我有一个基于框架3.5构建的ASP.Net Web应用程序在本地iis上正常运行但是当我将它部署到GoDaddy时,我开始获得安全性。完整的例外情况如下
Server Error in '/' Application.
--------------------------------------------------------------------------------
Security Exception Description: The application attempted to perform an
operation not allowed by the security policy. To grant this application
the required permission please contact your system administrator
or change the application's trust level in the configuration file.
Exception Details:
System.Security.SecurityException:
System.Security.Permissions.SecurityPermission
Source Error:
[No relevant source lines]
Source File: App_Web_xymjrvu2.0.cs Line: 0
Stack Trace:
[SecurityException: System.Security.Permissions.SecurityPermission]
PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) +0
PourNavi.Web.Core.DbHelper.Dispose() +44
PourNavi.Web.Core.MessageDataObjects.GetMessagesInfoForUserFromManager() +170
PourNavi.Web.Core.MessagingManager.GetMessagesInfoForUserFromManager() +31
PourNavi.Web.UI.UserControl.ucMessages.BindMessages() +41
PourNavi.Web.UI.UserControl.ucMessages.Page_Load(Object sender, EventArgs e) +67
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.login_aspx.ProcessRequest(HttpContext context) in App_Web_xymjrvu2.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
我在SO上经历了各种类似的问题,但没有帮助......
[更新:DbHelper.cs代码]
internal class DbHelper : IDisposable
{
// Fields
private readonly Component _component;
private SqlConnection _connection;
private bool _disposed;
private IntPtr _handle;
// Methods
public DbHelper()
{
this._component = new Component();
this.OpenConnection();
}
public DbHelper(IntPtr handle)
{
this._component = new Component();
this._handle = handle;
}
private void CloseConnection()
{
try
{
if (this._connection.State == ConnectionState.Open)
{
this._connection.Close();
}
}
finally
{
this._connection.Dispose();
}
}
[DllImport("Kernel32")]
private static extern bool CloseHandle(IntPtr handle);
public void Dispose()
{
this.CloseConnection();
this.Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (!this._disposed)
{
if (disposing)
{
this._component.Dispose();
}
CloseHandle(this._handle);
this._handle = IntPtr.Zero;
this._disposed = true;
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
return command.ExecuteNonQuery();
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter parameter)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
return command.ExecuteNonQuery();
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter[] parameters)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
return command.ExecuteNonQuery();
}
}
public object ExecuteScalar(string commandText, CommandType commandType)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
return command.ExecuteScalar();
}
}
public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter parameter)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
return command.ExecuteScalar();
}
}
public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter[] parameters)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
return command.ExecuteScalar();
}
}
public DataTable ExecuteSelect(string commandText, CommandType commandType)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter[] parameters)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter parameter)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter[] parameters)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter parameter)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
~DbHelper()
{
this.Dispose(false);
}
private void OpenConnection()
{
try
{
this._connection = new SqlConnection(ConnectionString);
if (this._connection.State == ConnectionState.Open)
{
this._connection.Close();
}
this._connection.Open();
}
catch
{
throw new Exception("An error occured while communicating to sql server database.");
}
}
// Properties
private static string ConnectionString
{
get
{
return ConfigurationManager.ConnectionStrings["PourNavi.DigitalPrinting"].ConnectionString;
}
}
}
我是否需要从代码中删除内容。请帮帮我......
[解决]
谢谢各位支持,我解决了这个问题。 DllImport是根本原因,因为我正在引入Kernel32 ....
答案 0 :(得分:2)
ASP.NET有5种不同的信任级别;全,高,中,低和最小。这些信任级别中的每一个都限制了应用程序的权限。如果Full是一个例外,这意味着应用程序中的代码完全受信任,可以访问它想要访问的所有资源。您不希望应用程序在此模式下运行。就个人而言,我总是为中等信任而发展;我发现这为95%的案例提供了足够的权限。
您可以在配置文件%windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG中看到不同的权限集。如果我们查看每个信任级别具有的权限,我们可以看到SecurityPermission(UnmanagedCode标志)不在任何权限集中。因此,它仅适用于GAC中的完全信任程序集和程序集(默认情况下为完全信任)。
我假设GoDaddy也在中等信任中运行你的应用程序。您可以通过将Web应用程序设置为中等信任模式来模拟开发环境中的行为。
<system.web>
<securityPolicy>
<trustLevel name="Medium" />
</securityPolicy>
</system.web>
如果DllImport是必要的,我无法决定你,但我建议你评估一下是否需要。由于DllImport允许您调用用C ++编写的非托管代码(在本例中)。您通常希望限制自己调用托管代码。但那个决定取决于你。
答案 1 :(得分:0)
看起来PourNavi.Web.Core.DbHelper.Dispose(布尔处理)方法中的一些代码正在调用需要完全信任的方法/程序集。 GoDaddy共享托管不允许完全信任。