.NET Remoting, passing objects into methods

Question

I am writing a .NET Remoting application. I have my dll, server, and client all working correctly. However, when I try to change my method call to take an object parameter instead of a simple type like an int, it complains with this error.

Type System.Runtime.Remoting.ObjRef and the types from it (such as System.Runtime.Remoting.ObjRef) are not permitted to be deserialized at this security level.

The method is something like this.

public List<Orders> GetOrders(int UserID) { //Works

public List<Orders> GetOrders(Users user) { // Doesnt Work

[Serializable]
public class Users : MarshalByRefObject {

Now I have made the User class also, [Serializable] and given it MarshalByRefObject inheritance. Could this be my problem? I have tried removing [Serializable] from the User class and it complains cause it cant interpret it.

EDIT Ok, here is my client method.

IChannel channel = new TcpClientChannel();
ChannelServices.RegisterChannel(channel, false);
CustomType Server = (CustomType)Activator.GetObject(typeof(CustomType), "tcp://localhost:9934/CustomType");

Here is my server.

BinaryServerFormatterSinkProvider provider = new BinaryServerFormatterSinkProvider();
provider.TypeFilterLevel = TypeFilterLevel.Full;
IDictionary props = new Hashtable();
props["port"] = 9934;
TcpChannel channel = new TcpChannel(props, null, provider);
ChannelServices.RegisterChannel(channel);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(CustomType), "CustomType", WellKnownObjectMode.Singleton);
Console.WriteLine("Server is initialized");
Console.ReadLine();

Answer 1

"are not permitted to be deserialized at this security level." is the significant part.

See the following for the answer

http://www.codeproject.com/Articles/4363/NET-Remoting-in-Simple-English-Really-it-s-that-s

Set the following on both client and server:

typeFilterLevel="Full" in the Formatter tag

Answer 2

Ensure both the server and client configuration set the typeFilterLevel property to Full

or have your User class implement ISerializable

MSDN Documentation on .NET Remoting Serialization Security.

Answer 3

Actually, .NET remoting is an obsolete technology. You should take a look at WCF instead.

Regarding your actual problem: Your probably running your application in a trust-level that is too low.
The Users class should be serializable, but, if it does not contain any methods that should run at the server, it should not derive from MarshalByRefObject