有些時候我們寫的asp.net應用程序是運行在虛擬主機上。有一些虛擬主機可能是由於安全的考慮,對ASP.Net做了權限設置,會導致我們的應用程序無法正常運行。
問題現象:
由於某種原因,ASP.Net不能加載某些dll文件,出現如下錯誤提示: Server Error in '/' Application.
---------------------------------------------
Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the current web request. Please revIEw the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identifIEd using the exception stack trace below.
Stack Trace:
[PolicyException: Required permissions cannot be acquired.]
System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denIEd, Boolean checkExecutionPermission) +2738293
System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denIEd, Int32& securitySpecialFlags, Boolean checkExecutionPermission) +57
[FileLoadException: Could not load file or assembly 'Microsoft.Practices.ObjectBuilder, Version=1.0.51205.0, Culture=neutral, PublicKeyToken=null' or one of its dependencIEs. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +0
System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +211
System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +141
System.Reflection.Assembly.Load(String assemblyString) +25
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +32
問題分析:
根據我的觀察,asp.net應用程序直接生成的dll可以正常加載,由asp.net直接調用的外部dll也可以正常加載,但是僅被外部dll引用的其他外部dll不能加載。我的猜想是:由於權限是不完全的,ASP.Net應用本身生成的dll和直接引用的dll可以通過權限的繼承獲得權限,而僅被外部dll引用的其他外部dll因為權限的限制不能繼承權限,因此出現了權限不足的問題。
問題解決:
通過在我電腦的試驗,推測虛擬主機上修改了根web.config(在我電腦上其位置為C:\Windows\Microsoft.Net\Framework\v2.0.50727\CONFIG)的設置.
默認web.config的權限設置節如下:
<location allowOverride="true">
<system.web>
&nbs
p; <securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Full" originUrl="" />
</system.web>
</location>
推測虛擬主機上修改之後的設置: <location allowOverride="false">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="High" originUrl="" />
</system.web>
</location> 他首先設置了allowOverride為false,這就阻止了在用戶web.config中重新定義權限的能力。然後,他定義trust level為High,而不是默認的Full。經我測試,只要trust level不為Full,僅被外部dll引用的其他外部dll就不能被加載。 因此,我建議技術支持將allowOverride節設置為true。這樣我就可以在web.config中重新指定權限了。
例:<trust level="Full" originUrl="" />
最近已經不研究aps.Net了,因此也沒有認真去查找深層的原因,或許我的認識還有誤。希望那位高手可以道出深層的原因,或指正我的錯誤。
