生產服務器上的ASP.Net安全異常

Question

我有一個基於框架3.5構建的ASP.Net Web應用程序在本地iis上運行良好，但是當我將它部署到GoDaddy時，我開始獲得安全性，除非是。完整的例外是低於

Server Error in '/' Application. 
-------------------------------------------------------------------------------- 

Security Exception Description: The application attempted to perform an 
operation not allowed by the security policy. To grant this application 
the required permission please contact your system administrator 
or change the application's trust level in the configuration file. 



Exception Details: 
     System.Security.SecurityException:  
     System.Security.Permissions.SecurityPermission 

Source Error: 


[No relevant source lines] 


Source File: App_Web_xymjrvu2.0.cs Line: 0 

Stack Trace: 


[SecurityException: System.Security.Permissions.SecurityPermission] 
    PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) +0 
    PourNavi.Web.Core.DbHelper.Dispose() +44 
    PourNavi.Web.Core.MessageDataObjects.GetMessagesInfoForUserFromManager() +170 
    PourNavi.Web.Core.MessagingManager.GetMessagesInfoForUserFromManager() +31 
    PourNavi.Web.UI.UserControl.ucMessages.BindMessages() +41 
    PourNavi.Web.UI.UserControl.ucMessages.Page_Load(Object sender, EventArgs e) +67 
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14 
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 
    System.Web.UI.Control.OnLoad(EventArgs e) +99 
    System.Web.UI.Control.LoadRecursive() +50 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785 
    System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242 
    System.Web.UI.Page.ProcessRequest() +80 
    System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21 
    System.Web.UI.Page.ProcessRequest(HttpContext context) +49 
    ASP.login_aspx.ProcessRequest(HttpContext context) in App_Web_xymjrvu2.0.cs:0 
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181 
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 

我通過對SO，但沒有幫助各種類似的問題了...

[更新時間：DbHelper.cs的代碼]

internal class DbHelper : IDisposable 
{ 
    // Fields 
    private readonly Component _component; 
    private SqlConnection _connection; 
    private bool _disposed; 
    private IntPtr _handle; 

    // Methods 
    public DbHelper() 
    { 
     this._component = new Component(); 
     this.OpenConnection(); 
    } 

    public DbHelper(IntPtr handle) 
    { 
     this._component = new Component(); 
     this._handle = handle; 
    } 

    private void CloseConnection() 
    { 
     try 
     { 
      if (this._connection.State == ConnectionState.Open) 
      { 
       this._connection.Close(); 
      } 
     } 
     finally 
     { 
      this._connection.Dispose(); 
     } 
    } 

    [DllImport("Kernel32")] 
    private static extern bool CloseHandle(IntPtr handle); 
    public void Dispose() 
    { 
     this.CloseConnection(); 
     this.Dispose(true); 
     GC.SuppressFinalize(this); 
    } 

    protected virtual void Dispose(bool disposing) 
    { 
     if (!this._disposed) 
     { 
      if (disposing) 
      { 
       this._component.Dispose(); 
      } 
      CloseHandle(this._handle); 
      this._handle = IntPtr.Zero; 
      this._disposed = true; 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      return command.ExecuteScalar(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      return command.ExecuteScalar(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      return command.ExecuteScalar(); 
     } 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    ~DbHelper() 
    { 
     this.Dispose(false); 
    } 

    private void OpenConnection() 
    { 
     try 
     { 
      this._connection = new SqlConnection(ConnectionString); 
      if (this._connection.State == ConnectionState.Open) 
      { 
       this._connection.Close(); 
      } 
      this._connection.Open(); 
     } 
     catch 
     { 
      throw new Exception("An error occured while communicating to sql server database."); 
     } 
    } 

    // Properties 
    private static string ConnectionString 
    { 
     get 
     { 
      return ConfigurationManager.ConnectionStrings["PourNavi.DigitalPrinting"].ConnectionString; 
     } 
    } 
} 

我是否需要從我的代碼中刪除東西。請幫我..

【解析】

謝謝你們的鼎力支持，我解決了這個問題。 DllImport是根源，因爲我是inporting Kernel32 ....

Answer 1

它看起來像您的PourNavi.Web.Core.DbHelper.Dispose（布爾處置）方法中的一些代碼正在調用一個方法/程序集需要充分的信任。 GoDaddy共享主機不允許完全信任。

Answer 2

ASP.NET有5個不同的信任級別;完整，高，中，低和最小。這些信任級別中的每一個都會限制應用程序的權限。 Full是一個例外，這意味着應用程序中的代碼是完全可信的，並且可以訪問它想要訪問的所有資源。您不希望應用程序在此模式下運行。我個人總是爲中等信任而開發;我發現這給95％的案件提供了足夠的權限。

您可以在配置文件%windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG中看到不同的權限集。如果我們查看每個信任級別的權限，我們可以看到SecurityPermission（UnmanagedCode標誌）不在任何權限集中。所以它僅適用於GAC中的完全信任程序集和程序集（默認情況下爲完全信任）。 我假設GoDaddy也在Medium trust中運行你的應用程序。您可以通過將您的Web應用程序設置爲中等信任模式來模擬開發環境中的行爲。

<system.web> 
    <securityPolicy> 
    <trustLevel name="Medium" /> 
    </securityPolicy> 
</system.web> 

我無法爲您決定是否需要DllImport，但我建議您評估是否需要。由於DllImport允許您調用用C++編寫的非託管代碼（在這種情況下）。您通常希望限制自己調用託管代碼。但是，這個決定取決於你。