我使用与WCF集成的企业库验证块。当我使用WIN32 API LogonUser和WindowsIdentity.Impersonate冒充其他用户时,它会报告System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))。在获取加载配置的安全证据时似乎有些不对劲。如果我删除了模拟的编码,它的工作没有任何错误。这些是异常堆栈跟踪的一部分,希望你能给一些帮助。感谢。
System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))
at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl)
at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.GetHostEvidence(Type type, Boolean markDelayEvaluatedEvidenceUsed)
at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.RawEvidenceEnumerator.MoveNext()
at System.Security.Policy.Evidence.EvidenceEnumerator.MoveNext()
at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)
at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)
at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigurationHost.CreateConfigurationContext(String configPath, String locationSubPath)
at System.Configuration.Internal.DelegatingConfigHost.CreateConfigurationContext(String configPath, String locationSubPath)
at System.Configuration.BaseConfigurationRecord.get_ConfigContext()
答案 0 :(得分:6)
在我看来,问题是System.Configuration在加载app.config时会进行模拟。我能够通过运行
来解决这个问题ConfigurationManager.GetSection("system.xml/xmlReader");
虽然没有冒充。这样做导致后来的冒充成功。
编辑:为了略微澄清,我认为这样做会导致app.config被加载并缓存到内存中,因此导致问题的代码路径只执行一次并使用原始凭据。
答案 1 :(得分:2)
经过长时间的战斗和许多ProcMon捕获后,我发现在某些情况下,在互操作期间和冒充时检查安全区时会出现故障。它与此KB有关:
https://support.microsoft.com/en-us/kb/945701?wa=wsignin1.0
如果检查添加了注册表节点和密钥的末尾,而不是按照指示添加w3wp.exe,请添加您自己的可执行文件的文件名。这对我有用 - YMMV。
答案 2 :(得分:0)
我正在分享这段代码,希望对将来的读者有所帮助。从字面上讲,它帮助我摆脱了3个小时的头痛:)
//This is an important line to write while impersonating.
//It will allow SQL server connections to happen otherwise connection strings will error out.
ConfigurationManager.GetSection("SqlColumnEncryptionEnclaveProviders");
//Do the impersonation
var credentials = new UserCredentials(DomainName, AccountName, Password);
Impersonation.RunAsUser(credentials, LogonType.Interactive, () =>
{
//Your code here inside impersonation . . .
});
答案 3 :(得分:-2)
请在MS论坛的这个帖子中查看我对此的回复:
这是主题标题:连接池随机抛出COM异常。
您可以在页面上搜索LogonUser。