与OpenWebConfiguration ASP.NET安全异常共享主机 [英] ASP.NET security exception with OpenWebConfiguration on shared host
问题描述
从我的本地开发环境移动我的网站,以一个共享主机我得到之后:
安全例外说明:应用程序试图执行不允许通过操作
安全策略。要授予此应用程序所需的权限,请
请联系您的系统管理员或更改应用程序的信任级别
配置文件。
在我的web应用程序无处不在下面被称为出现该问题
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
由于我的web应用程序只试图打开它自己的web.config文件,我不知道这是为什么标记为安全异常。也许有人可以解释......但更重要的是我需要一个解决方案,这对夫妻解决方案,我通过谷歌发现是痛苦的。
一个解决方案(从众多职位)表示,配置信任级别设置为完全,但有人告诉我这是不可能的我的共享主机。
另一种解决方案(从 http://www.4guysfromrolla.com/articles/100307- 1.aspx )说,不使用OpenWebConfiguration(),但我需要使用DPAPI使用它来加密配置节(例如是connectionStrings)(更多信息请参阅的 http://www.4guysfromrolla.com/articles/021506-1.aspx )。
请在IIS为什么在我的web应用程序试图打开它自己的web.config barfs和变通,能够加密使用DPAPI web.config中的部分建议。
我有这个问题在过去的经验。在 OpenWebConfiguration()方法还读的machine.config 文件。在部分信任和不正确的权限,你不能用这种方法。
如果你踏进你的调试器中的.NET Framework程序集在Visual Studio 2008/2010,你可以清楚地看到发生了什么。
正步入 WebConfigurationManager.OpenWebConfiguration()当调用堆栈捕获以下
MSCORLIB.DLL System.IO.FileStream.Init(字符串路径=C:\\\\ \\\\的Windows \\\\ Microsoft.NET框架\\\\ \\\\ V2.0.50727配置\\\\的machine.config!,System.IO.FileMode模式=打开,System.IO.FileAccess访问=读,INT权利= 0,布尔useRights =假,System.IO.FileShare份额=读,INT缓冲区大小= 4096,System.IO.FileOptions选项=无,Microsoft.Win32.Win32Native .SECURITY_ATTRIBUTES secAttrs = NULL,字符串MSGPATH =machine.config中,布尔bFromProxy = FALSE)线326 C#mscorlib.dll中!System.IO.FileStream.FileStream(字符串路径,System.IO.FileMode模式,System.IO.FileAccess访问,System.IO.FileShare股)线259 C#System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.StaticOpenStreamForRead(string streamName中)+ 0x56字节System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(string streamName中,布尔assertPermissions)+ 0x7d字节System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(string streamName中)+ 0XB字节System.Configuration.dll!System.Configuration.Internal.DelegatingConfigHost.OpenStreamForRead(streamName中的字符串)+ 0xe字节System.Configuration.dll!System.Configuration.UpdateConfigHost.OpenStreamForRead(streamName中的字符串)+值为0x2F字节System.Configuration.dll!System.Configuration.BaseConfigurationRecord.InitConfigFromFile()+ 0x126字节System.Configuration.dll!System.Configuration.BaseConfigurationRecord.Init(System.Configuration.Internal.IInternalConfigRoot configRoot,System.Configuration.BaseConfigurationRecord父母,串用configPath,串locationSubPath)+ 0xaa5字节System.Configuration.dll!System.Configuration.MgmtConfigurationRecord.Init(System.Configuration.Internal.IInternalConfigRoot configRoot,System.Configuration.Internal.IInternalConfigRecord父母,串用configPath,串locationSubPath)+ 0x39字节System.Configuration.dll!System.Configuration.MgmtConfigurationRecord.Create(System.Configuration.Internal.IInternalConfigRoot configRoot,System.Configuration.Internal.IInternalConfigRecord父母,串用configPath,串locationSubPath)+ 0x2a字节System.Configuration.dll!System.Configuration.Internal.InternalConfigRoot.GetConfigRecord(串用configPath)+ 0x12d字节System.Configuration.dll!System.Configuration.Configuration.Configuration(字符串locationSubPath,System.Type的typeConfigHost,对象[] hostInitConfigurationParams)+是0xFD字节System.Configuration.dll!System.Configuration.Internal.InternalConfigConfigurationFactory.System.Configuration.Internal.IInternalConfigConfigurationFactory.Create(System.Type typeConfigHost,对象[] hostInitConfigurationParams)+ 0X1E字节System.Web.dll!System.Web.Configuration.WebConfigurationHost.OpenConfiguration(System.Web.Configuration.WebLevel webLevel,System.Configuration.ConfigurationFileMap fileMap,System.Web.VirtualPath路径字符串现场,串locationSubPath,字符串服务器,用户名字符串,字符串密码,System.IntPtr tokenHandle)线862 C#System.Web.dll!System.Web.Configuration.WebConfigurationManager.OpenWebConfigurationImpl(System.Web.Configuration.WebLevel webLevel,System.Configuration.ConfigurationFileMap fileMap,路径字符串,字符串现场,串locationSubPath,字符串服务器,用户名字符串,字符串密码,System.IntPtr userToken)77号线+为0x1c字节C#System.Web.dll中!System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(字符串路径)线140 + 0x25字节C#
不幸的是你唯一的选择就是使用 WebConfigurationManager.GetSection()这是不一样功能丰富。
对于您的加密连接字符串。可悲的是这个功能需要完全信任,还有它周围没有其他办法。
After moving my web site from my local development environment to a shared host I get:
Security Exception
Description: The application attempted to perform an operation not allowed by
the security policy. To grant this application the required permission please
contact your system administrator or change the application's trust level in
the configuration file.
