that risk (and corresponding benefit) yourself.

bgilbert replied on Thursday, August 19, 2010


Thanks for your reply.

I've tried adding AllowPartiallyTrustedCallers to CSLA, but it didn't help.

More information:

The object that is being deserialized is my custom identity object. This is being hit only when I run code to print an rdlc report through a ReportViewer control in a ClickOnce app. Also, it never fails in Visual Studio, only when it's run from the deployment version. The actual error is "The type initializer for MyIdentity threw an exception" and it fails in InitializeBusinessRules on the AddBusinessRules line.The inner exception is "That assembly does not allow partially trusted callers". This ONLY gets thrown when I do the print thing, never for any other classes.

Any other ideas?


bgilbert replied on Thursday, August 19, 2010

The workaround I found for this was to run my code in a background thread and set the new thread's CurrentPrincipal to a new GenericPrincipal instance.



Copyright (c) Marimer LLC