ASP.Net Security Exception on production server
I have an ASP.Net web application built on framework 3.5 is running fine on local iis but when I deployed it to GoDaddy , i started getting the security excepty. The complete exception is below
Server Error in '/' Application.
--------------------------------------------------------------------------------
Security Exception Description: The application attempted to perform an
operation not allowed by the security policy. To grant this application
the required permission please contact your system administrator
or change the application's trust level in the configuration file.
Except开发者_如何学JAVAion Details:
System.Security.SecurityException:
System.Security.Permissions.SecurityPermission
Source Error:
[No relevant source lines]
Source File: App_Web_xymjrvu2.0.cs Line: 0
Stack Trace:
[SecurityException: System.Security.Permissions.SecurityPermission]
PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) +0
PourNavi.Web.Core.DbHelper.Dispose() +44
PourNavi.Web.Core.MessageDataObjects.GetMessagesInfoForUserFromManager() +170
PourNavi.Web.Core.MessagingManager.GetMessagesInfoForUserFromManager() +31
PourNavi.Web.UI.UserControl.ucMessages.BindMessages() +41
PourNavi.Web.UI.UserControl.ucMessages.Page_Load(Object sender, EventArgs e) +67
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Control.LoadRecursive() +141
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
System.Web.UI.Page.ProcessRequest() +80
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.login_aspx.ProcessRequest(HttpContext context) in App_Web_xymjrvu2.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
I gone through various similar questions on SO but no help...
[Updated: Code of DbHelper.cs]
internal class DbHelper : IDisposable
{
// Fields
private readonly Component _component;
private SqlConnection _connection;
private bool _disposed;
private IntPtr _handle;
// Methods
public DbHelper()
{
this._component = new Component();
this.OpenConnection();
}
public DbHelper(IntPtr handle)
{
this._component = new Component();
this._handle = handle;
}
private void CloseConnection()
{
try
{
if (this._connection.State == ConnectionState.Open)
{
this._connection.Close();
}
}
finally
{
this._connection.Dispose();
}
}
[DllImport("Kernel32")]
private static extern bool CloseHandle(IntPtr handle);
public void Dispose()
{
this.CloseConnection();
this.Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (!this._disposed)
{
if (disposing)
{
this._component.Dispose();
}
CloseHandle(this._handle);
this._handle = IntPtr.Zero;
this._disposed = true;
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
return command.ExecuteNonQuery();
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter parameter)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
return command.ExecuteNonQuery();
}
}
public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter[] parameters)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
return command.ExecuteNonQuery();
}
}
public object ExecuteScalar(string commandText, CommandType commandType)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
return command.ExecuteScalar();
}
}
public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter parameter)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
return command.ExecuteScalar();
}
}
public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter[] parameters)
{
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
return command.ExecuteScalar();
}
}
public DataTable ExecuteSelect(string commandText, CommandType commandType)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter[] parameters)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter parameter)
{
DataTable table = new DataTable();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader != null)
{
table.Load(reader);
}
}
}
return table;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter[] parameters)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.AddRange(parameters);
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter parameter)
{
DataSet dataSet = new DataSet();
using (SqlCommand command = new SqlCommand(commandText, this._connection))
{
command.CommandType = commandType;
command.Parameters.Add(parameter);
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dataSet);
}
}
return dataSet;
}
~DbHelper()
{
this.Dispose(false);
}
private void OpenConnection()
{
try
{
this._connection = new SqlConnection(ConnectionString);
if (this._connection.State == ConnectionState.Open)
{
this._connection.Close();
}
this._connection.Open();
}
catch
{
throw new Exception("An error occured while communicating to sql server database.");
}
}
// Properties
private static string ConnectionString
{
get
{
return ConfigurationManager.ConnectionStrings["PourNavi.DigitalPrinting"].ConnectionString;
}
}
}
Do i need to remove stuffs from my code. Please help me out..
[Resolved]
Thanks guys for kind support, I resolved the issue. DllImport was the root cause , as I was inporting Kernel32....
ASP.NET has 5 different trust levels; Full, High, Medium, Low and Minimal. Each of these trust levels restricts the permissions of your application. With Full being an exception, this means that the code in your application is fully trusted and can access all resources it wants to access. You don’t want applications to run in this mode. Personally I always develop for Medium trust; I find that this gives enough permissions for 95% of the cases.
You can see the different permission sets in your config files, %windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG
. If we take a look at the permissions that each trust level has we can see that the SecurityPermission (UnmanagedCode flag) is not in any of the permission sets. So it’s only available for Full trust assemblies and assemblies in the GAC (Full trust by default).
I’m assuming GoDaddy also runs your application in Medium trust. You could simulate the behavior on your development environment by setting your web application in Medium trust mode.
<system.web>
<securityPolicy>
<trustLevel name="Medium" />
</securityPolicy>
</system.web>
I can’t decide for you if the DllImport is necessary, but I would suggest you evaluate if it’s required. Since DllImport allows you to call unmanaged code that is written in C++ (in this case). You typically want to limit yourself in calling managed code. But that decision is up to you.
It looks like some code inside your PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) method is making a call to a method/assembly that requires full trust. GoDaddy shared hosting doesn't allow full trust.
精彩评论