Medium Trust? [3.5 r6]

Mar 11, 2010 at 4:47 AM
Edited Mar 11, 2010 at 4:48 AM

Updated to the latest 3.5 release 6 (from a few releases back) and now running into Medium Trust exceptions.

A .aspx sample must be running in Medium Trust.

Web.config

<trust level="Medium" />

Just wondering if anyone else can reproduce the "System.Security.Permissions.ReflectionPermission" with the code sample below? 

Example

<%@ Page Language="C#" %>

<%@ Import Namespace="Newtonsoft.Json" %>

<script runat="server">
    protected void Page_Load(object sender, EventArgs e)
    {
        Customer customer = new Customer { 
            Name = "Bob"
        };
        
        string json = JsonConvert.SerializeObject(customer);

        Response.Write(json);
    }

    public class Customer
    {
        public string Name { get; set; }
    }
</script>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Json.NET Example</title>
</head>
<body>
</body>
</html>

Stack Trace

[SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +58
   System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Type owner, StackCrawlMark& stackMark, Boolean skipVisibility) +7590369
   System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Type owner, Boolean skipVisibility) +40
   Newtonsoft.Json.Utilities.LateBoundDelegateFactory.CreateDynamicMethod(String name, Type returnType, Type[] parameterTypes, Type owner) +86
   Newtonsoft.Json.Utilities.LateBoundDelegateFactory.CreateDefaultConstructor(Type type) +60
   Newtonsoft.Json.Serialization.DefaultContractResolver.InitializeContract(JsonContract contract) +164
   Newtonsoft.Json.Serialization.DefaultContractResolver.CreateObjectContract(Type objectType) +43
   Newtonsoft.Json.Serialization.DefaultContractResolver.CreateContract(Type objectType) +163
   Newtonsoft.Json.Utilities.ThreadSafeStore`2.AddValue(TKey key) +50
   Newtonsoft.Json.Utilities.ThreadSafeStore`2.Get(TKey key) +65
   Newtonsoft.Json.Serialization.DefaultContractResolver.ResolveContract(Type type) +20
   Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.GetContractSafe(Object value) +57
   Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value) +26
   Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value) +48
   Newtonsoft.Json.JsonConvert.SerializeObject(Object value, Formatting formatting, JsonSerializerSettings settings) +180
   Newtonsoft.Json.JsonConvert.SerializeObject(Object value) +8
   ASP.window_buttontab_aspx.Page_Load(Object sender, EventArgs e) +101
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
   System.Web.UI.Page.ProcessRequest() +80
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.window_buttontab_aspx.ProcessRequest(HttpContext context) +37
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 

If you replace the "customer" object above with just a simple object type, then no Exception and result is as expected. 

Example 

string json = JsonConvert.SerializeObject("test");

 


Any thoughts. I'll keep poking around in case I missed something obvious. 

 

 

Mar 11, 2010 at 4:57 AM

I confirmed the Exception occurs in a fresh WebApplication project with new Newtonsoft.Json Assemblies and References. 

Ran the same .aspx as posted above. No other files or outside References in .sln.

 

Mar 12, 2010 at 7:22 AM

I am having a similar problem although I have my trust level set to Full.

The problem occurs on both my development laptop running Windows 7, and on the production server running Windows Server 2008 (both of which use IIS7). The exact same code seems to work fine on the testing environment which is running Windows 2000 server with IIS6. The stack trace and error message look identical to the one posted above.

Also my development laptop and the testing server are both 32 bit while the production server is 64.

I added the dll to the website through the "Add Reference" process which put it in the Bin directory.

Any idea how I can get this working on all three environments.

Thanks,
Wesling

Coordinator
Mar 17, 2010 at 6:57 AM

I've made a whole bunch of changes so that Json.NET can fall back to plain old .NET reflection in medium trust.

http://json.codeplex.com/SourceControl/list/changesets

It would be really great to know if this fixes your issue.

Mar 18, 2010 at 5:14 AM

Hi James,

Thanks for the update. 

We updated our project with the latest from Json.NET SVN and everything appears to be working perfectly. I've committed the update to our SVN, so we should hear soon from our community if there's any issues.

I'll post another update in a week or so. 

Any guesses on the performance boost of running in full trust?

Thanks again!

Mar 24, 2010 at 12:07 AM

James,

I too am receiving a security exception in Medium Trust when trying to serialize an object. I updated to change set 48523 and although the above example works with serializing a single "Customer", it seems to still throw an exception when used with a collection of objects.

