共享主机上 OpenWebConfiguration 的 ASP.NET 安全异常
将我的网站从本地开发环境移动到共享主机后,我得到:
Security Exception
Description: The application attempted to perform an operation not allowed by
the security policy. To grant this application the required permission please
contact your system administrator or change the application's trust level in
the configuration file.
问题发生在我的 Web 应用程序中,到处都调用以下内容:
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
由于我的 Web 应用程序仅尝试打开它自己的 web.config 文件,因此我不这样做知道为什么这被标记为安全异常。也许有人可以解释......但更重要的是我需要一个解决方案,我通过谷歌找到的几个解决方案很痛苦。
一种解决方案(来自众多帖子)表示将信任级别配置为“完全”,但我被告知这在我的共享主机上是不可能的。
另一个解决方案(来自 https:// /web.archive.org/web/20210525032809/http://www.4guysfromrolla.com/articles/100307-1.aspx) 表示不使用 OpenWebConfiguration(),但我需要使用它来加密配置使用 DPAPI 的部分(例如 connectionStrings)(有关详细信息,请参阅 https://web.archive.org/web/20211020203213/https://www.4guysfromrolla.com/articles/021506-1.aspx)。
请告知为什么 IIS 在我的 Web 应用程序上尝试打开它自己的 web.config,以及能够使用 DPAPI 加密部分 web.config 的解决方法。
After moving my web site from my local development environment to a shared host I get:
Security Exception
Description: The application attempted to perform an operation not allowed by
the security policy. To grant this application the required permission please
contact your system administrator or change the application's trust level in
the configuration file.
The problem occurs in my web application everywhere the following is called:
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Since my web application is only trying to open it's own web.config file, I don't know why this is flagged as a security exception. Maybe someone can explain... But more importantly I need a solution, the couple solutions I found via Google are painful.
One solution (from numerous posts) said to configure the trust level to Full, but I'm told that is not possible on my shared host.
Another solution (from https://web.archive.org/web/20210525032809/http://www.4guysfromrolla.com/articles/100307-1.aspx) says to not use OpenWebConfiguration(), but I need to use it to encrypt configuration sections (e.g. connectionStrings) using DPAPI (for more info see https://web.archive.org/web/20211020203213/https://www.4guysfromrolla.com/articles/021506-1.aspx).
Please advise on why IIS barfs on my web application trying to open it's own web.config, and a work-around to be able to encrypt parts of the web.config using DPAPI.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我过去有过这个问题的经历。
OpenWebConfiguration()方法还会读取machine.config文件。在部分信任和没有正确权限的情况下,您无法使用此方法。如果您要使用 Visual Studio 2008/2010 中的调试器进入 .NET Framework 程序集,您可以准确地看到正在发生的情况。
以下是进入
WebConfigurationManager.OpenWebConfiguration()时捕获的调用堆栈:不幸的是,您唯一的选择是使用功能不丰富的
WebConfigurationManager.GetSection()。关于加密您的连接字符串。遗憾的是,此功能需要完全信任,没有其他办法可以解决。
I have had experience of this issue in the past. The
OpenWebConfiguration()method also reads themachine.configfile. Under partial trust and without the correct permissions you can't use this method.If you were to step into the .NET Framework assemblies with your debugger in Visual Studio 2008/2010 you can see exactly what is happening.
The following is a call stack captured when stepping into
WebConfigurationManager.OpenWebConfiguration():Unfortunately your only alternative is to use
WebConfigurationManager.GetSection()which isn't as feature rich.With regard to encrypting your connection strings. Sadly this feature demands Full Trust, there's no other way around it.