log4net 在 ASP.Net MVC Web 应用程序中抛出安全异常
我编写了 3 个 ASP.net MVC Web 应用程序,所有应用程序都部署在与我的 ISP 共享的托管服务器上。
所有 3 个应用程序的配置和设置都非常相似。第一个应用程序部署到与第二个和第三个应用程序不同的服务器上。第一个应用程序没有给我任何错误。
第二个和第三个应用程序随机抛出以下SecurityException有点:
异常文本:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) +99
Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3082
在部署或编辑 web.config 后第一次访问该页面时,我收到上述错误。但是,在随后的页面重新加载中我不明白。这两个网站在当天剩下的时间里都会恢复正常,但第二天早上我又遇到同样的错误。
在我编辑 web.config 后,错误确实一致出现,我假设这是强制重新编译?
请帮忙。我不确定问题是什么。听起来好像和IIS的安全设置有关。所有 3 个 Web 应用程序的设置和部署方式都非常相似,只是第一个未出现错误的 Web 应用程序位于完全不同的服务器上。
I have written 3 ASP.net MVC web applications, and all are deployed on shared hosting servers with my ISP.
All 3 applications are very similar in configuration and settings. The 1st application is deployed to a different server than the 2nd and 3rd. The 1st application gives me no errors.
The 2nd and 3rd applications spit out the following SecurityException somewhat: randomly:
Exception Text:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) +99
Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3082
I get the above error the first time I hit the page after deploying or editing the web.config. However, on subsequent page reloads I don't get it. The 2 websites will be fine again for the rest of the day, but then the next morning I get the same error again.
The errors do appear consistently after I edit the web.config, which I am assuming is forcing a recompile?
Please help. I'm not sure what the problem is. Sounds like it is related to security settings in IIS. All 3 web apps are set up and deployed in a very similar way, except that the 1st web app which doesn't give the error is on a completely different server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
事实证明,上述 SecurityException 的原因有 3 个原因
我的 ISP 将 ASP.net 配置为在其较新的服务器上以中等信任模式运行,并且完全信任< /strong> 旧服务器上的模式。我的 Web 应用程序分布在这两台服务器之间,这就是为什么我在应用程序之间得到不同的行为,即使它们的配置完全相同
我使用 log4net 进行错误日志记录,并在我的 Global.asax< /strong> 文件,我有以下内容:
这一行 -
log4net.Config.XmlConfigurator.Configure();是引发上述异常的原因。它仅在应用程序启动时发生一次,或者在修改 web.config 时重新启动。这就是为什么我无法弄清楚问题出在哪里。我必须将 requirePermission="false" 添加到 web.config 中的 log4net configSection:
现在,如果我在中等信任度下进行开发模式,我会发现这些问题。您可以通过将以下内容添加到我的 web.config 来强制您的应用程序以中等信任模式运行:
通过强制我的应用程序以中等信任模式运行,我在 dev 中准确地找到了源异常的起源,并找出了它是什么从那以后就错了..
So it turns out that the reason for the above SecurityException is 3-fold
my ISP has ASP.net configured to run in medium trust mode on it's newer servers, and full trust mode on its older servers. My Web Applications are split between these 2 servers, which is why I am getting different behaviour between the applications even though they are configured exactly the same
I am using log4net for error logging, and in my Global.asax file, I have the following:
This line -
log4net.Config.XmlConfigurator.Configure();is what is throwing the above exception. It only happens once when the application is started, or restarted if they web.config is modified. That is why I couldn't figure out where the problem was coming from.I had to add a requirePermission="false" to the log4net configSection in the web.config:
Now if I was developing in medium trust mode, I would have picked these problems up. You can force your app to run in medium trust mode by adding the following to my web.config:
By forcing my app to run in medium trust mode, I picked up the source exception in dev exactly where it originated, and figured out what was wrong from there on..