中等信任文件 I/O 权限
根据这篇关于中等信任的MSDN文章,在中等信任下:
FileIOPermission 受到限制。这 意味着您只能访问以下位置的文件 您的应用程序的虚拟目录 等级制度。您的申请已获批准 读取、写入、追加和路径发现 您的应用程序的权限 虚拟目录层次结构。
但是,对于我当前的托管提供商在中等信任下运行的应用程序,当我尝试读取/写入应用程序根文件夹中的文件时,我收到访问路径“myfile.xml”被拒绝错误。
使用以下代码读取此文件
XElement file = XElement.Load(HttpContext.Current.Server.MapPath("~/myfile.xml"));
更新完整错误:
访问路径 'C:\WebSites\mywebsite\myfile.xml' 是 被拒绝。
描述:未处理的异常 执行期间发生的 当前的网络请求。请查看 堆栈跟踪以获取有关的更多信息 错误及其起源 代码。
异常详细信息: 系统未授权访问异常: 访问路径 'C:\WebSites\mywebsite\myfile.xml' 是 否认。
ASP.NET无权访问 所请求的资源。考虑 授予资源访问权限 ASP.NET 请求标识。 ASP.NET 有一个基本进程标识 (通常是 IIS 5 上的 {MACHINE}\ASPNET 或 IIS 6 和 IIS 7 上的网络服务, 以及配置的应用程序池 IIS 7.5 上的身份),如果 该应用程序不是冒充的。 如果应用程序是冒充的 通过 , 身份将是匿名的 用户(通常为 IUSR_MACHINENAME)或 经过身份验证的请求用户。
要授予 ASP.NET 对文件的访问权限, 在资源管理器中右键单击该文件, 选择“属性”并选择 安全选项卡。点击“添加”即可添加 适当的用户或组。强调 ASP.NET 帐户,然后检查 用于所需访问的框。
来源错误:
生成了未处理的异常 当前执行期间 网络请求。有关信息 异常的起源和地点 可以使用异常来识别 下面的堆栈跟踪。
堆栈跟踪:
[UnauthorizedAccessException:访问 到路径 'C:\WebSites\mywebsite\myfile.xml' 是 被拒绝。]
System.IO.__Error.WinIOError(Int32) 错误代码,字符串可能完整路径) +12892935 System.IO.FileStream.Init(字符串路径, FileMode模式、FileAccess访问、 Int32 权限、布尔 useRights、 FileShare 共享,Int32 bufferSize, 文件选项选项, SECURITY_ATTRIBUTES secAttrs,字符串 msgPath,布尔值 bFromProxy,布尔值 使用长路径)+2481
System.IO.FileStream..ctor(字符串 路径、FileMode 模式、FileAccess 访问、FileShare 共享、Int32 bufferSize、FileOptions 选项、 字符串 msgPath,布尔值 bFromProxy) +229 System.IO.FileStream..ctor(字符串 路径、FileMode 模式、FileAccess 访问、FileShare 共享)+102
System.Xml.XmlWriterSettings.CreateWriter(字符串 输出文件名)+5224496
System.Xml.Linq.XElement.Save(字符串 文件名、保存选项选项)+108
mesoBoard.Services.SiteConfig.UpdateCache() +1971 mesoBoard.Web.MvcApplication.OnApplicationStarted() +62 Ninject.Web.Mvc.NinjectHttpApplication.Application_Start() +604[HttpException (0x80004005):访问 路径 'C:\WebSites\mywebsite\myfile.xml' 是 被拒绝。]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext 上下文,HttpApplication 应用程序)+3985477 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext、HttpContext 上下文、 MethodInfo[] 处理程序)+191
System.Web.HttpApplication.InitSpecial(HttpApplicationState 状态、MethodInfo[] 处理程序、IntPtr appContext、HttpContext 上下文)+325 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext、HttpContext 上下文)+407 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr 应用上下文)+375[HttpException (0x80004005):访问 路径 'C:\WebSites\mywebsite\myfile.xml' 是 被拒绝。]
System.Web.HttpRuntime.FirstRequestInit(HttpContext 上下文)+11524352
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext 上下文)+141
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr,HttpContext 上下文)+4782309
According to this MSDN article about medium trust, under medium-trust:
FileIOPermission is restricted. This
means you can only access files in
your application's virtual directory
hierarchy. Your application is granted
Read, Write, Append, and PathDiscovery
permissions for your application's
virtual directory hierarchy.
However, for my current hosting provider runs applications under medium-trust and when I try to read/write a file in the application's root folder, I get a access to path 'myfile.xml' denied error.
This file is read using the following bit of code
XElement file = XElement.Load(HttpContext.Current.Server.MapPath("~/myfile.xml"));
Update Full Error:
Access to the path
'C:\WebSites\mywebsite\myfile.xml' is
denied.Description: An unhandled exception
occurred during the execution of the
current web request. Please review the
stack trace for more information about
the error and where it originated in
the code.Exception Details:
System.UnauthorizedAccessException:
Access to the path
'C:\WebSites\mywebsite\myfile.xml' is
denied.ASP.NET is not authorized to access
the requested resource. Consider
granting access rights to the resource
to the ASP.NET request identity.
ASP.NET has a base process identity
(typically {MACHINE}\ASPNET on IIS 5
or Network Service on IIS 6 and IIS 7,
and the configured application pool
identity on IIS 7.5) that is used if
the application is not impersonating.
