如何使我的应用程序以完全信任模式运行 - .NET 4.0控制台应用程序

Question

我们遇到了命令行（批处理）应用程序和完全/部分信任的问题。

我们以前的版本（版本号7.13.0.63）工作正常，然而，当我们安装新版本（7.13.0.249），我们得到一个“那集不允许部分受信任的调用方”。

例外：

Stack Trace (edited): 
    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) 
    at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) 
    at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) 
    at System.Activator.CreateInstance[T]() 
    at <Company>.Service.<Product>.Proxy.Factories.ControllerProxyFactory.Create[T]() 
    <Stack Trace that leads to creation of a WCF client> ... 

Inner Exception: 
An error occurred creating the configuration section handler for system.serviceModel/behaviors: That assembly does not allow partially trusted callers. (C:\Program Files (x86)\InsuranceLine\ListLoader\InsuranceLine.ListLoader.Launcher.exe.Config line 53) 
Stack Trace: 
    at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecordsectionRecord, Object parentResult) 
    at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) 
    at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName) 
    at System.Configuration.ConfigurationManager.GetSection(String sectionName) 
    at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) 
    at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetConfigurationSection(String sectionPath) 
    at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) 
    at System.ServiceModel.Description.ConfigLoader.LookupChannel(ContextInformation configurationContext, String configurationName, ContractDescription contract, EndpointAddress address, Boolean wildcard, Boolean useChannelElementKind, ServiceEndpoint& serviceEndpoint) 
    at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address) 
    at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress) 
    <Stack Trace that determines the correct WCF factory to create> 

Inner Exception: 
That assembly does not allow partially trusted callers. 
Stack Trace: 
    at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) 
    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) 
    at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) 
    at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) 
    at System.Activator.CreateInstance(Type type, Boolean nonPublic) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.CreateNewSection(String name) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElementCore(XmlReader reader) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationElementCollection.OnDeserializeUnrecognizedElement(String elementName, XmlReader reader) 
    at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationSection.DeserializeSection(XmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionImpl(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionWithRestrictedPermissions(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.CreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.BaseConfigurationRecord.CallCreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader, String filename, Int32 line) 

关于我们用于部署产品的过程，我们使用通过WiX创建的MSI。我们执行下列步骤：

• 卸载以前版本的产品
• 复制的MSI从网络共享（两个版本相同的份额，根据版本的不同子目录）
• 安装MSI作为管理员
  • 这将安装到C：\ Program Files文件（x86）的

的只有2个版本之间的变化是：

• 额外的AppSettings项目的app.config文件（myapp.exe.config）列入指定事务超时
• 更改“使用新的TransactionScope（） “to”使用新的TransactionScope（TransactionScopeOption.Required，timeoutValueReadFromAppSettingsAndStoredInLocalVariable）“
  • 创建WCF客户端在此事务范围之外。

附加信息：

• 异常不会发生在我们的任何开发/分期/ QA /预生产环境。它只发生在我们的生产应用服务器上。
• 我们正在将Windows 7推广到我们的组织，因此企业策略可能已经发生变化。
• 该应用程序面向.Net Framework 4。0
• 如果我们卸载新版本，并重新安装老版本（包括网络共享副本）旧版本工作正常，仍然
• 本机正在安装为Windows Server 2008 R2
• 本机是一种是在VMware环境中托管的虚拟机

理想我想知道的几件事情：

1. 如何改变组件（或设定权限安装后），以便它可以运行我呐完全信任模式
2. 如何复制在开发/分期/ QA环境问题
   • 明确将“不信任”大会可能重现，但我想重现它在相同的方式生产，这样，当它是安装它被认定为不可信，在我看来，做这件事的方式与“复制”网络共享有关，我从MSI /程序集中复制MSI或可能“不信任”发布者信息。
3. 如何配置生产应用服务器/安全策略，以便将来安装是完全可信的（接听项目2很可能会回答这个问题）

感谢

Answer 1

这真是很奇怪给出.NET 4.0 CLR默认情况下不应用CAS安全策略，因此您实际上必须进行某种（希望）有意的更改才能让本地安装的命令行应用程序部分受信任。

试图挖掘过深，潜在的原因之前，请您确认以下事项：

1. 请问您app.config文件包含一个NetFx40_LegacySecurityPolicy元素？
2. 您的应用程序是否真的在问题机器上的4.0 CLR下运行？ （如果在引发异常之前无法修改源以输出Environment.Version的值，则应使用Process Explorer确定您的进程中运行的是哪个CLR版本。）