7

我正在使用与 WCF 集成的企业库验证块。System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))当我使用 WIN32 API LogonUser 和 WindowsIdentity.Impersonate 模拟其他用户时,它会报告。在加载配置时获取安全证据似乎有问题。如果我删除模拟的编码,它可以正常工作。这些是异常堆栈跟踪的一部分,希望您能给一些帮助。谢谢。

System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))
   at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl)
   at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
   at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
   at System.Security.Policy.Evidence.GetHostEvidence(Type type, Boolean markDelayEvaluatedEvidenceUsed)
   at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
   at System.Security.Policy.Evidence.RawEvidenceEnumerator.MoveNext()
   at System.Security.Policy.Evidence.EvidenceEnumerator.MoveNext()
   at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)
   at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)
   at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)
   at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)
   at System.Configuration.ClientConfigurationHost.CreateConfigurationContext(String configPath, String locationSubPath)
   at System.Configuration.Internal.DelegatingConfigHost.CreateConfigurationContext(String configPath, String locationSubPath)
   at System.Configuration.BaseConfigurationRecord.get_ConfigContext()
4

4 回答 4

7

在我看来,问题在于 System.Configuration 在加载 app.config 时会自行模拟。我能够通过运行来解决这个问题

ConfigurationManager.GetSection("system.xml/xmlReader");

而不是冒充。这样做导致后来的模仿成功。

编辑:稍微澄清一下,我相信这样做会导致 app.config 被加载并缓存到内存中,因此导致问题的代码路径只执行一次并使用原始凭据。

于 2014-04-03T18:49:00.270 回答
2

经过长时间的战斗和许多 ProcMon 捕获后,我发现在某些情况下,在互操作期间和模拟时检查安全区域时会失败。它与此知识库有关:

https://support.microsoft.com/en-us/kb/945701?wa=wsignin1.0

如果您检查添加注册表节点和密钥的末尾,而不是按照指示添加 w3wp.exe,请添加您自己的可执行文件的文件名。这对我有用 - YMMV。

于 2015-04-30T14:19:56.277 回答
0

我正在分享这段代码,希望对未来的读者有所帮助。它在字母上帮助我摆脱了 3 小时的头痛 :)

        //This is an important line to write while impersonating.
        //It will allow SQL server connections to happen otherwise connection strings will error out.
        ConfigurationManager.GetSection("SqlColumnEncryptionEnclaveProviders");

        //Do the impersonation
        var credentials = new UserCredentials(DomainName, AccountName, Password);
        Impersonation.RunAsUser(credentials, LogonType.Interactive, () =>
        {
            //Your code here inside impersonation . . .
        });
于 2020-01-16T17:17:17.413 回答
-1

请参阅我在 MS 论坛中对此主题的回复:

http://social.msdn.microsoft.com/Forums/en-US/adodotnetdataproviders/thread/b5b7a179-3737-4380-b6cf-843f3e71b317/

这是线程标题:连接池随机抛出 COM 异常。

您可以在页面上的文本中搜索 LogonUser。

于 2013-05-27T16:23:45.207 回答