有些時候我們寫的asp.net應用程式是運行在虛擬主機上。有一些虛擬主機可能是由於安全性的考慮,對asp.net做了權限設置,會導致我們的應用程式無法正常運作。
問題現象:
由於某種原因,asp.net不能載入某些dll文件,出現以下錯誤提示: Server Error in '/' Application.
----------------------------------------------
Required permissions cannot be acquired .
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:d.Security.Policcan missionable. .
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[PolicyException: Required permissions cannot be acquired.]
System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +2738293
System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean check
=1.0 .51205.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +0
System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +211
System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +141
System.Reflection.Assembly.Load(String assemblyString) +25
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +32
問題分析:
根據我的觀察,asp.net應用程式直接產生的dll可以正常加載,由asp.net直接呼叫的外部dll也可以正常加載,但是僅被外部dll引用的其他外部dll不能加載。我的猜想是:由於權限是不完全的,asp.net應用程式本身產生的dll和直接引用的dll可以透過權限的繼承來獲得權限,而僅被外部dll引用的其他外部dll因為權限的限制不能繼承權限,因此出現了權限不足的問題。
問題解決:
透過在我電腦的試驗,推測虛擬主機上修改了根web.config(在我電腦上其位置為C:WINDOWSMicrosoft.NETFrameworkv2.0.50727CONFIG)的設定.
預設web.config的權限設定節如下:
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Full" originUrl="" />
</system.web>
</location>
推測虛擬主機上修改後的設定: <location allowOverride="false">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="High" originUrl="" />
</system.web>
</location> 他先設定了allowOverride為false,這阻止了在使用者web.config中重新定義權限的能力。然後,他定義trust level為High,而不是預設的Full。經我測試,只要trust level不為Full,僅被外部dll引用的其他外部dll就不能被載入。 因此,我建議技術支援將allowOverride節設為true。這樣我就可以在web.config中重新指定權限了。
例:<trust level="Full" originUrl="" />
最近已經不研究aps.net了,因此也沒有認真去查找深層的原因,或許我的認識還有誤。希望那位高手可以道出深層的原因,或指正我的錯誤。