After updating from nightly 2013 Jul 20 build to 2013 Aug 09 build from myget and I'm receiving this error upon the startup of the host:
using (WebApp.Start<Startup>(serverUrl)
The error is:
"Inheritance security rules violated while overriding member: 'Autofac.Integration.WebApi.AutofacWebApiDependencyResolver.BeginScope()'.
Security accessibility of the overriding method must match the security accessibility of the method being overriden.":"Autofac.Integration.WebApi.AutofacWebApiDependencyResolver.BeginScope()"
What has been changed in terms of added .Net security to the new version and what modification do I've to apply to my host assembly to make it work with the newer builds?
Specifying SecurityTransparent does not work, since then I get this error:
Attempt by security transparent method 'Host.Program.Main(System.String[])' to access security critical method 'Microsoft.Owin.Hosting.WebApp.Start<Host.Startup>(System.String)' failed.
Thanks for the help,
Attila
Comments: Since the first error was regarding Autofac WebApi component I decided to compile Autofac WebApi against the latest WebApi sources and for .Net 4.5 Framework explicitly, since Autofac only targets 4.0 and the released WebApi. When I first compiled the original source code against 4.0 Framework since CA was turned on, the compiler reported the possible security problems with method invocations. At that point it made sense why did I get the runtime errors with the Autofac WebApi integration component. I saw that this component has AllowPartiallyTrustedCallers attribute, so I've removed it, since as you also said, only full trust is possible in .Net 4.5. So I've changed the Framework version of this component to 4.5, updated the nuget packages to the latest dev copies (0809) and compiled the Autofac WebApi integration project. After updating the references in my solution to this newly built binary and update the nuget packages to 0809, all the runtime errors vanished and the server was up and running. I hope this thread will help to other brave migrating warriors :-) Thanks, Attila
using (WebApp.Start<Startup>(serverUrl)
The error is:
"Inheritance security rules violated while overriding member: 'Autofac.Integration.WebApi.AutofacWebApiDependencyResolver.BeginScope()'.
Security accessibility of the overriding method must match the security accessibility of the method being overriden.":"Autofac.Integration.WebApi.AutofacWebApiDependencyResolver.BeginScope()"
What has been changed in terms of added .Net security to the new version and what modification do I've to apply to my host assembly to make it work with the newer builds?
Specifying SecurityTransparent does not work, since then I get this error:
Attempt by security transparent method 'Host.Program.Main(System.String[])' to access security critical method 'Microsoft.Owin.Hosting.WebApp.Start<Host.Startup>(System.String)' failed.
Thanks for the help,
Attila
Comments: Since the first error was regarding Autofac WebApi component I decided to compile Autofac WebApi against the latest WebApi sources and for .Net 4.5 Framework explicitly, since Autofac only targets 4.0 and the released WebApi. When I first compiled the original source code against 4.0 Framework since CA was turned on, the compiler reported the possible security problems with method invocations. At that point it made sense why did I get the runtime errors with the Autofac WebApi integration component. I saw that this component has AllowPartiallyTrustedCallers attribute, so I've removed it, since as you also said, only full trust is possible in .Net 4.5. So I've changed the Framework version of this component to 4.5, updated the nuget packages to the latest dev copies (0809) and compiled the Autofac WebApi integration project. After updating the references in my solution to this newly built binary and update the nuget packages to 0809, all the runtime errors vanished and the server was up and running. I hope this thread will help to other brave migrating warriors :-) Thanks, Attila