生产服务器上的ASP.Net安全异常

Question

我有一个基于框架3.5构建的ASP.Net Web应用程序在本地iis上运行良好，但是当我将它部署到GoDaddy时，我开始获得安全性，除非是。完整的例外是低于

Server Error in '/' Application. 
-------------------------------------------------------------------------------- 

Security Exception Description: The application attempted to perform an 
operation not allowed by the security policy. To grant this application 
the required permission please contact your system administrator 
or change the application's trust level in the configuration file. 



Exception Details: 
     System.Security.SecurityException:  
     System.Security.Permissions.SecurityPermission 

Source Error: 


[No relevant source lines] 


Source File: App_Web_xymjrvu2.0.cs Line: 0 

Stack Trace: 


[SecurityException: System.Security.Permissions.SecurityPermission] 
    PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) +0 
    PourNavi.Web.Core.DbHelper.Dispose() +44 
    PourNavi.Web.Core.MessageDataObjects.GetMessagesInfoForUserFromManager() +170 
    PourNavi.Web.Core.MessagingManager.GetMessagesInfoForUserFromManager() +31 
    PourNavi.Web.UI.UserControl.ucMessages.BindMessages() +41 
    PourNavi.Web.UI.UserControl.ucMessages.Page_Load(Object sender, EventArgs e) +67 
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14 
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 
    System.Web.UI.Control.OnLoad(EventArgs e) +99 
    System.Web.UI.Control.LoadRecursive() +50 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Control.LoadRecursive() +141 
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785 
    System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242 
    System.Web.UI.Page.ProcessRequest() +80 
    System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21 
    System.Web.UI.Page.ProcessRequest(HttpContext context) +49 
    ASP.login_aspx.ProcessRequest(HttpContext context) in App_Web_xymjrvu2.0.cs:0 
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181 
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 

我通过对SO，但没有帮助各种类似的问题了...

[更新时间：DbHelper.cs的代码]

internal class DbHelper : IDisposable 
{ 
    // Fields 
    private readonly Component _component; 
    private SqlConnection _connection; 
    private bool _disposed; 
    private IntPtr _handle; 

    // Methods 
    public DbHelper() 
    { 
     this._component = new Component(); 
     this.OpenConnection(); 
    } 

    public DbHelper(IntPtr handle) 
    { 
     this._component = new Component(); 
     this._handle = handle; 
    } 

    private void CloseConnection() 
    { 
     try 
     { 
      if (this._connection.State == ConnectionState.Open) 
      { 
       this._connection.Close(); 
      } 
     } 
     finally 
     { 
      this._connection.Dispose(); 
     } 
    } 

    [DllImport("Kernel32")] 
    private static extern bool CloseHandle(IntPtr handle); 
    public void Dispose() 
    { 
     this.CloseConnection(); 
     this.Dispose(true); 
     GC.SuppressFinalize(this); 
    } 

    protected virtual void Dispose(bool disposing) 
    { 
     if (!this._disposed) 
     { 
      if (disposing) 
      { 
       this._component.Dispose(); 
      } 
      CloseHandle(this._handle); 
      this._handle = IntPtr.Zero; 
      this._disposed = true; 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      return command.ExecuteNonQuery(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      return command.ExecuteScalar(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      return command.ExecuteScalar(); 
     } 
    } 

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      return command.ExecuteScalar(); 
     } 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     DataTable table = new DataTable(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      using (SqlDataReader reader = command.ExecuteReader()) 
      { 
       if (reader != null) 
       { 
        table.Load(reader); 
       } 
      } 
     } 
     return table; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter[] parameters) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.AddRange(parameters); 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter parameter) 
    { 
     DataSet dataSet = new DataSet(); 
     using (SqlCommand command = new SqlCommand(commandText, this._connection)) 
     { 
      command.CommandType = commandType; 
      command.Parameters.Add(parameter); 
      using (SqlDataAdapter adapter = new SqlDataAdapter(command)) 
      { 
       adapter.Fill(dataSet); 
      } 
     } 
     return dataSet; 
    } 

    ~DbHelper() 
    { 
     this.Dispose(false); 
    } 

    private void OpenConnection() 
    { 
     try 
     { 
      this._connection = new SqlConnection(ConnectionString); 
      if (this._connection.State == ConnectionState.Open) 
      { 
       this._connection.Close(); 
      } 
      this._connection.Open(); 
     } 
     catch 
     { 
      throw new Exception("An error occured while communicating to sql server database."); 
     } 
    } 

    // Properties 
    private static string ConnectionString 
    { 
     get 
     { 
      return ConfigurationManager.ConnectionStrings["PourNavi.DigitalPrinting"].ConnectionString; 
     } 
    } 
} 

我是否需要从我的代码中删除东西。请帮我..

【解析】

谢谢你们的鼎力支持，我解决了这个问题。 DllImport是根源，因为我是inporting Kernel32 ....

Answer 1

它看起来像您的PourNavi.Web.Core.DbHelper.Dispose（布尔处置）方法中的一些代码正在调用一个方法/程序集需要充分的信任。 GoDaddy共享主机不允许完全信任。

Answer 2

ASP.NET有5个不同的信任级别;完整，高，中，低和最小。这些信任级别中的每一个都会限制应用程序的权限。 Full是一个例外，这意味着应用程序中的代码是完全可信的，并且可以访问它想要访问的所有资源。您不希望应用程序在此模式下运行。我个人总是为中等信任而开发;我发现这给95％的案件提供了足够的权限。

您可以在配置文件%windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG中看到不同的权限集。如果我们查看每个信任级别的权限，我们可以看到SecurityPermission（UnmanagedCode标志）不在任何权限集中。所以它仅适用于GAC中的完全信任程序集和程序集（默认情况下为完全信任）。 我假设GoDaddy也在Medium trust中运行你的应用程序。您可以通过将您的Web应用程序设置为中等信任模式来模拟开发环境中的行为。

<system.web> 
    <securityPolicy> 
    <trustLevel name="Medium" /> 
    </securityPolicy> 
</system.web> 

我无法为您决定是否需要DllImport，但我建议您评估是否需要。由于DllImport允许您调用用C++编写的非托管代码（在这种情况下）。您通常希望限制自己调用托管代码。但是，这个决定取决于你。