环境:
Windows Server 2008 R2
IIS 7.5
.NET 4.0, Integrated Application Pool
Oracle Client 11.2.0.2.0
ODP.net 11.2.0.2.3
我有一个使用ODP.net连接到我们的Oracle数据库的网站,在" Full Trust"下,该应用程序可以正常运行。但是,当我将应用程序更改为使用" Medium Trust"时,我开始从应用程序中获取不一致的NullReferenceExceptions。大多数时候代码都有效,但每10个请求左右我就得到NullReferenceException。在查看事件日志时,我发现NullRefernceException通常对应于w3wp.exe崩溃。
Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7afa2
Faulting module name: OraOps11w.dll, version: 2.112.2.0, time stamp: 0x4cea1904
Exception code: 0xc0000005
Fault offset: 0x0000000000024d56
Faulting process id: 0x3ba4
Faulting application start time: 0x01ccdf556d68384a
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: C:\Oracle64\product\11.2.0\client\bin\OraOps11w.dll1
显然问题是ODP.NET,但为什么它会在" Medium Trust"中崩溃w3wp.exe。因此,为了确保我在代码中没有做错,我编写了最简单的ASP.NET Web应用程序:
protected void Page_Load(object sender, EventArgs e) {
using(OracleConnection conn = new OracleConnection(GetMyConnectionString())){
using (OracleCommand cmd = new OracleCommand("select localtimestamp from dual", conn)) {
conn.Open();
this.aLiteral.Text = ((DateTime)cmd.ExecuteScalar()).ToLongDateString();
}
}
}
Under" Full Trust"该应用程序工作正常。在" Medium Trust"下,该应用似乎工作正常,但是当我将IIS调试诊断工具连接到应用程序的应用程序池时,该应用程序会丢失数千个错误:
[1/30/2012 12:50:25 PM] First chance exception - 0xe0434352 caused by thread with System ID: 14832
[1/30/2012 12:50:25 PM] Stack Trace
RetAddr : Args to Child : Call Site
000007fe`f9990845 : 00000000`04af0ed0 00000000`00000001 00000000`00000000 00000001`bfe3a0b8 : KERNELBASE!RaiseException+0x3d
000007fe`f9993226 : 00000001`bfe3a0b8 00000000`00000000 00000001`bfe3a0b8 00000001`bfe3a0b8 : clr!PreBindAssemblyEx+0x61681
000007fe`f7a61233 : 00000000`00000000 00000000`00000000 00000001`bfdca3b0 00000000`00000000 : clr!PreBindAssemblyEx+0x64062
000007fe`f7a61515 : 00000000`ffd5c9b8 00000000`ffd5c9b8 00000000`ffd5c9b8 00000000`00000000 : mscorlib_ni+0x9f1233
000007fe`f7b0f6e2 : 00000001`bfdca3b0 00000000`00000000 00000000`ffd5c9b8 00000000`ffd5c9b8 : mscorlib_ni+0x9f1515
000007fe`f9859714 : 00000001`3fb39a28 00000000`00000000 00000000`00000000 00000000`ffd5c9b8 : mscorlib_ni+0xa9f6e2
000007fe`f9859829 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : clr!LogHelp_LogAssert+0x25a04
000007fe`f985bb74 : 00000000`0fb2d450 00000000`00000008 000007fe`f7a602e0 00000000`00000000 : clr!LogHelp_LogAssert+0x25b19
000007fe`f985c39c : 00000000`00000000 00000000`00000000 00001f80`0010000b 0053002b`002b0033 : clr!LogHelp_LogAssert+0x27e64
000007fe`f9da3ea1 : 00000000`00000000 00000000`0fb2d700 00000000`04af0ed0 00000000`0257ffc0 : clr!LogHelp_LogAssert+0x2868c
000007fe`f9da42e5 : 00000000`00000000 00000000`0fb2e600 00000000`04af0ed0 00000001`3fb39a28 : clr!GetAssemblyIdentityFromFile+0x2aa81
