Inheritance security rules violated while overriding member - SecurityRuleSet.Level2

Question

I have a class that inherits from Exception. In .NET 4, I started receiving a runtime error:

Inheritance security rules violated while overriding member: MyBusinessException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

I think the issue is caused by the fact that I am overriding GetObjectData.

I know one answer for resolving the issue is to set the SecurityRuleSet:

[assembly: SecurityRules(SecurityRuleSet.Level1)]

This is not an acceptable answer, I'd like to know how to fix the issue without having to relax the default security rules in .NET 4.

Answer 1

Mark GetObjectData with SecurityCriticalAttribute, because it's applied to Exception.GetObjectData. An overridden member should have the same security accessibility (Critical, Safe Critical or Transparent).

Read Security Changes in the .NET Framework 4 and Security Transparent Code, Level 2 from MSDN for more information.

To avoid all potential security runtime exceptions, enable Code Analysis with the Security rule set. You'll get static analysis warnings that might correspond to runtime errors.

Answer 2

Had this problem when I was calling an assembly that had AllowPartiallyTrustedCallers attribute:

[assembly: System.Security.AllowPartiallyTrustedCallers]

Removing it solved my problem without switching to SecurityRuleSet.Level1.