浏览器和Web客户端的不安全性有何不同?

时间:2010-12-13 21:45:13

标签: asp.net webclient securityexception

我有一个ASP.Net页面可以完成一些文件IO工作。当我从Web浏览器(即chrome)请求它时,它会成功,但是当我从应用程序中的WebClient实例请求它时,它会给我一个'System.Security.SecurityException'。两个请求中是否存在显着差异?为了让这个页面在我的Web客户端中运行,我需要了解有关代码访问安全性的信息吗?

以下是原始的提琴手请求和回复:

浏览器请求: 

GET http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx HTTP/1.1
Host: 192.168.1.89
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

浏览器响应: 

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 35189
Date: Tue, 14 Dec 2010 14:08:46 GMT
Content-Type: application/zip
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

... Binary Content ...

网络客户端请求: 

POST http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx?Guid=e30e1826-3d96-4769-a540-acd911cccf02 HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------8cd697dcbf75ed4
Host: 192.168.1.89
Content-Length: 303
Expect: 100-continue

-----------------------8cd697dcbf75ed4
Content-Disposition: form-data; name="file"; filename="Catalog.xml"
Content-Type: application/octet-stream

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<catalog version="1.0">
  <items />
</catalog>
-----------------------8cd697dcbf75ed4--

Web客户端响应(例外): 

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 1244
Date: Tue, 14 Dec 2010 14:12:34 GMT
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

<error type="System.Security.SecurityException">
  <message>Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.</message>
  <stack-trace><![CDATA[   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.IO.File.GetLastWriteTimeUtc(String path)
   at Ionic.Zip.ZipEntry.Create(String nameInArchive, ZipEntrySource source, Object arg1, Object arg2)
   at Ionic.Zip.ZipEntry.CreateFromFile(String filename, String nameInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName, String directoryPathInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName)
   at MyApplication.UpdateItemFiles.GetUpdateContent(XDocument a_xManifest, Stream[] a_arrExtraContent) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 282
   at MyApplication.UpdateItemFiles.Page_Load(Object sender, EventArgs e) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 31]]></stack-trace>
  <inner-exception>null</inner-exception>
</error>

2 个答案:

答案 0 :(得分:0)

这仍然在Windows身份验证中运行 - 尽管您认为已经更改了它。我打赌假冒也在。

仔细检查身份验证。吐出一些调试代码,以便在执行IO操作时记录当前标识。

答案 1 :(得分:0)

该问题与IIS身份验证无关。这是我使用的Zip库,DotNetZip。 CAS不愿意给它文件IO权限。我最终不得不用文件流代理IO操作。唯一的缺点是,我想要添加到Zip存档的文件,我必须保持流打开,直到存档保存。它们是文件流,因此使用的内存非常少。

有人提到WCF,这本来是理想的,但决策者认为这种方式很昂贵。

相关问题
最新问题