0

我有一个做一些文件 IO 工作的 ASP.Net 页面。当我从 Web 浏览器(即 chrome)请求它时,它会成功,但是当我从应用程序中的 WebClient 实例请求它时,它会给我一个“System.Security.SecurityException”。这两个请求是否存在显着差异?为了让这个页面在我的 Web 客户端中工作,我需要了解哪些关于代码访问安全的知识?

这是原始提琴手请求和响应:

浏览器请求:

GET http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx HTTP/1.1
Host: 192.168.1.89
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

浏览器响应:

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 35189
Date: Tue, 14 Dec 2010 14:08:46 GMT
Content-Type: application/zip
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

... Binary Content ...

网络客户端请求:

POST http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx?Guid=e30e1826-3d96-4769-a540-acd911cccf02 HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------8cd697dcbf75ed4
Host: 192.168.1.89
Content-Length: 303
Expect: 100-continue

-----------------------8cd697dcbf75ed4
Content-Disposition: form-data; name="file"; filename="Catalog.xml"
Content-Type: application/octet-stream

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<catalog version="1.0">
  <items />
</catalog>
-----------------------8cd697dcbf75ed4--

Web 客户端响应(例外):

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 1244
Date: Tue, 14 Dec 2010 14:12:34 GMT
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

<error type="System.Security.SecurityException">
  <message>Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.</message>
  <stack-trace><![CDATA[   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.IO.File.GetLastWriteTimeUtc(String path)
   at Ionic.Zip.ZipEntry.Create(String nameInArchive, ZipEntrySource source, Object arg1, Object arg2)
   at Ionic.Zip.ZipEntry.CreateFromFile(String filename, String nameInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName, String directoryPathInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName)
   at MyApplication.UpdateItemFiles.GetUpdateContent(XDocument a_xManifest, Stream[] a_arrExtraContent) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 282
   at MyApplication.UpdateItemFiles.Page_Load(Object sender, EventArgs e) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 31]]></stack-trace>
  <inner-exception>null</inner-exception>
</error>
4

2 回答 2

0

这仍然在 Windows 身份验证中运行 - 尽管您相信您已经更改了它。我敢打赌,模仿也在进行中。

仔细检查身份验证。在执行 IO 操作时吐出一些调试代码来记录当前身份。

于 2010-12-13T22:32:40.473 回答
0

该问题与 IIS 身份验证无关。这是我使用的 Zip 库,DotNetZip。CAS 不愿意给它 File IO 权限。我终于不得不用文件流代理 IO 操作。唯一的缺点是我想添加到 Zip 存档中的任何文件,我都必须打开一个流,直到存档被保存。它们是文件流,因此使用的内存很少。

有人提到 WCF,这本来是理想的,但决策者认为这种方式太昂贵了。

于 2010-12-15T14:11:46.163 回答