The problem occurs in my web application everywhere the following is called:
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Since my web application is only trying to open it's own web.config file, I don't know why this is flagged as a security exception. Maybe someone can explain... But more importantly I need a solution, the couple solutions I found via Google are painful.
One solution (from numerous posts) said to configure the trust level to Full, but I'm told that is not possible on my shared host.
Another solution (from http://www.4guysfromrolla.com/articles/100307-1.aspx) says to not use OpenWebConfiguration(), but I need to use it to encrypt configuration sections (e.g. connectionStrings) using DPAPI (for more info see http://www.4guysfromrolla.com/articles/021506-1.aspx).
Please advise on why IIS barfs on my web application trying to open it's own web.config, and a work-around to be able to encrypt parts of the web.config using DPAPI.
I have had experience of this issue in the past. The OpenWebConfiguration() method also reads the machine.config file. Under partial trust and without the correct permissions you can't use this method.
If you were to step into the .NET Framework assemblies with your debugger in Visual Studio 2008/2010 you can see exactly what is happening.
The following is a call stack captured when stepping into WebConfigurationManager.OpenWebConfiguration():
mscorlib.dll!System.IO.FileStream.Init(string path = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", System.IO.FileMode mode = Open, System.IO.FileAccess access = Read, int rights = 0, bool useRights = false, System.IO.FileShare share = Read, int bufferSize = 4096, System.IO.FileOptions options = None, Microsoft.Win32.Win32Native.SECURITY_ATTRIBUTES secAttrs = null, string msgPath = "machine.config", bool bFromProxy = false) Line 326 C# mscorlib.dll!System.IO.FileStream.FileStream(string path, System.IO.FileMode mode, System.IO.FileAccess access, System.IO.FileShare share) Line 259 C# System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.StaticOpenStreamForRead(string streamName) + 0x56 bytes System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(string streamName, bool assertPermissions) + 0x7d bytes System.Configuration.dll!System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(string streamName) + 0xb bytes System.Configuration.dll!System.Configuration.Internal.DelegatingConfigHost.OpenStreamForRead(string streamName) + 0xe bytes System.Configuration.dll!System.Configuration.UpdateConfigHost.OpenStreamForRead(string streamName) + 0x2f bytes System.Configuration.dll!System.Configuration.BaseConfigurationRecord.InitConfigFromFile() + 0x126 bytes System.Configuration.dll!System.Configuration.BaseConfigurationRecord.Init(System.Configuration.Internal.IInternalConfigRoot configRoot, System.Configuration.BaseConfigurationRecord parent, string configPath, string locationSubPath) + 0xaa5 bytes System.Configuration.dll!System.Configuration.MgmtConfigurationRecord.Init(System.Configuration.Internal.IInternalConfigRoot configRoot, System.Configuration.Internal.IInternalConfigRecord parent, string configPath, string locationSubPath) + 0x39 bytes System.Configuration.dll!System.Configuration.MgmtConfigurationRecord.Create(System.Configuration.Internal.IInternalConfigRoot configRoot, System.Configuration.Internal.IInternalConfigRecord parent, string configPath, string locationSubPath) + 0x2a bytes System.Configuration.dll!System.Configuration.Internal.InternalConfigRoot.GetConfigRecord(string configPath) + 0x12d bytes System.Configuration.dll!System.Configuration.Configuration.Configuration(string locationSubPath, System.Type typeConfigHost, object[] hostInitConfigurationParams) + 0xfd bytes System.Configuration.dll!System.Configuration.Internal.InternalConfigConfigurationFactory.System.Configuration.Internal.IInternalConfigConfigurationFactory.Create(System.Type typeConfigHost, object[] hostInitConfigurationParams) + 0x1e bytes System.Web.dll!System.Web.Configuration.WebConfigurationHost.OpenConfiguration(System.Web.Configuration.WebLevel webLevel, System.Configuration.ConfigurationFileMap fileMap, System.Web.VirtualPath path, string site, string locationSubPath, string server, string userName, string password, System.IntPtr tokenHandle) Line 862 C# System.Web.dll!System.Web.Configuration.WebConfigurationManager.OpenWebConfigurationImpl(System.Web.Configuration.WebLevel webLevel, System.Configuration.ConfigurationFileMap fileMap, string path, string site, string locationSubPath, string server, string userName, string password, System.IntPtr userToken) Line 77 + 0x1c bytes C# System.Web.dll!System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(string path) Line 140 + 0x25 bytes C#
Unfortunately your only alternative is to use WebConfigurationManager.GetSection() which isn't as feature rich.
With regard to encrypting your connection strings. Sadly this feature demands Full Trust, there's no other way around it.
这篇关于与OpenWebConfiguration ASP.NET安全异常共享主机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