If the application is impersonating
via ,
the identity will be the anonymous
user (typically IUSR_MACHINENAME) or
the authenticated request user.To grant ASP.NET access to a file,
right-click the file in Explorer,
choose "Properties" and select the
Security tab. Click "Add" to add the
appropriate user or group. Highlight
the ASP.NET account, and check the
boxes for the desired access.Source Error:
An unhandled exception was generated
during the execution of the current
web request. Information regarding the
origin and location of the exception
can be identified using the exception
stack trace below.Stack Trace:
[UnauthorizedAccessException: Access
to the path
'C:\WebSites\mywebsite\myfile.xml' is
denied.]
System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)
+12892935 System.IO.FileStream.Init(String path,
FileMode mode, FileAccess access,
Int32 rights, Boolean useRights,
FileShare share, Int32 bufferSize,
FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean
useLongPath) +2481
System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess
access, FileShare share, Int32
bufferSize, FileOptions options,
String msgPath, Boolean bFromProxy)
+229 System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess
access, FileShare share) +102
System.Xml.XmlWriterSettings.CreateWriter(String
outputFileName) +5224496
System.Xml.Linq.XElement.Save(String
fileName, SaveOptions options) +108
mesoBoard.Services.SiteConfig.UpdateCache()
+1971 mesoBoard.Web.MvcApplication.OnApplicationStarted()
+62 Ninject.Web.Mvc.NinjectHttpApplication.Application_Start()
+604[HttpException (0x80004005): Access to
the path
'C:\WebSites\mywebsite\myfile.xml' is
denied.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext
context, HttpApplication app) +3985477
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr
appContext, HttpContext context,
MethodInfo[] handlers) +191
System.Web.HttpApplication.InitSpecial(HttpApplicationState
state, MethodInfo[] handlers, IntPtr
appContext, HttpContext context) +325
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr
appContext, HttpContext context) +407
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr
appContext) +375[HttpException (0x80004005): Access to
the path
'C:\WebSites\mywebsite\myfile.xml' is
denied.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext
context) +11524352
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext
context) +141
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +4782309
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您需要确保运行网站的应用程序池的用户帐户具有文件/文件夹的读/写权限。默认情况下,我认为您应该具有读取权限,但没有写入权限。另外,出于安全原因,最好将该文件从 wwwroot 文件夹移至不会损坏整个应用程序的文件夹中。
You need to make sure that the user account of the Application Pool running the website has read/write permissions to the file/folder. By default, I think you should have read permissions but not write permissions. Also, for security reasons, it might be a good idea to move that file out of the wwwroot folder into something that can't corrupt your entire application.
您的 IO 权限听起来像是您的文件的权限问题。我知道每当我将文件上传到托管提供商时,我都必须登录他们的控制面板并手动授予 IIS 帐户对其的写入权限,因为读取权限是自动授予的唯一权限。
另一方面,您的 xml 文件的位置会带来安全问题。尝试将文件放入“~/App_Data/”文件夹中,它是一个特殊的 .NET 文件夹,比您的数据文件夹更受限制 - 目前我可以访问 www.yoursite.com/data/myfile.xml 并下载它,而 App_Data 文件夹中的任何文件都无法通过网络下载。
App_Data 文件夹在 Visual Studio 中的用途是什么?
Your IO permission sounds like it's just a permission issue with your file. I know what whenever I upload a file to my hosting provider, I have to login to their control panel and manually give the IIS account write access to it, as read access is the only permission granted automatically.
On another note, the location of your xml file poses a security issue. Try putting the file in the "~/App_Data/" folder, it's a special .NET folder that's more restricted than your data folder - at the moment I could go to www.yoursite.com/data/myfile.xml and download it, whereas any file in the App_Data folder can't be downloaded over the web.
What is the App_Data folder used for in Visual Studio?
您正在使用 XElement 类。您的托管“中级”配置中可能不允许命名空间“System.Xml.Linq”。要在中等信任级别下使用 Linq,请遵循以下过程
You are using the XElement class. The namespace "System.Xml.Linq" is probably not allowed in your hosting "medium level" configuration. To use Linq in medium level trust, please follow the following procedure
中等信任指定应用程序只能访问 $AppDir。您可以自定义中等信任级别,通过更改 FileIOPermission 以包含 $AppDir 之外的其他目录来添加对中等信任的额外访问权限。但是,我发现即使在自定义的中等信任级别下调用 Server.MapPath("/") 时,也会收到异常“请求类型为‘System.Security.Permissions.FileIOPermission, mscorlib, Version=’的权限” 4.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089'失败“
我的理论是,这是因为您请求访问 $AppDir 之外的文件系统”我们最终不得不删除对 Server.MapPath 的所有调用。 () 来自我们的网络应用程序。
Medium Trust specifies that the application only has access to the $AppDir. You can customize medium Trust level to add additional access to the medium trust by altering the FileIOPermission to include other directories than $AppDir. However, I found that when you call Server.MapPath("/") under even a customized Medium Trust Level, then you will get an exception "Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed"
It is my theory that this is because you are requesting access to the file system outside the of the $AppDir". We ended up having to remove all calls to Server.MapPath() from our web applications.
我在 GoDaddy 上建立了一个网站,发现启用写入访问的唯一方法是为整个网络根目录启用它,但这可能只是该托管计划的限制?
I set up a website on GoDaddy and found that the only way I could enable write access, was to enable it for the whole web root but that might have just been the restriction for that hosting plan?