安全异常:请求失败
此页面存在安全问题。
尚未确定错误原因。 该页面列出了文件夹中的所有文件,效果非常好。现在她正在列出这些相同的文件,但使用的是 ajax。
代码很简单: 我有一个 PartialView,它是一个 WebGrid,列出了此文件夹中的文件:
PartialView "_files.cshtml"
@model string[]
@{
var folderName = Request["FolderName"];
var columns = new List<WebGridColumn>
{
{ ... }
};
if (Request.IsAuthenticated)
{
columns.Add( { ... } );
}
var grid = new WebGrid(
source: Model,
ajaxUpdateContainerId: folderName + "-grid",
rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
headerStyle: "grid-header"
)
该请求是由以下 javascript 函数发出的:
Index.cshtml
<script type="text/javascript">
$(window).load(function () {
loadFiles("Documentos");
});
function loadFiles(folderName) {
$.ajax(
{ type: "GET",
url: '/Downloads/Files?folderName=' + folderName,
success: function (data) {
$("#" + folderName + "-grid").html(data);
}
})
}
</script>
<div id="Documentos-grid"></div>
< strong>在Controller中,我调用PartialView:
public string[] GetFiles(string folderName)
{
var locations = Server.MapPath("~/App_Data/Downloads/");
return Directory.GetFiles(Path.Combine(locations, folderName));
}
public ActionResult Files(string folderName)
{
return PartialView("_files", GetFiles(folderName));
}
文件被发送到文件夹:
/App_Data/下载/
在这篇文章之后,我把下载文件夹中的 web.config,但错误仍然存在。
Web.Config
<?xml version="1.0"?>
<configuration>
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Medium" originUrl="" />
</system.web>
</location>
</configuration>
控制器
错误发生在方法的第 3 行:GetBoletins
private DataContext db = new DataContext();
public IList<Boletim> GetBoletins()
{
return (from boletim in db.BoletinsSemanais
where boletim.Year == DateTime.Now.Year
orderby boletim.Year, boletim.Week, boletim.Name
select boletim).Take(5).ToList();
}
另一个程序集
DataContext 是另一个程序集中的类。
public class DataContext : DbContext
{
public DbSet<Boletim> BoletinsSemanais { get; set; }
public DataContext()
: base("name=DefaultConnection")
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
base.OnModelCreating(modelBuilder);
}
}
This page presents a security problem.
Not yet identified the cause of the error.
This page was listing all the files in a folder, it worked perfectly. Now she is listing these same files, but using ajax.
The code is simple:
I have a PartialView, which is a WebGrid that lists the files in this folder:
PartialView "_files.cshtml"
@model string[]
@{
var folderName = Request["FolderName"];
var columns = new List<WebGridColumn>
{
{ ... }
};
if (Request.IsAuthenticated)
{
columns.Add( { ... } );
}
var grid = new WebGrid(
source: Model,
ajaxUpdateContainerId: folderName + "-grid",
rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
headerStyle: "grid-header"
)
The request is made by this javascript funciton:
Index.cshtml
<script type="text/javascript">
$(window).load(function () {
loadFiles("Documentos");
});
function loadFiles(folderName) {
$.ajax(
{ type: "GET",
url: '/Downloads/Files?folderName=' + folderName,
success: function (data) {
$("#" + folderName + "-grid").html(data);
}
})
}
</script>
<div id="Documentos-grid"></div>
In the Controller, I call PartialView:
public string[] GetFiles(string folderName)
{
var locations = Server.MapPath("~/App_Data/Downloads/");
return Directory.GetFiles(Path.Combine(locations, folderName));
}
public ActionResult Files(string folderName)
{
return PartialView("_files", GetFiles(folderName));
}
The files are sent to the folder:
/App_Data/Downloads/
Following this article, I put a web.config in the Downloads folder, but the error remains.
Web.Config
<?xml version="1.0"?>
<configuration>
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Medium" originUrl="" />
</system.web>
</location>
</configuration>
Controller
The error happens at line 3 of the method: GetBoletins
private DataContext db = new DataContext();
public IList<Boletim> GetBoletins()
{
return (from boletim in db.BoletinsSemanais
where boletim.Year == DateTime.Now.Year
orderby boletim.Year, boletim.Week, boletim.Name
select boletim).Take(5).ToList();
}
Another Assembly
DataContext is a class that is in another assembly.
public class DataContext : DbContext
{
public DbSet<Boletim> BoletinsSemanais { get; set; }
public DataContext()
: base("name=DefaultConnection")
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
base.OnModelCreating(modelBuilder);
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论