FluentSecurity not working with mvc 4

[jincod]

install mvc 4 as nuget package

[kristofferahl]

Hi Vadim,
Thanks for the pull-request. Only thing I'm a bit worried about is if this will break for Mvc 3 apps. I will need to do some research on this but this should be the way we move forward. If all looks good I will apply this pull-request as soon as I find the time to do so.

Until then you should be able to fix this using assembly redirect in your web.config. Let me know if this works for you.

<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
  <dependentAssembly>
    <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
  </dependentAssembly>
  <dependentAssembly>
    <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
  </dependentAssembly>
  <dependentAssembly>
    <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="0.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
  </dependentAssembly>
</runtime>

[jincod]

My web.config has the same configuration. The application works in a proper way, but the tests were failed. After the app.config has been added to the test library the tests pass. Thx!

[kristofferahl]

Would you say this issue is resolved for now? I will look at distributing different packages for MVC 3 and 4 in time for the final releas.

[jincod]

Yes, works fine!

[kristofferahl]

Great. I'll leave this pull-request open for now as a reminder. If you feel like blogging about the problem and solution it would be much appreciated!

[jincod]

I've written a short post about this problem: https://gist.github.com/3840929

[jskrepnek]

Hi,

We're having issues using custom violation handlers in conjunction with MVC 4 and Azure. We've tried against 1.4 and the latest pre-release version.

The assembly binding redirect is in place as above but does not resolve the error.

This is the error we get as the instance is started by the Azure Dev Fabric:

System.TypeLoadException: Unable to load the role entry point due to the following exceptions:
-- System.TypeLoadException: Signature of the body and declaration in a method implementation do not match.

public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    ActionResult IPolicyViolationHandler.Handle(PolicyViolationException exception)
    {
        //http://weblogs.asp.net/mikebosch/archive/2008/02/02/asp-net-mvc-tip-2-redirecting-to-another-action-and-passing-information-to-it.aspx
        return new RedirectToRouteResult(new RouteValueDictionary(new { controller = "account", action = "logon", area = "" }));
    }
}

Can anyone confirm that they have used violation handlers with MVC 4?

Thanks for any help!

[kristofferahl]

Where is this exception coming from? FluentSecurity? Your app?

I have successfully used violation handlers in an MVC4 app in azure so I need more information if I am to help investigate this.

One thing that looks strange in your example is the signature of your violation handler implementation. Try this instead:

public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {
        return new RedirectToRouteResult(new RouteValueDictionary(new { controller = "account", action = "logon", area = "" }));
    }
}

[jskrepnek]

Thanks for looking at this. Indeed, the signature of the violation handler that I posted does look strange. I believe we had been fooling around with the signature to see what might happen; I'm not sure how the access modifier got dropped. In the other case, we tried declaring the method explicitly. Long story short, we did begin with the signature that you suggested. My hopes were raised momentarily, alas ...

What information would help you investigate this?

Here's a more complete copy of the error text taken from the Compute Emulator:

[runtime] Role entrypoint could not be created:
System.TypeLoadException: Unable to load the role entry point due to the following exceptions:
-- System.TypeLoadException: Method 'Handle' in type    '           SiteDocs.Infrastructure.Panel.Web.Security.DenyAnonymousAccessPolicyViolationHandler' from assembly       'SiteDocs.Infrastructure.Panel.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have an implementation.
 ---> System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve  the      LoaderExceptions property for more information.
     at System.Reflection.RuntimeModule.GetTypes(RuntimeModule module)
   at System.Reflection.RuntimeModule.GetTypes()
   at System.Reflection.Assembly.GetTypes()
   at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly)
   --- End of inner exception stack trace ---
   at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly)
   at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.CreateRoleEntryPoint(RoleType roleTypeEnum)
   at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(RoleType roleTypeEnum)
 [fabric] Role state Destroyed

With the following binding redirects:

 <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>

• same issue with FluentSecurity 1.4 and 2.0 alpha

[kristofferahl]

To me this looks like an Azure related exception. Have very little experience with it but maybe this can help:
http://stackoverflow.com/questions/3178465/unable-to-start-azure-application-in-dev-fabric

A few questions if that did not do the trick:

1. How do you configure the violation handlers (using 2.0-alpha)?
2. Have you registered an IoC container (configuration.ResolveServicesUsing) for FluentSecurity to use?

[jskrepnek]

That Azure issue doesn't seem related, although certainly Azure could be the culprit here.

I'm trying to boil this down.

What would you expect to happen, given that I've pulled out all of the configuration related to violation handlers, and leave only a class that implements IPolicyViolationHandler?

