安全异常:请求失败

发布于 2024-11-19 17:58:45 字数 3631 浏览 0 评论 0原文

此页面存在安全问题。

尚未确定错误原因。 该页面列出了文件夹中的所有文件,效果非常好。现在她正在列出这些相同的文件,但使用的是 ajax。

代码很简单: 我有一个 PartialView,它是一个 WebGrid,列出了此文件夹中的文件:

PartialView "_files.cshtml"

@model string[]
@{
    var folderName = Request["FolderName"];

    var columns = new List<WebGridColumn>
                            {
                                { ... }
                            };

    if (Request.IsAuthenticated)
    {
        columns.Add( { ... } );
    }

    var grid = new WebGrid(
        source: Model,
        ajaxUpdateContainerId: folderName + "-grid",
        rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
    headerStyle: "grid-header"
)

该请求是由以下 javascript 函数发出的:

Index.cshtml

<script type="text/javascript">
    $(window).load(function () {
        loadFiles("Documentos");
    });

    function loadFiles(folderName) {
        $.ajax(
                { type: "GET",
                    url: '/Downloads/Files?folderName=' + folderName,
                    success: function (data) {
                        $("#" + folderName + "-grid").html(data);
                    }
                })
    }
</script>

<div id="Documentos-grid"></div>

< strong>在Controller中,我调用PartialView:

public string[] GetFiles(string folderName)
{
    var locations = Server.MapPath("~/App_Data/Downloads/");
    return Directory.GetFiles(Path.Combine(locations, folderName));
}

public ActionResult Files(string folderName)
{
    return PartialView("_files", GetFiles(folderName));
}

文件被发送到文件夹

/App_Data/下载/

这篇文章之后,我把下载文件夹中的 web.config,但错误仍然存​​在。

Web.Config

<?xml version="1.0"?>
<configuration>
  <location allowOverride="true">
    <system.web>
      <securityPolicy>
        <trustLevel name="Full" policyFile="internal" />
        <trustLevel name="High" policyFile="web_hightrust.config" />
        <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
        <trustLevel name="Low" policyFile="web_lowtrust.config" />
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
      </securityPolicy>
      <trust level="Medium" originUrl="" />
    </system.web>
  </location>
</configuration>

控制器

错误发生在方法的第 3 行:GetBoletins

private DataContext db = new DataContext();

public IList<Boletim> GetBoletins()
{
    return (from boletim in db.BoletinsSemanais
            where boletim.Year == DateTime.Now.Year
            orderby boletim.Year, boletim.Week, boletim.Name
            select boletim).Take(5).ToList();
}

另一个程序集

DataContext 是另一个程序集中的类。

public class DataContext : DbContext
{
    public DbSet<Boletim> BoletinsSemanais { get; set; }

    public DataContext()
        : base("name=DefaultConnection")
    {

    }

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
        base.OnModelCreating(modelBuilder);
    }
}

This page presents a security problem.

Not yet identified the cause of the error.
This page was listing all the files in a folder, it worked perfectly. Now she is listing these same files, but using ajax.

The code is simple:
I have a PartialView, which is a WebGrid that lists the files in this folder:

PartialView "_files.cshtml"

@model string[]
@{
    var folderName = Request["FolderName"];

    var columns = new List<WebGridColumn>
                            {
                                { ... }
                            };

    if (Request.IsAuthenticated)
    {
        columns.Add( { ... } );
    }

    var grid = new WebGrid(
        source: Model,
        ajaxUpdateContainerId: folderName + "-grid",
        rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
    headerStyle: "grid-header"
)

The request is made by this javascript funciton:

Index.cshtml

<script type="text/javascript">
    $(window).load(function () {
        loadFiles("Documentos");
    });

    function loadFiles(folderName) {
        $.ajax(
                { type: "GET",
                    url: '/Downloads/Files?folderName=' + folderName,
                    success: function (data) {
                        $("#" + folderName + "-grid").html(data);
                    }
                })
    }
</script>

<div id="Documentos-grid"></div>

In the Controller, I call PartialView:

public string[] GetFiles(string folderName)
{
    var locations = Server.MapPath("~/App_Data/Downloads/");
    return Directory.GetFiles(Path.Combine(locations, folderName));
}

public ActionResult Files(string folderName)
{
    return PartialView("_files", GetFiles(folderName));
}

The files are sent to the folder:

/App_Data/Downloads/

Following this article, I put a web.config in the Downloads folder, but the error remains.

Web.Config

<?xml version="1.0"?>
<configuration>
  <location allowOverride="true">
    <system.web>
      <securityPolicy>
        <trustLevel name="Full" policyFile="internal" />
        <trustLevel name="High" policyFile="web_hightrust.config" />
        <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
        <trustLevel name="Low" policyFile="web_lowtrust.config" />
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
      </securityPolicy>
      <trust level="Medium" originUrl="" />
    </system.web>
  </location>
</configuration>

Controller

The error happens at line 3 of the method: GetBoletins

private DataContext db = new DataContext();

public IList<Boletim> GetBoletins()
{
    return (from boletim in db.BoletinsSemanais
            where boletim.Year == DateTime.Now.Year
            orderby boletim.Year, boletim.Week, boletim.Name
            select boletim).Take(5).ToList();
}

Another Assembly

DataContext is a class that is in another assembly.

public class DataContext : DbContext
{
    public DbSet<Boletim> BoletinsSemanais { get; set; }

    public DataContext()
        : base("name=DefaultConnection")
    {

    }

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
        base.OnModelCreating(modelBuilder);
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文