【茶包射手日記】ASP.NET WebForm 出現 System.Web.AspNetHostingPermission 安全錯誤
 |  | 0 |  |  |
接獲報案,ASP.NET WebForm 站台更新 DLL 元件後出現安全錯誤,訊息如下:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Stacktrace:
[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0
System.Web.UI.Util.GetTypeFromAssemblies(ICollection assemblies, String typeName, Boolean ignoreCase) +201
System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +302
System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +64
由訊息判斷與存取權限有關,爬文查到當見問題及解法有:
- AppPool 進階設定的 Load User Profile/載入使用者設定檔 未設成 True
- 網頁檔案實體放在遠端主機,以
\\my-server\my-projectUNC 方式存取,AppPoolIdentity 設定身分不正確 參考,或未使用 caspol 設成 FullTrust 參考
而我遇到的問題是另一種,DLL 來自網路磁碟機或網站下載,即使包 ZIP 解開後仍會被標記檔案來自遠端電腦,存取使用上有額外限制(術語為 Zone Identifier,詳情可參考這篇:網路下載程式持續被防毒軟體攔檢)。
除了從檔案總管屬性介面解除封鎖,使用 PowerShell Get-ChildItem * -Recurse | Unblock-File 可批次解封整個資料夾。另外,我發現用 7-Zip 解壓縮好像不會將封鎖傳染下去,似乎也是種解法。
System.Web.AspNetHostingPermission SecurityException caused by dll downloaded from remote computer.
Comments
Be the first to post a comment