0

我想阅读 .NET4.0 Web 服务中的一些日历事件。因为不涉及用户,所以我使用了服务帐户授权方法。它在我的本地机器上完美运行。但是当我想将它安装在托管服务器上时,我在创建证书期间获得了权限异常。原因是 Web 服务的中等信任级别。但是这个级别在托管服务器上很常见。是否有其他方法可以访问可在中等信任级别服务器上运行的 api?

这是我的内部服务代码:

public static List<CalendarEventObject> GetEvents( string calendarName, int maxToGet, out string error )
    {
        string done = "";
        error = "";

        try
        {
            // access google api with service account
            String serviceAccountEmail = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@developer.gserviceaccount.com";

            var p12File = System.Web.HttpContext.Current.Server.MapPath( "./bin/MyAppsServiceAccountFileFromGoogleDeveoperConsole.p12" );

            done += "maped certificate: " + p12File;

            // this needs System.Security.Permissions.KeyContainerPermission permission, 
            // that is not inside medium trust (nor inside high trust)
            var certificate = new X509Certificate2( p12File
                , "notasecret"
                , X509KeyStorageFlags.MachineKeySet |
                  X509KeyStorageFlags.PersistKeySet |
                  X509KeyStorageFlags.Exportable );         // tried several storage flags with no success            

            ServiceAccountCredential credential = new ServiceAccountCredential(
            new ServiceAccountCredential.Initializer( serviceAccountEmail )
            {
                Scopes = new[] { CalendarService.Scope.Calendar }
            }.FromCertificate( certificate ) );

            // Create the service.
            var service = new CalendarService( new BaseClientService.Initializer( )
            {
                HttpClientInitializer = credential,
                ApplicationName = "MyCalendarReader",
            } );

            done += "service created ";

            // Fetch the list of calendar list
            var list = service.CalendarList.List( ).Execute( ).Items;

            done += "CalendarList loaded ";

            if ( list.Count == 0 ) throw new Exception( "CalendarList returned none" );

            bool found = false;
            List<string> calendars = new List<string>( );
            foreach ( var calendarListEntry in list )
            {
                calendars.Add( calendarListEntry.Summary );
                if ( calendarListEntry.Summary == calendarName )
                {
                    found = true;
                    return ExtractEvents( service, calendarListEntry, maxToGet );
                }
            }

            if ( !found )
            {
                throw new Exception( "No matching calendar: " + String.Join( ";", calendars ) );
            }
        }
        catch ( Exception ex )
        {
            error = String.Format( "\nDone:{0}\n msg:{1}\n inner:{2}\n stack:{3}", done, ex.Message, ex.InnerException != null ? ex.InnerException.Message : "none", ex.StackTrace );
        }

        return new List<CalendarEventObject>( );
    }
4

1 回答 1

0

除了更改信任级别之外,我认为您的问题没有解决方案。

“中等信任级别在托管服务器上很常见”声明,虽然它曾经是真的 - 现在不再是了。

Medium Trust已被团队淘汰ASP.NET主要原因是反射在过去几年开始被更多地使用。在 Medium Trust 中进行反思几乎是不可能的。

你最好的解决方案,尤其是从长远来看,是把这个告诉你的托管服务提供商,并找到另一个提供商,以防他们拒绝为你提供完全信任。

PS:ASP.NET Partial Trust 不保证应用程序隔离

于 2014-11-30T19:51:09.227 回答