Code Access Security appears to be being ignored

Question

I have a simple extension implementation of WebHostBufferPolicySelector

public class MyBufferPolicySelector : WebHostBufferPolicySelector
{
    private const string _STREAMING_CONTENT_IDENTIFIER = "multipart";

    public override bool UseBufferedInputStream(object hostContext)
    {
        var httpContext = hostContext as HttpContextBase;
        bool? stream = !httpContext?.Request.ContentType.StartsWith(_STREAMING_CONTENT_IDENTIFIER);
        return stream.HasValue ? stream.Value : true;
    }
}

But when this dll attempts to load at runtime, I'm seeing the following error

Inheritance security rules violated while overriding member: 'System.Web.Http.WebHost.WebHostBufferPolicySelector.UseBufferedInputStream(System.Object)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

Ok, pretty clear, let's dive into Code Access Security stuff (I'm on .NET 4.5).

As far as I can tell (from its metadata), WebHostBufferPolicySelector and its members are Transparent.

Things I've tried:

• Decorating my implementation and its member with SecurityCritical
• Decorating my implementation and its member with SecuritySafeCritical
• Decorating the assembly my implementation lives in with [assembly: SecurityRules(SecurityRuleSet.Level2)]
• Decorating the assembly my implementation lives in with [assembly: SecurityRules(SecurityRuleSet.Level1)]
• (Shot in the Dark) Implement the other member UseBufferedResponseStream
• (Shot in the Dark) Removed all but a shell implementation that calls base.RelevantMember

No matter what, I get the same error message.

What else can I check?

UPDATE: Trying [assembly: System.Security.AllowPartiallyTrustedCallers] got me past hitting a security issue with UseBufferedInputStream, but I still hit the same error message on a different class within this assembly, this one deriving from System.Exception.

---

More Context

Some things that may be relevant, but I'm unsure how to rule them out:

• This occurs in an ASP.NET Application_Start
• The error occurs when constructing a System.Web.Mvc.DefaultControllerFactory, when calling Ninject.IKernel.Load(<dll containing *MyBufferPolicySelector*>)

References (among others):

• Code Access Security, Level 2
• Link Demands
• This Post
• That Post