.netwcfsecurityexceptionwcf-behaviour

SecurityException when loading an app with a WCF behaviorExtension in the app.config over the network


I have an .NET 4 .exe (Winform Desktop app) to which I have added a WCF behaviorExtension. The app loads fine on the local machine, but throws a SecurityException when loaded across the network. If I omit the setMaxFaultSizeBehavior behaviorExtension then I can load the app over the network. I would appreciate any information that could help get this working. I have confirmed that the files are not blocked, and the assembly name is an exact match, including spaces.

The relevant part of the app.config looks like this (I shortened the type name and assembly name, in the actual config file, I use the full namespace and assembly name):

<system.serviceModel>
    <bindings configSource="bindings.config" />
    <client configSource="clients.config" />
    <extensions>
      <behaviorExtensions>
        <add name="setMaxFaultSizeBehavior" type="SetMaxFaultSizeBehavior, BehaviorAssembly, Version=1.8.0.0, Culture=neutral, PublicKeyToken=41b332442f1101cc" />
      </behaviorExtensions>
    </extensions>
    <behaviors>
      <endpointBehaviors>
       <behavior name="LargeQuotaBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483600" />
          <setMaxFaultSizeBehavior />
       </behavior>
      </endpointBehaviors>
    </behaviors>

The exception I get when running over the network is :

An error occurred creating the configuration section handler for system.serviceModel/behaviors: Request failed. (\\server\Share\app.exe.Config line 22)
Exception Type: System.Configuration.ConfigurationErrorsException
Source: System.Configuration

With an Inner Exception of System.Security.SecurityException


Solution

  • We just encountered the same problem last week. I was able to trace it back to a deployment error.... when copying the assembly files from a network location, we had forgotten to "unlock" them.

    i.e. the assembly containing the WCF extension element was marked as unsafe by Windows (because it had been copied from a network location).

    All we did to correct it was to click the Unlock button on the Properties dialog for this file (in Windows Explorer).