通过反射加载的程序集中的SqlClientPermission故障 [英] SqlClientPermission failure in assembly loaded via reflection

问题描述

我在遇到问题时非常艰难.我有一个刚刚修改的Web应用程序，该应用程序允许客户提供自定义程序集，他们可以使用这些程序集挂接到实体保存管道中.当实体持久化到数据库时，将通过反射来加载这些自定义程序集.它们指的是处理所有数据访问的通用DAL程序集.

 I am having a really tough time with a problem.  I have a web application that I have just modified that allows customers to supply custom assemblies that they can use to hook into an entity save pipeline.  These custom assemblies are loaded via reflection when an entity is persisted to the database.  They refer to a common DAL assembly that handles all of the data access.

我有一个测试服务器(Win2k3)，该系统可以在该服务器上正常运行.现在，将其推出到生产服务器集群(一个Win2k3和一个Win2k8)中，我的自定义程序集在第一次调用访问数据库的DAL方法时爆炸(SQL2005).我收集的日志信息表明获取SqlClientPermission失败.与最佳做法相反，我的Web应用程序在完全信任"中运行.我的自定义程序集是强名称.

I have a test server (Win2k3) where this system works flawlessly.  Now that I've pushed it out to my production server cluster (one Win2k3 and one Win2k8), my custom assembly bombs the first time it calls a DAL method that accesses the database (SQL2005).  The log information that I gather indicates that there is a failure in getting a SqlClientPermission.  Contrary to best practices, I have my web app running in Full Trust.  My custom assembly is strong named.

对于在哪里可以找到测试服务器配置和生产服务器配置之间的差异，是否有任何建议?如果这不是合适的论坛，那是哪个?

Are there any suggestions to where I can look for differences between my test server config and my production server configs?  If this is not the proper forum, which one is?

谢谢

Matthew

推荐答案

现在看来这是Win2k8 vs Win2k3的问题，因为我不再在日志中得到任何异常从我们集群中的Win2k3服务器中获取.

It would appear now that this is a Win2k8 vs Win2k3 issue since I no longer get any exceptions in the logs from the Win2k3 server in our cluster.

基本上，发生的事情是我们的实体保存管道检查以查看要保存的实体类型是否实现了某个接口.如果是这样，则应用程序将转到数据库以检索实现了客户特定的保存前和保存后功能的类的程序集和类名称.这些程序集在"App_Data"目录下.文件夹"Assemblies \< companycode>"中的文件夹.然后，应用程序加载程序集；使用反射将该程序集中的适当类实例化为接口，然后在该接口上调用pre和post保存方法以针对该特定实体类型执行客户特定的操作.在我们的例子中，此自定义操作使用我们的DAL(使用LLBLGen，FWIW)实体类执行一些数据库操作.

Basically, what happens is that our entity save pipeline checks to see if the entity type being saved implements a certain interface.  If so, then the application goes out to the database to retrieve the assembly and class name of the class that implements the customer-specific pre- and post- save functionality.  Those assemblies are under the "App_Data" folder in an folder called "Assemblies\<companycode>".  The application then loads the assembly; uses reflection to instantiate the proper class from that assembly as an interface, then calls the pre and post save methods on that interface to perform the customer specific actions for that particular entity type.  In our case, this custom action performs some database operations using our DAL (which uses LLBLGen, FWIW) entity classes.

我的最初问题是，我收到有关不允许部分受信任的调用方的SecurityException，因此我装饰了与"AllowPartiallyTrustedCallers"模块一起使用的程序集.属性，现在似乎已经从我的Win2k3服务器中消除了该问题.

My initial issue was that I was getting a SecurityException about not allowing partially trusted callers, so I decorated the assemblies that are used with the "AllowPartiallyTrustedCallers" attribute and now seem to have eliminated the problem from my Win2k3 server.

在加载的扩展程序Assemby中，我实例化了SqlClientPermission和"Assert()"； ，但我实际上没有任何地方授予该权限(除了我的Web应用程序在FullTrust中运行).

In my extension assemby that gets loaded, I instantiate a SqlClientPermission and "Assert()" it, but I haven't anywhere actually granted that permission (except that my web app runs in FullTrust).

感谢您能提供的任何帮助...

Thanks for whatever help you can offer...