[jskrepnek]

To simply this a bit:

In VS 2010:

This works:

• create a new MVC 4 project with an internet application
• import the latest fluentsecurity prerelease
• add a class that implements IPolicyViolationHandler
• play with no problems

This doesn't work:

• create a new azure cloud service project with a MVC 4 internet application

• import the latest fluentsecurity prerelease

• add a class that implements IPolicyViolationHandler

• debug/run and the web role fails to load with the following error:

  [runtime] Role entrypoint could not be created:
  System.TypeLoadException: Unable to load the role entry point due to the following exceptions:
  -- System.TypeLoadException: Method 'Handle' in type 'MvcWebRole1.TestPolicyViolationHandler' from assembly 'MvcWebRole1, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have an implementation.
  ---> System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.
  at System.Reflection.RuntimeModule.GetTypes(RuntimeModule module)
  at System.Reflection.RuntimeModule.GetTypes()
  at System.Reflection.Assembly.GetTypes()
  at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly)
  --- End of inner exception stack trace ---
  at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly)
  at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.CreateRoleEntryPoint(RoleType roleTypeEnum)
  at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(RoleType roleTypeEnum)

[jskrepnek]

OK. We boiled this down. Long story short, the scenario of an MVC4 (Web.Mvc 4) Internet Application running on a Azure Cloud Project (Web Role), where an interface that is defined in a referenced class library which itself references MVC3, and the interface contains a method signature that returns an ActionResult (in this case), results in a TypeLoadException (see above).

To be clear, Azure + MVC3 + FluentSecurity + Policy Violation Handlers work fine.

What appears to be the solution, and what I'd like you to consider, is changing the "Specific Version" property of the "System.Web.Mvc" reference in the class library (FluentSecurity in this case) to false. It appears that when "Specific Version" is true the binding redirects either fail (no record of this in the logs) or are never attempted.

See attached image.

In the boiled down version described above, changing "Specific Version" to false resolved the TypeLoadException and allowed us to implement the class library's interface that was built against MVC 3.

I haven't forgotten that you've said you've successfully used Azure / MVC4 / Fluent Security / PolicyViolationHandlers, which is mystifying.

Looking forward to ideas!

[jskrepnek]

Any thoughts on this?

[kristofferahl]

@ekeonit Sorry for not replying. Christmas time is not the best time for doing open source stuff I'm afraid. ;O)
I'll see if I can find the time to have a look at it sometime this week.

[jskrepnek]

Thanks Kristoffer!

Joel

On 2012-12-18, at 10:54 PM, Kristoffer Ahl notifications@github.com wrote:

@ekeonit Sorry for not replying. Christmas time is not the best time for doing open source stuff I'm afraid. ;O)
I'll see if I can find the time to have a look at it sometime this week.

—
Reply to this email directly or view it on GitHub.

[mubeda]

Hi Kristoffer,
I have the same problem with Azure / MVC4 / Fluent Security / PolicyViolationHandlers, .
Changing System.Web.dll "Specific Version" to false did not work for me.
Can you please advice me about how to solve this problem too?

Thank you a lot!
Mauro

[jskrepnek]

Hi Mauro,

The issue is against System.Web.Mvc. You say above that you changed the
property on System.Web.dll. Can you confirm?

-- Joel

On Wed, Dec 19, 2012 at 12:18 PM, mubeda notifications@github.com wrote:

Hi Kristoffer,
I have the same problem with Azure / MVC4 / Fluent Security /
PolicyViolationHandlers, .
Changing System.Web.dll "Specific Version" to false did not work for me.
Can you please advice me about how to solve this problem too?

Thank you a lot!
Mauro

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/39#issuecomment-11546560.

[mubeda]

Hi Joel,
Yes i change the "Specific Version"property to False on Sytem.Web and System.Web.Mvc but i'm still having getting the "System.TypeLoadException".
Did you solve this problem on this way?

Best,
Mauro

[aknuds1]

I'm having a similar problem which is triggered by Entity Framework, inside my unit test library for an ASP.NET MVC 4 application. Upon calling DbContext.Database.Initialize (in the test fixture setup method), a ReflectionTypeLoadException is raised, saying the following: "Method 'Handle' in type 'MyApp.Security.DenyAnonymousAccessPolicyViolationHandler' from assembly 'MyApp, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have an implementation.":"MyApp.Security.DenyAnonymousAccessPolicyViolationHandler".

I have verified that the Handle method is implemented, and there's no problems with the application itself.

[jskrepnek]

Mauro,

Can you also confirm that you changed the "Specific Version" property of System.Web.Mvc referenced by the fluent security project (i.e: you have built fluent security from the source after making the change);

and not

that you've changed the "Specific Version" property of System.Web.Mvc in your project which references fluent security

Thanks,

-- Joel

[mubeda]

Hi there!
I solved the problem by getting sources and building it from my project (VS 2012). That's all i did not change anything else.
So, probably it was a dependency problem as it was described here. Let me know if i can help you.

Regards,
Mauro

[colinbowern]

I'm running into a similar issue. The problem pops up when I run InstallUtil against the ASP.NET MVC 4 project which has an installer to create an event log source. Changing the specific version flag doesn't seem to make a difference. Some hints here perhaps? http://stackoverflow.com/questions/948785/typeloadexception-says-no-implementation-but-it-is-implemented

[ecirmada]

I too solved the issue by recompiling against v4 of MVC. I don't really have the time to work out why my solution is having problems with it, even with 'specific version' set to false and:

It would be nice to have it as a nuget package...