BinaryFormatter 关于序列化对象安全问题![.NET]
我想用 Cookies 存一个对象,于是对这个对象进行了序列化
方法:
#region 对象序列化
/// <summary>
/// 二进制对象序列化
/// </summary>
/// <param name="obj">对象</param>
/// <returns>返回二进制字符串</returns>
public static string BinarySerialize(object obj, string cookiename)
{
BinaryFormatter bf = new BinaryFormatter(); //声明一个序列化类
MemoryStream ms = new MemoryStream(); //声明一个内存流
bf.Serialize(ms, obj); //执行序列化操作
byte[] result = new byte[ms.Length];
result = ms.ToArray();
string temp = System.Convert.ToBase64String(result);
temp = Encrypt(temp, "nmf#gfs*fsa@Vhts");
HttpCookie cookie = new HttpCookie(cookiename);
//cookie.Expires = DateTime.Now.AddHours(2);
//cookie.Value = temp;
cookie.Values.Add("key", "zdcb");
cookie.Values.Add("val", temp);
HttpContext.Current.Response.Cookies.Add(cookie);
ms.Flush();
ms.Close();
return temp;
}
#endregion
这样后 在本机IIS上运行没问题
但 一部署到 国外空间 上后就报如下错!希望高手能够为在下指定一二,谢了!
Server Error in '/koreypharm.com' Application.
--------------------------------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
Line 904: BinaryFormatter bf = new BinaryFormatter(); //声明一个序列化类
Line 905: MemoryStream ms = new MemoryStream(); //声明一个内存流
Line 906: bf.Serialize(ms, obj); //执行序列化操作
Line 907: byte[] result = new byte[ms.Length];
Line 908: result = ms.ToArray();
Source File: d:\hosting\5386158\html\koreypharm.com\App_Code\Other\Helper.cs Line: 906
Stack Trace:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.SpecialDemand(PermissionType whatPermission, StackCrawlMark& stackMark) +0
System.Security.CodeAccessPermission.DemandInternal(PermissionType permissionType) +23
System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +60
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +134
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +13
Helper.BinarySerialize(Object obj, String cookiename) in d:\hosting\5386158\html\koreypharm.com\App_Code\Other\Helper.cs:906
Login_Login.Ibu_Submit_Click(Object sender, ImageClickEventArgs e) in d:\hosting\5386158\html\koreypharm.com\Login\Login.aspx.cs:57
System.Web.UI.WebControls.ImageButton.OnClick(ImageClickEventArgs e) +108
System.Web.UI.WebControls.ImageButton.RaisePostBackEvent(String eventArgument) +118
System.Web.UI.WebControls.ImageButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.login_login_aspx.ProcessRequest(HttpContext context) in App_Web_t2ut438y.2.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.4049