开发者

ASP.Net Security Exception on production server

I have an ASP.Net web application built on framework 3.5 is running fine on local iis but when I deployed it to GoDaddy , i started getting the security excepty. The complete exception is below

Server Error in '/' Application.
--------------------------------------------------------------------------------

Security Exception Description: The application attempted to perform an 
operation  not allowed by the security policy.  To grant this application 
the required permission please contact your system administrator 
or change the application's trust level in the configuration file. 



 Except开发者_如何学JAVAion Details: 
      System.Security.SecurityException:     
      System.Security.Permissions.SecurityPermission

Source Error: 


[No relevant source lines]


Source File: App_Web_xymjrvu2.0.cs    Line: 0 

Stack Trace: 


[SecurityException: System.Security.Permissions.SecurityPermission]
   PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) +0
   PourNavi.Web.Core.DbHelper.Dispose() +44
   PourNavi.Web.Core.MessageDataObjects.GetMessagesInfoForUserFromManager() +170
   PourNavi.Web.Core.MessagingManager.GetMessagesInfoForUserFromManager() +31
   PourNavi.Web.UI.UserControl.ucMessages.BindMessages() +41
   PourNavi.Web.UI.UserControl.ucMessages.Page_Load(Object sender, EventArgs e) +67
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Control.LoadRecursive() +141
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
   System.Web.UI.Page.ProcessRequest() +80
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.login_aspx.ProcessRequest(HttpContext context) in App_Web_xymjrvu2.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

I gone through various similar questions on SO but no help...

[Updated: Code of DbHelper.cs]

internal class DbHelper : IDisposable
{
    // Fields
    private readonly Component _component;
    private SqlConnection _connection;
    private bool _disposed;
    private IntPtr _handle;

    // Methods
    public DbHelper()
    {
        this._component = new Component();
        this.OpenConnection();
    }

    public DbHelper(IntPtr handle)
    {
        this._component = new Component();
        this._handle = handle;
    }

    private void CloseConnection()
    {
        try
        {
            if (this._connection.State == ConnectionState.Open)
            {
                this._connection.Close();
            }
        }
        finally
        {
            this._connection.Dispose();
        }
    }

    [DllImport("Kernel32")]
    private static extern bool CloseHandle(IntPtr handle);
    public void Dispose()
    {
        this.CloseConnection();
        this.Dispose(true);
        GC.SuppressFinalize(this);
    }

    protected virtual void Dispose(bool disposing)
    {
        if (!this._disposed)
        {
            if (disposing)
            {
                this._component.Dispose();
            }
            CloseHandle(this._handle);
            this._handle = IntPtr.Zero;
            this._disposed = true;
        }
    }

    public int ExecuteNonQuery(string commandText, CommandType commandType)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            return command.ExecuteNonQuery();
        }
    }

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter parameter)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.Add(parameter);
            return command.ExecuteNonQuery();
        }
    }

    public int ExecuteNonQuery(string commandText, CommandType commandType, SqlParameter[] parameters)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.AddRange(parameters);
            return command.ExecuteNonQuery();
        }
    }

    public object ExecuteScalar(string commandText, CommandType commandType)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            return command.ExecuteScalar();
        }
    }

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter parameter)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.Add(parameter);
            return command.ExecuteScalar();
        }
    }

    public object ExecuteScalar(string commandText, CommandType commandType, SqlParameter[] parameters)
    {
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.AddRange(parameters);
            return command.ExecuteScalar();
        }
    }

    public DataTable ExecuteSelect(string commandText, CommandType commandType)
    {
        DataTable table = new DataTable();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            using (SqlDataReader reader = command.ExecuteReader())
            {
                if (reader != null)
                {
                    table.Load(reader);
                }
            }
        }
        return table;
    }

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter[] parameters)
    {
        DataTable table = new DataTable();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.AddRange(parameters);
            using (SqlDataReader reader = command.ExecuteReader())
            {
                if (reader != null)
                {
                    table.Load(reader);
                }
            }
        }
        return table;
    }

    public DataTable ExecuteSelect(string commandText, CommandType commandType, SqlParameter parameter)
    {
        DataTable table = new DataTable();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.Add(parameter);
            using (SqlDataReader reader = command.ExecuteReader())
            {
                if (reader != null)
                {
                    table.Load(reader);
                }
            }
        }
        return table;
    }

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType)
    {
        DataSet dataSet = new DataSet();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            using (SqlDataAdapter adapter = new SqlDataAdapter(command))
            {
                adapter.Fill(dataSet);
            }
        }
        return dataSet;
    }

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter[] parameters)
    {
        DataSet dataSet = new DataSet();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.AddRange(parameters);
            using (SqlDataAdapter adapter = new SqlDataAdapter(command))
            {
                adapter.Fill(dataSet);
            }
        }
        return dataSet;
    }

    public DataSet ExecuteSelectDataSet(string commandText, CommandType commandType, SqlParameter parameter)
    {
        DataSet dataSet = new DataSet();
        using (SqlCommand command = new SqlCommand(commandText, this._connection))
        {
            command.CommandType = commandType;
            command.Parameters.Add(parameter);
            using (SqlDataAdapter adapter = new SqlDataAdapter(command))
            {
                adapter.Fill(dataSet);
            }
        }
        return dataSet;
    }

    ~DbHelper()
    {
        this.Dispose(false);
    }

    private void OpenConnection()
    {
        try
        {
            this._connection = new SqlConnection(ConnectionString);
            if (this._connection.State == ConnectionState.Open)
            {
                this._connection.Close();
            }
            this._connection.Open();
        }
        catch
        {
            throw new Exception("An error occured while communicating to sql server database.");
        }
    }

    // Properties
    private static string ConnectionString
    {
        get
        {
            return ConfigurationManager.ConnectionStrings["PourNavi.DigitalPrinting"].ConnectionString;
        }
    }
}

Do i need to remove stuffs from my code. Please help me out..

[Resolved]

Thanks guys for kind support, I resolved the issue. DllImport was the root cause , as I was inporting Kernel32....


ASP.NET has 5 different trust levels; Full, High, Medium, Low and Minimal. Each of these trust levels restricts the permissions of your application. With Full being an exception, this means that the code in your application is fully trusted and can access all resources it wants to access. You don’t want applications to run in this mode. Personally I always develop for Medium trust; I find that this gives enough permissions for 95% of the cases.

You can see the different permission sets in your config files, %windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG. If we take a look at the permissions that each trust level has we can see that the SecurityPermission (UnmanagedCode flag) is not in any of the permission sets. So it’s only available for Full trust assemblies and assemblies in the GAC (Full trust by default). I’m assuming GoDaddy also runs your application in Medium trust. You could simulate the behavior on your development environment by setting your web application in Medium trust mode.

<system.web>
  <securityPolicy>
    <trustLevel name="Medium" />
  </securityPolicy>
</system.web>

I can’t decide for you if the DllImport is necessary, but I would suggest you evaluate if it’s required. Since DllImport allows you to call unmanaged code that is written in C++ (in this case). You typically want to limit yourself in calling managed code. But that decision is up to you.


It looks like some code inside your PourNavi.Web.Core.DbHelper.Dispose(Boolean disposing) method is making a call to a method/assembly that requires full trust. GoDaddy shared hosting doesn't allow full trust.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