Browse Search Ask a Question!
Home : Serialization and .NET Framework 1.1
Q57896 - ERRMSG: Serialization and .NET Framework 1.1

Serialization and .NET Framework 1.1

  

Contents

  1. SYMPTOMS
  2. CAUSE
  3. RESOLUTION

SYMPTOMS

When passing serializable objects (this includes .NET object references) as parameters under .NET Framework 1.1 to a .NET server application, you may get the error as reported by J-Integra for .NET: 

com.intrinsyc.janet.RemoteException: Server threw an exception: ****
System.Runtime.Serialization.SerializationException - Insufficient state to deserialize the object.  More information is needed.
or 
com.intrinsyc.janet.RemoteException: Server threw an exception: ****
System.Runtime.Serialization.SerializationException - Because of security restrictions, the type SimpleRemoting.Stock cannot be accessed.

CAUSE

As of .NET Framework 1.1 (v1.1.4322), Microsoft has introduced secure serialization in .NET Remoting. This is because any remoting system that relies on run-time type validation must deserialize a remote stream to begin using it, and malicious clients could use the moment of serialization or deserialization to the detriment of your application. A new attribute, typeFilterLevel was introduced and must be set in the configuration file. See Backwards Breaking Changes from version 1.0 to 1.1 for more details.

RESOLUTION

On the .NET server side, you'll need to change your remoting configuration file to add the following XML (if you are hosting in IIS or Component Services, the configuration file is named web.config. For example, if the channel you are registering for the server to listen on looked like this: 

<channel port="5656" ref="tcp"/>
then change to: 
<channel port="5656" ref="tcp">
  <serverProviders>
    <provider ref="wsdl"/>
    <!-- For binary format -->
    <formatter ref="binary" typeFilterLevel="Full"/>
    <!-- For soap format -->
    <formatter ref="soap" typeFilterLevel="Full"/>
  </serverProviders>
</channel>

The typeFilterLevel attribute is not recognized under .NET Framework 1.0 (v1.0.3705) and you will get an exception if you try to run your application with this attribute under .NET Framework 1.0.

Status

This is a Microsoft issue and requires no changes to the J-Integra for .NET runtime.
Related Articles
No Related Articles Available.

Article Attachments
No Attachments Available.

Related External Links
No Related Links Available.
Help us improve this article...
What did you think of this article?

poor 		 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 excellent
Tell us why you rated the content this way. (optional)
 
Approved Comments...
No user comments available for this article.
Created on 6/23/2006.
Last Modified on 7/10/2006.
Last Modified by No Author Name Available!.
Article has been viewed 10957 times.
Rated 9 out of 10 based on 2 votes.
Print Article
Email Article