Reputation: 1358
Formatter error: There was an error while trying to deserialize parameter after Windows updates
I have a WCF request that was working fine until some windows updates. After that I get this error and I am not able to find out how to solve it.
The error is:There was an error while trying to deserialize parameter http://tempuri.org/:CommandRequestResult. Please see InnerException for more details.
InnerException: Type 'NEntities.IPAElement, NEntities, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' is not allowed here. See https://go.microsoft.com/fwlink/?linkid=2132227 for more information.
Here my class IPAElement and the enum contained inside. Even I change the enum with a string I still get the same error, so it should not be the problem
[Serializable()]
[DataContract(IsReference = true)]
public class IPAElement//:ISerializable
{
public IPAElement(List<string> bodyElNames, List<ElementType> bodyElTypes)
{
BodyElement = bodyElNames;
BodyRowElementType = bodyElTypes;
}
public IPAElement()
{ }
[DataMember]
public List<string> HeaderElement;
[DataMember]
public List<string> BodyElement;
[DataMember]
public List<string> FooterElement;
[DataMember]
public List<ElementType> HeaderRowElementType;
[DataMember]
public List<ElementType> BodyRowElementType;
[DataMember]
public List<ElementType> FooterRowElementType;
}
[Serializable]
public enum ElementType
{
[XmlEnum("1")]
ElementName = 1,
[XmlEnum("2")]
Material = 2,
[XmlEnum("3")]
MaterialColor = 3,
[XmlEnum("4")]
Notes_1 = 4,
[XmlEnum("5")]
Notes_2 = 5,
[XmlEnum("6")]
Notes_3 = 6,
};
Any ideas on how to solve it? Thank you Andrea
Upvotes: 0
Views: 219
Answers (1)
Reputation: 13529
It's caused by a security fix in Windows Update KB4565633.
You'll likely need this, after checking that your use case was not affected by the security vulnerability:
AppDomain.CurrentDomain.SetData("System.Data.DataSetDefaultAllowedTypes", typeof(IPAElement));
On the face of it, it doesn't look like that your IPAElement could cause execution of arbitrary code on deserialization, no matter what an evil man in the middle (or evil source) includes in the serialized content, so this kind of a fix should be safe enough in your particular use case. (I wouldn't be able to say this much if you hadn't provided ElementType for review; and I'm still only guessing that DataMemberAttribute is what it normally is.)
However, you should not trust my word and you should read up on the vulnerability and reach your own conclusions if your app is supposed to care about security, before you decide to unlock the door which Microsoft chose to lock.
Upvotes: 0
Related Questions
- WCF The formatter threw an exception while trying to deserialize the message
- WCF error 'There was an error while trying to serialize parameter...'
- WCF Exception : There was an error while trying to deserialize parameter
- WCF Serialization Exception - NetDataContractSerializer
- WCF service Exception:The formatter threw an exception while trying to deserialize the message
- WCF Client Exception: error while trying to deserialize parameter
- The formatter threw an exception while trying to deserialize the message
- WCF parameter serializing Error
- Deserialization : type conversion error (different versions)
- CommunicationException: Error while trying to serialize parameter