Intermittent PolicyException:无法获取执行权限

时间:2009-11-30 23:27:46

标签: asp.net asp.net-mvc code-access-security

在ASP.NET应用程序中应用程序池回收后不久,我们间歇性地看到以下异常:

System.Configuration.ConfigurationErrorsException: Could not load file or assembly 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418) ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418)
File name: 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Execution permission cannot be acquired.
   at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission)
   at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission)
   at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
   at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
   at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
   at System.Reflection.Assembly.Load(String assemblyString)
   at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)

无法加载的特定DLL因事件而异,但始终是主程序集引用的。

我们在Windows Server 2008上运行ASP.NET 3.5。这似乎分批发生,影响同一个应用程序池中的某些但不是所有站点。我们有大量网站都运行相同的代码。

一旦网站无法加载DLL,它就会抛出黄色死亡屏幕,直到下一个应用程序池回收为止。我们无法重现这种行为,并且这些网站似乎在失败之前可以在几天或几周(以及许多App Pool回收)中正常工作。

还有其他人看到过类似的行为吗?

更新:

我们已经尝试通过设置几百个站点并编写脚本来重复发现故障,同时每隔几分钟回收一次App Pool,除了将服务器的CPU加载到一个CPU之外几天。

然后我们尝试使用ASP.NET制作和管理的DLL的副本来修复(锁定其中一个DLL,更改文件权限)以重现类似的行为但不是同一个异常。

是否有人对如何调整安全策略以使其在加载特定DLL时抛出System.Security.Policy.PolicyException: Execution permission cannot be acquired.有任何想法?

1 个答案:

答案 0 :(得分:2)

在“Process Model”下的IIS Application Pool设置中,将Load User Profile设置为true。

来自IIS7 Failed to grant minimum permission requests