SSRS:无法确定枚举目录中文件的权限集

时间:2011-08-17 13:31:09

标签: reporting-services cas securityexception

我有一个问题是找出权限集以使Directory.GetFiles()在SQL Server报告服务使用的程序集中工作。

背景

基本上,我使用这个程序集来执行两件事:

  • 从文件共享中读取图像
  • 枚举该共享上文件夹中的所有图片。

功能1:读取图像(工作正常)

使用自定义权限集读取图像:

<PermissionSet class="NamedPermissionSet"
   version="1"
   Name="MyCustomImagePermissionSet"
    <IPermission class="FileIOPermission"
       version="1"
       Read="\\MyServer\MyFolder"/>
    <IPermission class="SecurityPermission"
       version="1"
       Flags="Assertion, Execution"/>
</PermissionSet>

并在自定义代码组中引用此权限集:

<CodeGroup class="UnionCodeGroup"
   version="1"
   PermissionSetName="MyCustomImagePermissionSet"
   Name="MyImageCodeGroup"
      <IMembershipCondition class="UrlMembershipCondition"
         version="1"
         Url="C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\MyProject\MyProject.Reports.Code.dll"
       />
</CodeGroup>

(摘自RSPreviewPolicy.config的片段)

在我的代码中,我在打开FileStream之前使用了一个断言:

private Image LoadOriginalImageByPath(string path)
{
    new FileIOPermission(FileIOPermissionAccess.Read, path).Assert();

    Image originalImage;

    using (var imageStream = new FileStream(path, FileMode.Open, FileAccess.Read))
    {
        originalImage = Image.FromStream(imageStream);
    }
    return originalImage;
}

功能2:枚举目录中的文件(不起作用)

枚举文件服务器上子目录中的所有文件总是会导致SecurityException:

System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. 
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) 
   at System.Security.CodeAccessPermission.Demand() 
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) 
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption) 
   at System.IO.Directory.GetFiles(String path, String searchPattern) 
   at MyProject.Reports.Code.ImageTools.GetImagesFullPaths(String searchDirectory, Int32 registerNr) 
The action that failed was: 
Demand 
The type of the first permission that failed was: 
System.Security.Permissions.FileIOPermission 
The Zone of the assembly that failed was: 
MyComputer

以下是代码:

public static IEnumerable<string> GetImagesFullPaths(string searchDirectory, int registerNr)
{
    var pattern = string.Format("M{0:00000}?.jpg", registerNr);

    new FileIOPermission(FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read, searchDirectory).Assert();
    return Directory.GetFiles(searchDirectory, pattern);
}

解决方法:使用FullTrust

我找到解决问题的唯一方法是使用FullTrust进行自定义程序集。但显然,这让管理员感到不安。

问题

在不使用FullTrust权限集的情况下,让Directory.GetFiles()工作的原因是什么?

修改

由于接受了答案,解决方案是将PathDiscovery属性添加到权限元素中,从而产生

<PermissionSet class="NamedPermissionSet"
   version="1"
   Name="MyCustomImagePermissionSet"
    <IPermission class="FileIOPermission"
       version="1"
       Read="\\MyServer\MyFolder"/>
       PathDiscovery="\\MyServer\MyFolder"/>
    <IPermission class="SecurityPermission"
       version="1"
       Flags="Assertion, Execution"/>
</PermissionSet>

THX!

1 个答案:

答案 0 :(得分:0)

枚举文件需要目标路径上的FileIOPermissionAccess.PathDiscovery。您需要将其添加到自定义权限集。

BTW,声明权限基本上是无用的,因为除非你的代码已经拥有权限,否则assert将不起作用。 (断言仅在您希望代码执行其调用代码无权执行的操作时才有用。)

相关问题
最新问题