Got this question a while ago and answered it today:
”I wrote a .NET Remoting application and get the following error when trying to make a connection to the server app. How come?”
Ah, one of the changes from .NET 1.0 to 1.1 is a more secure mechanism to control serialization and deserialization of .NET types across a remoting boundary. When a remote object is created (for example through Activator.CreateInstance), a local Transparent proxy is created, which is hooked up to a RealProxy object. Now, this first proxy is acquired by serializing an ObjRef object on the server and deserializing it on the client. Each type is sent like that from the server application (domain) across the remoting boundary. The security restrictions do not permit just any object to be (de)serialized. It used to be in .NET 1.0, but this was a potential weak spot in your app’s security.
To fix this error, you can tell your formatter objects that are used for the (de)serialization that all types are allowed. Adjust your config file to include a typeFilterLevel attribute in the <formatter> elements. Here’s a fragment:
<channels><channelref=”http”>
<serverProviders>
<providerref=”wsdl”/>
<formatterref=”soap”typeFilterLevel=”Full”/>
<formatterref=”binary”typeFilterLevel=”Full”/>
</serverProviders>
</channel>
</channels>
or set a corresponding dictionary property when creating the server’s formatter objects programmatically.
IDictionary props = new Hashtable();
props[“typeFilterLevel”] = “Full”;
SoapServerFormatterSinkProvider formatterProvider;
formatterProvider = new SoapServerFormatterSinkProvider(props, null);
Read more about it here.
