log4net的抛出安全异常在ASP.Net MVC的Web应用程序 [英] log4net throwing Security Exception in ASP.Net MVC web application

问题描述

我已经写了3 ASP.net MVC的Web应用程序，并且都部署在共享托管服务器和我的ISP。

I have written 3 ASP.net MVC web applications, and all are deployed on shared hosting servers with my ISP.

所有3的应用是在配置和设置非常相似。首届应用程序部署到不同的服务器第2和第3位。首届应用程序给我任何错误。

All 3 applications are very similar in configuration and settings. The 1st application is deployed to a different server than the 2nd and 3rd. The 1st application gives me no errors.

第2和第3的应用吐出以下的 SecurityException异常 有些的：随机：

The 2nd and 3rd applications spit out the following SecurityException somewhat: randomly:

链接

异常文本：

 Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +58
   System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) +99


Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3082 

我得到上面的错误，我第一次打在页面部署或编辑的web.config之后。然而，在随后的页面重载我不明白这一点。 2.网站将被罚款再次为一天的休息，但随后的第二天早上，我再次得到了同样的错误。

I get the above error the first time I hit the page after deploying or editing the web.config. However, on subsequent page reloads I don't get it. The 2 websites will be fine again for the rest of the day, but then the next morning I get the same error again.

这些错误确实出现持​​续后，我编辑web.config，这我假设是迫使重新编译？

The errors do appear consistently after I edit the web.config, which I am assuming is forcing a recompile?

请帮忙。我不知道是什么问题。听起来像它关系到在IIS的安全设置。所有3 Web应用程序设置和部署在一个非常相似的方式，除了第一web应用程序不给错误的是一个完全不同的服务器上。

Please help. I'm not sure what the problem is. Sounds like it is related to security settings in IIS. All 3 web apps are set up and deployed in a very similar way, except that the 1st web app which doesn't give the error is on a completely different server.

推荐答案

所以，事实证明，对于上述SecurityException异常的原因是3倍

So it turns out that the reason for the above SecurityException is 3-fold

• 我的ISP有ASP.net配置为将其旧的服务器上运行的中等信任模式是新的服务器，和完全信任模式。我的Web应用程序是这2个服务器之间的分裂，这就是为什么我得到了应用程序之间的不同的行为，即使它们是完全相同的配置相同

• my ISP has ASP.net configured to run in medium trust mode on it's newer servers, and full trust mode on its older servers. My Web Applications are split between these 2 servers, which is why I am getting different behaviour between the applications even though they are configured exactly the same

我使用log4net的错误日志记录，并在我的 Global.asax中文件，我有以下几点：

I am using log4net for error logging, and in my Global.asax file, I have the following:

protected void Application_Start()
{
    RegisterRoutes(RouteTable.Routes);
    log4net.Config.XmlConfigurator.Configure();
    log.Debug("Logging Initialized.");
}

这行 - log4net.Config.XmlConfigurator.Configure（）; 是抛出上述异常。它只会发生一次，当应用程序启动时，或者如果他们的的web.config 修改重新启动。这就是为什么我无法弄清楚那里的问题来自何处。

This line - log4net.Config.XmlConfigurator.Configure(); is what is throwing the above exception. It only happens once when the application is started, or restarted if they web.config is modified. That is why I couldn't figure out where the problem was coming from.

我只好一个 requirePermission =false的在添加到log4net的configSection在的web.config

I had to add a requirePermission="false" to the log4net configSection in the web.config:

<section name="log4net" requirePermission="false" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/>

现在，如果我是在中信任模式发展，我会拿起这些问题了。您可以强制你的应用在中等信任模式下运行通过添加以下到我的web.config：

Now if I was developing in medium trust mode, I would have picked these problems up. You can force your app to run in medium trust mode by adding the following to my web.config:

  <system.web>
     <trust level="Medium"/>
  </system.web>

通过迫使我的应用在中等信任模式下运行，我拿起在开发源例外，正是它起源，并推断出了什么从那里错了..

By forcing my app to run in medium trust mode, I picked up the source exception in dev exactly where it originated, and figured out what was wrong from there on..

这篇关于log4net的抛出安全异常在ASP.Net MVC的Web应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！