What should you do?

You work as the Microsoft.NET developer at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers in the domain run Windows Server 2003.
The development and deployment of Microsoft.NET Remoting components forms part of your responsibilities at Domain.com. You are currently developing a Microsoft.NET Remoting component that will be used to accept connections over a binary inter-process communication (IPC) channel. You make use of a configuration file to configure the remote host application for .NET Remoting. The component works as expected when you test the component from a client application after you have done the configuration. You then implement an event to notify client implications about any changes to the state of the component. The delegate that declares the event specifies an EventArgs-derived class named StateChangeEventArgs as its second parameter. This now results in a SecurityException instance being invoked when a client application attempts to attach a delegate to the event. This SecurityException instance is thrown with the following message:
Type System.DelegateSerializationHolder and the types derived from it (such as SystemDelegateSerializationHolder) are not permitted to be serialized at this security level.
You need to prevent this exception from being thrown.

What should you do?

You work as the Microsoft.NET developer at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers in the domain run Windows Server 2003.
The development and deployment of Microsoft.NET Remoting components forms part of your responsibilities at Domain.com. You are currently developing a Microsoft.NET Remoting component that will be used to accept connections over a binary inter-process communication (IPC) channel. You make use of a configuration file to configure the remote host application for .NET Remoting. The component works as expected when you test the component from a client application after you have done the configuration. You then implement an event to notify client implications about any changes to the state of the component. The delegate that declares the event specifies an EventArgs-derived class named StateChangeEventArgs as its second parameter. This now results in a SecurityException instance being invoked when a client application attempts to attach a delegate to the event. This SecurityException instance is thrown with the following message:
Type System.DelegateSerializationHolder and the types derived from it (such as SystemDelegateSerializationHolder) are not permitted to be serialized at this security level.
You need to prevent this exception from being thrown.

What should you do?

A.
Code access security to demand full trust permissions immediately before the configuration of the remote host application to accept remote connections should be used.

B.
<serverProviders>
<Formatter ref=”binary” typeFilterLevel=”Full”/>
</serverProviders>
should be added to the channel element in the server configuration file.

C.
The remote component should be hosted in Internet Information Services (IIS) 6.0 without changing the channel or the formatter.
Then configure a virtual directory to make use of integrated Windows authentication only.

D.
The StateChangeEventArgs class should be derived from MarchalByRefObject.
Then apply the Serializable attribute to the StateChangeEventArgs class.

Explanation:
you need to configure the binary formatter for full serialization. .NET Remoting makes use of low serialization be default. This results in the fact that only basic common language runtime (CLR) types are deserialized. For the full deserialization of delegates you should configure the binary formatter by setting the typeFilterLevel attribute of the formatter element to Full.
Incorrect answers:
A: The remote host application should not be configured to demand full trust permissions as it will not allow the remote component to deserialize delegates.
C: The IIS should not host the remote component. IIS only supports HTTP channels and in this case you are using IPC.
D: The StateChangeEventArgs classs should not be derived from MarshalByRefObject. Instances of marshal-by-reference types are not transmitted across application domains.



Leave a Reply 0

Your email address will not be published. Required fields are marked *