Registering throws 'Inheritance security rules violated while overriding member'

Question

For my school project, I'm using the default Account Controller register function that comes with an MVC project:

// POST: /Account/Register
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Register(RegisterViewModel model){
    if (ModelState.IsValid){
        var user = new ApplicationUser(){UserName = model.UserName};
        var result = await UserManager.CreateAsync(user, model.Password);
        if (result.Succeeded){
            await SignInAsync(user, isPersistent: false);
            return RedirectToAction("Index", "Home");
        }
        else{
            AddErrors(result);
        }
    }

    // If we got this far, something failed, redisplay form
    return View(model);
}

But when I click the register button in my form I get: Security accessibility of the overriding method must match the security accessibility of the method being overriden

I've searched a bit, and found that adding [SecurityCritical] should fix it, but you can't add that to an async task.

also found that adding [assembly: SecurityRules(SecurityRuleSet.Level1)] should do it, but also that doesn't work

This is only on my publish server (running version 4.0 with Integrated Pipeline)

Stacktrace:

[TypeLoadException: Inheritance security rules violated while overriding member: 'Microsoft.AspNet.Identity.TaskExtensions+CultureAwaiter`1<T>.UnsafeOnCompleted(System.Action)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.]
   Microsoft.AspNet.Identity.UserManager`2.CreateAsync(TUser user, String password) +0
   Admin.Controllers.<Register>d__8.MoveNext() +198
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +84
   System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeAsynchronousActionMethod>b__36(IAsyncResult asyncResult) +17
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
   System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50
   System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +225
   System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
   System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26
   System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
   System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +36
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +54
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
   System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +28
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +54
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
   System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +36
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +54
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9657896
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

What is the stacktrace of the exception you get? sounds like your class inheritance somewhere has `private` where it should be `public` — trailmax, Jan 02 '15 at 21:01
Have you tried creating a new project testing a different framework version? Unless you changed the `UserManager.CreateAsync` method, I don't see why this would be happening unless your trust level is different somehow or a bug in the framework. — Justin, Jan 05 '15 at 00:31
I didn't change any of the default functions, and I think it's due the fact that I can't change my trust level on the webspace. — Kiwi, Jan 06 '15 at 12:21
Try setting full trust on your IIS: http://technet.microsoft.com/en-us/library/cc753658(v=ws.10).aspx — Khanh TO, Jan 09 '15 at 14:35
I have just re-installed my computer and I don't have VS on my PC now. Can you try right clicking on "CreateAsync" => "Go To Definition" to see if there is an Security attribute. I guess "CreateAsync" requires full trust. — Khanh TO, Jan 09 '15 at 14:53
can't set it to full trust, school servers aren't configured for that. — Kiwi, Jan 11 '15 at 23:05

score 1 · Answer 1 · answered Jan 11 '15 at 16:25

1

Assemblies are given full trust only when registered under GAC. If your assembly is a private assembly, it is partial trust and transparent (example of transparent behavior). Since your assembly is a private assembly, the Dot Net CLR would ignore [SecurityCritical].

So if you plan to continue to keep the private assembly and run it in medium trust, you cannot override or access a [SecurityCritical] member.

How to install an assembly into the Global Assembly Cache in Visual C#

answered Jan 11 '15 at 16:25

Amirhossein Mehrvarzi

18,024
7
45
70

Not fully following you. could you explain a bit more? expecially why the the stock assemblies wouldn't be set for GAC. or is this just something that isn't done by default? – Kiwi Jan 11 '15 at 23:06
@Kiwi I placed the reason of appeared error and my solutions are: 1- change the used assembly trust level or 2-Considering its violation for medium trust(for overriding) :) – Amirhossein Mehrvarzi Jan 12 '15 at 08:16

Registering throws 'Inheritance security rules violated while overriding member'

1 Answers1

Linked