<%@ Page Language="C#" %>

<%@ Import Namespace="Newtonsoft.Json" %>

<script runat="server">
    protected void Page_Load(object sender, EventArgs e) {
        List<Customer> customers = new List<Customer>
                                       {
                                           new Customer {Name = "Bob"},
                                           new Customer {Name = "Sam"},
                                           new Customer {Name = "Jan"}
                                       };

        string json = JsonConvert.SerializeObject(customers);

        Response.Write(json);
    }

    public class Customer
    {
        public string Name { get; set; }
    }
</script>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>Json.NET Example</title>
</head>
<body>
</body>
</html>
[SecurityException: Request failed.]
   System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +150
   System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100
   System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +284
   System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +69
   System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +150
   System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +30
   System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +40
   System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +123
   System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) +54
   System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(PermissionType permission, PermissionSet targetGrant) +29
   System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Type owner, StackCrawlMark& stackMark, Boolean skipVisibility) +7590446
   System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Type owner, Boolean skipVisibility) +40
   Newtonsoft.Json.Utilities.DynamicReflectionDelegateFactory.CreateDynamicMethod(String name, Type returnType, Type[] parameterTypes, Type owner) +133
   Newtonsoft.Json.Utilities.DynamicReflectionDelegateFactory.CreateDefaultConstructor(Type type) +130
   Newtonsoft.Json.Serialization.DefaultContractResolver.GetDefaultCreator(Type createdType) +70
   Newtonsoft.Json.Serialization.DefaultContractResolver.InitializeContract(JsonContract contract) +631
   Newtonsoft.Json.Serialization.DefaultContractResolver.CreateArrayContract(Type objectType) +78
   Newtonsoft.Json.Serialization.DefaultContractResolver.CreateContract(Type objectType) +524
   Newtonsoft.Json.Serialization.DefaultContractResolver.ResolveContract(Type type) +267
   Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.GetContractSafe(Object value) +116
   Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value) +133
   Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value) +95
   Newtonsoft.Json.JsonSerializer.Serialize(JsonWriter jsonWriter, Object value) +43
   Newtonsoft.Json.JsonConvert.SerializeObject(Object value, Formatting formatting, JsonSerializerSettings settings) +243
   Newtonsoft.Json.JsonConvert.SerializeObject(Object value) +41
   ASP.admintools_testjsonbug_aspx.Page_Load(Object sender, EventArgs e) +295
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
   System.Web.UI.Page.ProcessRequest() +80
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.admintools_testjsonbug_aspx.ProcessRequest(HttpContext context) +37
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 

The specific code which is throwing the exception is found in Newtonsoft.Json.Utilities.DynamicReflectionDelegateFactory

private static DynamicMethod CreateDynamicMethod(string name, Type returnType, Type[] parameterTypes, Type owner)
{
  DynamicMethod dynamicMethod = !owner.IsInterface
	? new DynamicMethod(name, returnType, parameterTypes, owner, true)
	: new DynamicMethod(name, returnType, parameterTypes, (Module)null, true);

  return dynamicMethod;
}

 

 

 

Mar 24, 2010 at 12:18 AM

Hi lakario,

I tested your sample above, although it does not throw an Exception in Medium Trust for us.

hmmm. I haven't updated from SVN since my original post. I'll update and restest.

 

Mar 24, 2010 at 12:31 AM
Edited Mar 24, 2010 at 12:36 AM

I just tested the problem again and it would seem I mispoke. I am currently operating under a modified medium trust environment which provides some partial access to the System.Reflection namespace. I noticed that when I run the above serialization code with the default "Medium" trust configuration the execution never enters the CreateDynamicMethod() method and returns the correct result; however, in my modified medium trust it does enter that method and then throws the exception. Without looking too closely at the underlying code my stab in the dark is that the library attempts to access System.Reflection and if it fails it switches to an alternative resolution mechanism. In the Medium trust environment by default there is no accessibility to System.Reflection, but in my case System.Reflection is at least partially available, which I would wager is causing the library to default to using reflection, even though my configuration does not provide access to all of the necessary operations.

I don't know if it's of any use, but here's the full configuration of the trust environment I am running under:

 