-马修

这是抛出异常的.ToString()输出:

Here is the .ToString() output of the exception that gets thrown:

< code>

<code>

对类型为SS2DAL.EntityClasses.SurveyResponseEntity的实体373c595e-843b-45a1-82d0-aa166daf75de执行保存后操作时出错:SD.LLBLGen.Pro.ORMSupportClasses.ORMQueryExecutionException:在执行检索查询期间捕获到异常:请求类型'System.Data.SqlClient.SqlClientPermission，System.Data，Version = 2.0.0.0，Culture = neutral，PublicKeyToken = b77a5c561934e089'的权限失败.这个例外. ---> System.Security.SecurityException:请求类型为'System.Data.SqlClient.SqlClientPermission，System.Data，Version = 2.0.0.0，Culture = neutral，PublicKeyToken = b77a5c561934e089'的权限失败. CodeAccessSecurityEngine.Check(对象需求，StackCrawlMark& stackMark，布尔值isPermSet)
在System.Security.CodeAccessPermission.Demand()
在System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior行为，String方法)
在System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior行为)
在System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior行为)
在SD.LLBLGen. Pro.ORMSupportClasses.RetrievalQuery.Execute(CommandBehavior行为)
失败的操作是:
需求
失败的第一个权限的类型是:
System.Data.SqlClient. SqlClientPermission
第一个失败的权限是:
< IPermission
version ="1"
Allo wBlankPassword ="False">
< add KeyRestrictions ="
KeyRestrictionBehavior ="AllowOnly"/>
</IPermission>

Error performing post-save operation on entity 373c595e-843b-45a1-82d0-aa166daf75de of type SS2DAL.EntityClasses.SurveyResponseEntity: SD.LLBLGen.Pro.ORMSupportClasses.ORMQueryExecutionException: An exception was caught during the execution of a retrieval query: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.. Check InnerException, QueryExecuted and Parameters of this exception to examine the cause of this exception. ---> System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
   at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior)
   at SD.LLBLGen.Pro.ORMSupportClasses.RetrievalQuery.Execute(CommandBehavior behavior)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Data.SqlClient.SqlClientPermission
The first permission that failed was:
<IPermission
version="1"
AllowBlankPassword="False">
<add KeyRestrictions=""
KeyRestrictionBehavior="AllowOnly"/>
</IPermission>

需求是:
< IPermission
version ="1"
AllowBlankPassword ="False">
< add KeyRestrictions ="
KeyRestrictionBehavior ="AllowOnly"/>
</IPermission>

The demand was for:
<IPermission
version="1"
AllowBlankPassword="False">
<add KeyRestrictions=""
KeyRestrictionBehavior="AllowOnly"/>
</IPermission>

失败程序集的授予集为:
< PermissionSet
version ="1">
< IPermission
version ="1"
Access =打开"/>
< IPermission
版本="1"
Allowed ="ApplicationIsolationByUser"
UserQuota ="512000"/> ;
< IPermission
version ="1"
Flags =执行"/>
< IPermission
version ="1"
窗口= QUOT; SafeTopLevelWindows"
剪贴板= QUOT; OwnClipboard"/>
< IPermission
版本= QUOT 1 QUOT;
PUBLICKEYBLOB = QUOT; 0024000004800000940000000602000000240000525341310004000001000100B55C03865E07BCB230B04EF7D9ACF1E7BF41C618DB1327895C25328446039F51CF237A50989E542D3FA9BB5991D303388C5AAC7AE4E071CD7B42B96B16256FF905EC610107DB2A0872E971253919BA528187489FC89FD083118F562319BF3B66CB79035EC50D2291561D4F2B9733AD5E0ECD9BFF9B80B94C40F5888D4E1C5BDD" <无线电通信/>Name=""ProjectHelpers.Extensions"
AssemblyVersion =" 2.2009.208.1821"/>
< IPermission
version =" 1"
Url =" file://dc01.bizspeed.datacenter/websites/sitesupervisor files/prjh/ProjectHelpers.Extensions.dll"/>
< IPermission
version ="1"
Zone ="Internet"/>
< IPermission
version ="1"
Level ="SafePrinting"/>
</PermissionSet>

