如何使我的应用程序以完全信任模式运行-.NET 4.0命令行应用程序 [英] How do I make my application run in Full Trust mode - .NET 4.0 Command Line Application

问题描述

我们遇到了命令行(批处理)应用程序和完全/部分信任的问题.

我们的先前发行版(版本号7.13.0.63)可以正常工作，但是，当我们安装新版本(7.13.0.249)时，我们会收到该程序集不允许部分受信任的调用方"的信息.

例外:

   

We are having an issue with a command line (batch) application and full/partial trust.

Our previous release (version number 7.13.0.63) works fine, however, when we install the new version (7.13.0.249) we get a “That assembly does not allow partially trusted callers.”

Exception:

   

Stack Trace (edited):
       at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
       at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache)
       at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
       at System.Activator.CreateInstance[T]()
       at <Company>.Service.<Product>.Proxy.Factories.ControllerProxyFactory.Create[T]()
       <Stack Trace that leads to creation of a WCF client> ...
   
    Inner Exception:
    An error occurred creating the configuration section handler for system.serviceModel/behaviors: That assembly does not allow partially trusted callers. (C:\Program Files (x86)\InsuranceLine\ListLoader\InsuranceLine.ListLoader.Launcher.exe.Config line 53)
    Stack Trace:
       at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecordsectionRecord, Object parentResult)
       at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
       at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
       at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
       at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
       at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
       at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
       at System.Configuration.ConfigurationManager.GetSection(String sectionName)
       at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath)
       at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetConfigurationSection(String sectionPath)
       at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath)
       at System.ServiceModel.Description.ConfigLoader.LookupChannel(ContextInformation configurationContext, String configurationName, ContractDescription contract, EndpointAddress address, Boolean wildcard, Boolean useChannelElementKind, ServiceEndpoint& serviceEndpoint)
       at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address)
       at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress)
       <Stack Trace that determines the correct WCF factory to create>
   
    Inner Exception:
    That assembly does not allow partially trusted callers.
    Stack Trace:
       at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed)
       at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
       at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache)
       at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
       at System.Activator.CreateInstance(Type type, Boolean nonPublic)
       at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.CreateNewSection(String name)
       at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElementCore(XmlReader reader)
       at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey)
       at System.Configuration.ConfigurationElementCollection.OnDeserializeUnrecognizedElement(String elementName, XmlReader reader)
       at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey)
       at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey)
       at System.Configuration.ConfigurationSection.DeserializeSection(XmlReader reader)
       at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionImpl(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader)
       at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionWithRestrictedPermissions(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader)
       at System.Configuration.RuntimeConfigurationRecord.CreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader)
       at System.Configuration.BaseConfigurationRecord.CallCreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader, String filename, Int32 line)

关于我们用于部署产品的过程，我们使用通过WiX创建的MSI.我们执行以下步骤:

 -卸载该产品的先前版本
 -从网络共享中复制MSI(两个版本具有相同的共享，基于版本的不同子目录)
 -以管理员身份安装msi
    -这将安装到C:\ Program Files(x86)

两个版本之间的唯一变化是:

 -在app.config文件(myapp.exe.config)中包含一个额外的AppSettings项以指定事务超时
 -更改使用新的TransactionScope()"到使用新的TransactionScope(TransactionScopeOption.Required，timeoutValueReadFromAppSettingsAndStoredInLocalVariable)”
    -WCF客户端的创建不在此事务范围之内.

附加信息:

 -在我们的任何dev/staging/qa/pre生产环境中都不会发生该异常.它仅在我们的生产应用程序服务器上发生.
 -我们正在向组织推出Windows 7，因此企业政策可能已更改.
 -该应用程序针对.Net Framework 4.0
 -如果我们卸载新版本，然后重新安装旧版本(包括来自网络共享的副本)，则旧版本仍然可以正常运行
 -要安装的计算机是Windows Server 2008 R2


理想情况下，我想知道几件事:

1.   如何更改程序集(或在安装后设置权限)，以使其能够在完全信任模式下运行
2.   如何在开发/登台/QA环境中复制问题
    -   明确不信任"该程序集可能会复制它，但是我想以与生产相同的方式复制它，以便在安装它时将其标识为不受信任，在我看来，这样做的方法将是 与不信任"有关网络共享，我可以从MSI复制MSI，也可以从不信任"复制MSI MSI/程序集中的发布者信息.
3.   如何配置生产应用程序服务器/安全策略，以便将来的安装受到完全信任(答案第2项最有可能回答此问题)

谢谢

In regards to the process that we use to deploy our product, we use a MSI created through WiX. We perform the following steps:

 - Uninstall the previous version of the product
 - Copy the msi from a network share (same share for both versions, different subdirectory based on versions)
 - Install the msi as an administrator
    - This installs to C:\Program Files (x86)

The only changes between the 2 versions are:

 - The inclusion of an extra AppSettings item in the app.config file (myapp.exe.config) to specify a transaction timeout
 - Changing a “using new TransactionScope()” to “using New TransactionScope(TransactionScopeOption.Required, timeoutValueReadFromAppSettingsAndStoredInLocalVariable)”
    - The creation of the WCF client is outside of this Transaction Scope.

Additional Information:

 - The exception does not occur in any of our dev/staging/qa/pre production environments. It only happens on our production application server.
 - We are in the process of rolling out Windows 7 to our organisation, so it is possible that enterprise policy has changed.
 - The application targets the .Net Framework 4.0
 - If we uninstall the new version, and reinstall the old version (including the copy from network share) the old version works fine still
 - The machine being installed to is Windows Server 2008 R2


Ideally I’d like to know a few things:

1.    How to alter the assembly (or set permissions after install) so that it can run in a full trust mode
2.    How to replicate the issue in dev/staging/QA environments
    -    Explicitly "untrusting" the assembly might reproduce it, but I want to reproduce it in the same way as production so that when it is installed it is identified as untrusted, it seems to me that the way to do this would have something to do with “untrusting” the network share I copy the MSI from, or possibly “untrusting” the publisher information in the MSI/assembly.
3.    How to configure the production application server/security policy so that future installs are fully trusted (Answering item 2 will most likely answer this)

Thanks

推荐答案

Naes

谢谢您的提问.

我正在尝试让熟悉此主题的人进一步研究此问题.可能会有一些时间延迟.感谢您的耐心.
 
感谢您的理解和支持.

I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
 
Thank you for your understanding and support.

这篇关于如何使我的应用程序以完全信任模式运行-.NET 4.0命令行应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！