我有一些代码可以动态地将Razor模板编译成我执行的程序集
一组权限(无权访问文件等).
一组权限(无权访问文件等).
这适用于我们的开发计算机和测试服务器(Windows 2008 IIS7 x64 .NET 4).但是在我们的生产服务器(相同规范)上,它给出了错误:
“加载此程序集将从其他实例生成不同的授权集.(HRESULT异常:0x80131401)”
这是代码: –
public static SandBoxContext Create(string pathToUntrusted,List<Assembly> references) { AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ShadowcopyFiles = "true"; var dir = new DirectoryInfo(pathToUntrusted); String tempPath = Path.Combine(Path.GetTempPath(),dir.Name + "_shadow"); adSetup.CachePath = tempPath; // Our sandBox needs access to this assembly. string Accesspath = Path.Combine(System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath,"bin\\CommonInterfaces.WebPages.dll"); System.IO.File.copy(Accesspath,Path.Combine(pathToUntrusted,"CommonInterfaces.WebPages.dll"),true); var baseDir = Path.GetFullPath(pathToUntrusted); adSetup.ApplicationBase = baseDir; adSetup.PrivateBinPath = baseDir; adSetup.PartialTrustVisibleAssemblies = new string[] { typeof(System.Web.WebPageTraceListener).Assembly.FullName,typeof(System.Web.Razor.RazorEngineHost).Assembly.FullName}; //Setting the permissions for the AppDomain. We give the permission to execute and to //read/discover the location where the untrusted code is loaded. PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); //We want the sandBoxer assembly's strong name,so that we can add it to the full trust list. StrongName fullTrustAssembly = typeof(SandBoxer).Assembly.Evidence.GetHostEvidence<StrongName>(); Evidence evidence = new Evidence(); //Now we have everything we need to create the AppDomain,so let's create it. AppDomain newDomain = AppDomain.CreateDomain("SandBox",evidence,adSetup,permSet,fullTrustAssembly); ObjectHandle handle = Activator.CreateInstanceFrom( newDomain,typeof(SandBoxer).Assembly.ManifestModule.FullyQualifiedname,typeof(SandBoxer).FullName ); //Unwrap the new domain instance into a reference in this domain and use it to execute the //untrusted code. var newDomainInstance = (SandBoxer)handle.Unwrap(); return new SandBoxContext(newDomain,newDomainInstance); }
任何想法为什么它会在一台服务器上有所不同?我刚刚在损坏的服务器上安装了所有未完成的Windows更新,但它没有帮助.
如果我将PermissionSet更改为: –
PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);
所有代码都有效(但可能存在安全问题)
解决方法
当您尝试使用不同的权限集将程序集加载到现有AppDomain两次时,通常会发生此错误. $1M的问题是它是什么装配,以及AppDomain是什么.
我没有完整的答案,但您可以查看以下内容:
>由于编组,沙盒装配(如果有)会加载到主应用程序域中?
>如果您有自己的服务器代码,是否指定了LoadOptimizationAttribute?
>您的开发服务器和生产服务器是否使用不同的隔离级别?
>生产服务器上是否存在共享某些程序集的其他应用程序?
您还可以尝试在服务器上安装远程调试运行时,将调试器附加到托管应用程序的进程,并直接检查在哪个域中加载的内容.您可能需要SOS调试扩展.