The granted set of the failing assembly was:
<PermissionSet
version="1">
<IPermission
version="1"
Access="Open"/>
<IPermission
version="1"
Allowed="ApplicationIsolationByUser"
UserQuota="512000"/>
<IPermission
version="1"
Flags="Execution"/>
<IPermission
version="1"
Window="SafeTopLevelWindows"
Clipboard="OwnClipboard"/>
<IPermission
version="1"
PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100B55C03865E07BCB230B04EF7D9ACF1E7BF41C618DB1327895C25328446039F51CF237A50989E542D3FA9BB5991D303388C5AAC7AE4E071CD7B42B96B16256FF905EC610107DB2A0872E971253919BA528187489FC89FD083118F562319BF3B66CB79035EC50D2291561D4F2B9733AD5E0ECD9BFF9B80B94C40F5888D4E1C5BDD"
Name="ProjectHelpers.Extensions"
AssemblyVersion="2.2009.208.1821"/>
<IPermission
version="1"
Url="file://dc01.bizspeed.datacenter/websites/sitesupervisor files/prjh/ProjectHelpers.Extensions.dll"/>
<IPermission
version="1"
Zone="Internet"/>
<IPermission
version="1"
Level="SafePrinting"/>
</PermissionSet>

失败的程序集或AppDomain是:
ProjectHelpers.Extensions，版本= 2.2009.208.1821，文化=中性，PublicKeyToken = 4405fd38c7d52787
导致失败的方法是:
SD. LLBLGen.Pro.ORMSupportClasses.EntityBase2 AfterSave(SD.LLBLGen.Pro.ORMSupportClasses.EntityBase2，SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase)
失败的程序集区域为:
Internet
失败的程序集的Url为:
file://dc01.bizspeed.datacenter/websites/sitesupervisor files/prjh/ProjectHelpers.Extensions.dll
--内部异常堆栈跟踪的结尾---
在SD.LLBLGen.Pro.ORMSupportClasses.RetrievalQuery.Execute(CommandBehavior behavior)
在SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.ExecuteSingleRowRetrievalQuery(IRetrievalQuery queryToExecute，IEntityFields2在SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntityUsingFilte的fieldsToFill，IFieldPersistenceInfo [] fieldsPersistenceInfo)
在SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntityUsingFilter(IEntity2 entityToFetch，IPrefetchPath2 prefetchPath，Context contextToIncludes SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntity(IEntity2 entityToFetch，IPrefetchPath2 prefetchPath，Context contextToUse，ExcludeIncludeFieldsList includedIncludedFields) >>在ProjectHelpers.Extensions.SurveyResponseSaveHelper.AfterSave(EntityBase2实体，DataAccessAdapterBase适配器)
在SS2.RemoteObjects.DataPortal.EntitySaveWithoutRemoting(EntityBase2实体，AuditSettings auditSettings，AuthTicket位于)[NDC:(null)]

The assembly or AppDomain that failed was:
ProjectHelpers.Extensions, Version=2.2009.208.1821, Culture=neutral, PublicKeyToken=4405fd38c7d52787
The method that caused the failure was:
SD.LLBLGen.Pro.ORMSupportClasses.EntityBase2 AfterSave(SD.LLBLGen.Pro.ORMSupportClasses.EntityBase2, SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase)
The Zone of the assembly that failed was:
Internet
The Url of the assembly that failed was:
file://dc01.bizspeed.datacenter/websites/sitesupervisor files/prjh/ProjectHelpers.Extensions.dll
   --- End of inner exception stack trace ---
   at SD.LLBLGen.Pro.ORMSupportClasses.RetrievalQuery.Execute(CommandBehavior behavior)
   at SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.ExecuteSingleRowRetrievalQuery(IRetrievalQuery queryToExecute, IEntityFields2 fieldsToFill, IFieldPersistenceInfo[] fieldsPersistenceInfo)
   at SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntityUsingFilter(IEntityFields2 fieldsToFetch, IFieldPersistenceInfo[] persistenceInfos, IRelationPredicateBucket filter)
   at SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntityUsingFilter(IEntity2 entityToFetch, IPrefetchPath2 prefetchPath, Context contextToUse, IRelationPredicateBucket filter, ExcludeIncludeFieldsList excludedIncludedFields)
   at SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntity(IEntity2 entityToFetch, IPrefetchPath2 prefetchPath, Context contextToUse, ExcludeIncludeFieldsList excludedIncludedFields)
   at SD.LLBLGen.Pro.ORMSupportClasses.DataAccessAdapterBase.FetchEntity(IEntity2 entityToFetch, IPrefetchPath2 prefetchPath)
   at ProjectHelpers.Extensions.SurveyResponseSaveHelper.AfterSave(EntityBase2 entity, DataAccessAdapterBase adapter)
   at SS2.RemoteObjects.DataPortal.EntitySaveWithoutRemoting(EntityBase2 entity, AuditSettings auditSettings, AuthTicket at)  [NDC:(null)]

</code>

</code>

这篇关于通过反射加载的程序集中的SqlClientPermission故障的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！