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ConfigurationPermission" Description="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UIPermission" Description="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="OdbcPermission" Description="System.Data.Odbc.OdbcPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet class="NamedPermissionSet" version="1" Unrestricted="true" Name="FullTrust" Description="Allows full access to all resources"/>
<PermissionSet class="NamedPermissionSet" version="1" Name="Nothing" Description="Denies all resources, including the right to execute"/>
<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
<IPermission class="AspNetHostingPermission" version="1" Level="Medium"/>
<IPermission class="ConfigurationPermission" version="1" Unrestricted="true"/>
<IPermission class="DnsPermission" version="1" Unrestricted="true"/>
<IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"/>
<IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>
<IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807"/>
<!-- <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting"/> -->
<IPermission class="SecurityPermission" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"/>
<IPermission class="SmtpPermission" version="1" Access="ConnectToUnrestrictedPort"/>
<IPermission class="SqlClientPermission" version="1" Unrestricted="true"/>
<IPermission class="WebPermission" version="1" Unrestricted="true"/>
<IPermission class="OleDbPermission" version="1" Unrestricted="true"/>
<IPermission class="OdbcPermission" version="1" Unrestricted="true"/>
<IPermission class="SocketPermission" version="1" Unrestricted="true" />
<IPermission class="ReflectionPermission" version="1" Unrestricted="true"/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition class="AllMembershipCondition" version="1"/>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/*"/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1" Url="$CodeGen$/*"/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition class="ZoneMembershipCondition" version="1" Zone="MyComputer"/>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="Microsoft_Strong_Name" Description="This code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="...."/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="Ecma_Strong_Name" Description="This code group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="00000000000000000400000000000000"/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>

 

Mar 24, 2010 at 12:32 AM

I updated to the latest Json.NET SVN build and my sample project runs correctly under Medium Trust. No Exceptions are thrown.

Here's my full sample project with freshly compiled Json.NET .dll's if you're interested.

http://www.coolite.com/download/WebApplication1.zip

Hope this helps.

 

Apr 1, 2010 at 12:34 AM

James,

I'm still stranded by this problem, have you had a chance to look into it?

Coordinator
Apr 1, 2010 at 2:22 AM

Could you post the stack trace of your error?

This is the test I am doing to determine whether dynamic code generation is possible.

    public static bool DynamicCodeGeneration
    {
      get
      {
        if (_dynamicCodeGeneration == null)
        {
#if !PocketPC && !SILVERLIGHT
          try
          {
            new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Demand();
            _dynamicCodeGeneration = true;
          }
          catch (Exception)
          {
            _dynamicCodeGeneration = false;
          }
#else
          _dynamicCodeGeneration = false;
#endif
        }

        return _dynamicCodeGeneration.Value;
      }
    }

Apr 1, 2010 at 2:54 AM

James,

This is what I am getting:

[SecurityException: Request failed.]
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +150
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100
System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +284
System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +69
System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +150
System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +30
System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +40
System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +123
System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) +54
System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(PermissionType permission, PermissionSet targetGrant) +29
System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Type owner, StackCrawlMark& stackMark, Boolean skipVisibility) +7590446
System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Type owner, Boolean skipVisibility) +40
Newtonsoft.Json.Utilities.DynamicReflectionDelegateFactory.CreateDynamicMethod(String name, Type returnType, Type[] parameterTypes, Type owner) in DynamicReflectionDelegateFactory.cs:43
Newtonsoft.Json.Utilities.DynamicReflectionDelegateFactory.CreateDefaultConstructor(Type type) in DynamicReflectionDelegateFactory.cs:102
Newtonsoft.Json.Serialization.DefaultContractResolver.GetDefaultCreator(Type createdType) in DefaultContractResolver.cs:287
Newtonsoft.Json.Serialization.DefaultContractResolver.InitializeContract(JsonContract contract) in DefaultContractResolver.cs:315
Newtonsoft.Json.Serialization.DefaultContractResolver.CreateArrayContract(Type objectType) in DefaultContractResolver.cs:377
Newtonsoft.Json.Serialization.DefaultContractResolver.CreateContract(Type objectType) in DefaultContractResolver.cs:474
Newtonsoft.Json.Serialization.DefaultContractResolver.ResolveContract(Type type) in DefaultContractResolver.cs:168
Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.GetContractSafe(Object value) in JsonSerializerInternalWriter.cs:80
Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value) in JsonSerializerInternalWriter.cs:64
Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value) in JsonSerializer.cs:432
Newtonsoft.Json.JsonSerializer.Serialize(JsonWriter jsonWriter, Object value) in JsonSerializer.cs:424
Newtonsoft.Json.JsonConvert.SerializeObject(Object value, Formatting formatting, JsonSerializerSettings settings) in JsonConvert.cs:582
Newtonsoft.Json.JsonConvert.SerializeObject(Object value) in JsonConvert.cs:519
ASP.admintools_testjsonbug_aspx.Page_Load(Object sender, EventArgs e) in c:\wwwroot\463319\www.theoiladdictioncure.com\web\content\AdminTools\TestJSONBug.aspx:14
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.admintools_testjsonbug_aspx.ProcessRequest(HttpContext context) in App_Web_d1rolvol.1.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
Apr 2, 2010 at 2:02 AM

I modified the getter for DynamicCodeGeneration to always return false and recompiled the library. The code I pasted above now executes without an error, but it is obviously only a patch which doesn't address the real problem (whatever that may be).