2

I have an ASP.NET MVC4 app which uses DotNetOpenAuth 4.0.1 to authenticate users with an OpenId provider (Google). All works fine on my dev machine (localhost).

However, when I deploy the web application to the server (shared hosting), I get the following error when I attempt to authenticate (specifically, when I try to create an OpenIdRelyingParty):

Inheritance security rules violated while overriding member: 'DotNetOpenAuth.Messaging.ProtocolException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

Stack Trace:

DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) +0
DotNetOpenAuth.Messaging.Channel.ValidateAndPrepareBindingElements(IEnumerable`1 elements) +524
DotNetOpenAuth.Messaging.Channel..ctor(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements) +316
DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel..ctor(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements) +48
DotNetOpenAuth.OpenId.ChannelElements.OpenIdRelyingPartyChannel..ctor(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings) +52
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore) +570
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty..ctor() +65
MyProject.Controllers.OpenIdController.Authenticate(String returnUrl) in OpenIdController.cs:81
...

I have heard that DotNetOpenAuth works fine in medium trust, so I was surprised to get an error. How can I fix it? Do I need to modify the DotNetOpenAuth source code or is there a simpler way?

The question seems similar to this one but I wouldn't know which parts of the source need editing. Also it seems strange that nobody has asked this question before with regard to DotNetOpenAuth so maybe I'm doing something wrong? Please help!

Community
  • 1
  • 1
James
  • 7,343
  • 9
  • 46
  • 82

1 Answers1

0

It looks like you're running the DotNetOpenAuth build that targets .NET 3.5. A breaking change that .NET 4.0 introduced was the requirement for different security attributes. You can get the DotNetOpenAuth build that targets .NET 4.0 from NuGet.

Andrew Arnott
  • 80,040
  • 26
  • 132
  • 171
  • Thanks for your reply. I definitely have the .NET 4 build (the references say `Runtime Version v4.0.30319`). And my app is referencing the right DLLs because when I remove them it asks for them. Any idea what else might be up? – James Apr 06 '12 at 19:15
  • I will mark this as the answer, though I'm not sure what was going on. In the end I moved to a different hosting provider and it works. – James Apr 07 '12 at 12:22
  • I'm having this problem on .net 4 too. I'm also pretty sure I'm using the .NET 4.0 one... – Greg Apr 09 '12 at 13:25
  • ...but downloading dotnetauth 3.7 seems to work for me. On .Net 4. – Greg Apr 09 '12 at 15:09