000007fe`f9da454d : 00000000`04af0ed0 00000000`00000000 00000001`3fb39a28 00000000`04af0ed0 : clr!GetAssemblyIdentityFromFile+0x2aec5
000007fe`f9da4aac : 00000000`ffd5c9b8 00000000`00000000 00000000`04af0ed0 00000000`0fb2d630 : clr!GetAssemblyIdentityFromFile+0x2b12d
000007fe`f9da4b9c : 00000000`0fb2d898 00000000`00000001 00000000`00000000 00000000`00000000 : clr!GetAssemblyIdentityFromFile+0x2b68c
000007fe`f9c32ecc : 00000000`00000081 00000000`00000000 00000000`00000000 00000000`00000000 : clr!GetAssemblyIdentityFromFile+0x2b77c
000007fe`f9e97004 : 000007ff`002653f8 00000000`0fb2dda0 000007fe`f6554288 00000000`ffd5c9b8 : clr!CreateAssemblyConfigCookie+0x9f93c
000007fe`f9ea54e8 : 000007fe`f6554288 00000000`00010400 00000000`00010400 00000000`00000000 : clr!TranslateSecurityAttributes+0x39bb4
000007fe`f9854b72 : 00000000`04af0ed0 000007fe`f9908c66 000007fe`00000000 00000000`00000000 : clr!TranslateSecurityAttributes+0x48098
000007fe`f67af41f : 000007ff`001b8140 000007fe`f6554288 00000001`bfdc3360 00000000`0fb2dc08 : clr!LogHelp_LogAssert+0x20e62
000007fe`f67a38e6 : 00000000`00000000 00000000`00000000 00000000`0fb2dd00 000007fe`f9861052 : System_ni+0x2bf41f
000007ff`001a5c34 : 000007ff`001b8140 00000000`00000000 00000000`00000000 000007fe`f99de765 : System_ni+0x2b38e6
000007ff`001a5a12 : 00000001`00000000 000007ff`001b8140 000007ff`001b8140 00000000`0fb2dda0 : 0x7ff`001a5c34
000007ff`00187109 : 000007ff`00187104 00000000`00000046 00000000`0fb24000 00000000`04af0ed0 : 0x7ff`001a5a12
000007fe`f73f30c8 : 00000001`3fb398f8 00000001`3fb39990 00000000`00000000 00000000`00000000 : 0x7ff`00187109
000007fe`f9859714 : 00000000`ffd991a0 00000001`bfdc30d0 00000000`00000000 00000000`00000000 : mscorlib_ni+0x3830c8
000007fe`f9859829 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!LogHelp_LogAssert+0x25a04
000007fe`f98598a5 : 00000000`0fb2e038 00000000`00000002 00000000`0fb2e050 00000000`0fb2e248 : clr!LogHelp_LogAssert+0x25b19
000007fe`f998878a : 00000001`3fb39cd8 00000000`00000000 00000000`0fb2e4b8 00000000`0fb2e2f0 : clr!LogHelp_LogAssert+0x25b95
000007fe`f99885b1 : 00000001`3fb39cd8 00000000`025800c8 00000000`04af0ed0 00000000`025800c8 : clr!PreBindAssemblyEx+0x595c6
000007fe`f73e17b1 : 00000001`3fb39990 00000001`bfdc3090 00000001`ffb46070 00000000`00000000 : clr!PreBindAssemblyEx+0x593ed
000007fe`f73e16fb : 00000001`3fb39990 000007fe`f986200f 00000000`0fb2e558 00000000`00000000 : mscorlib_ni+0x3717b1
000007fe`f7476e5d : 000007ff`001b2020 00000000`000001be 00000001`3fb39990 00000000`0fb2e8d0 : mscorlib_ni+0x3716fb
000007fe`f9859714 : 00000001`3fb399b8 000007fe`f9838477 00000000`00000000 00000000`00000000 : mscorlib_ni+0x406e5d
000007fe`f9859829 : 00000000`00000000 00000000`00000000 000007fe`f7a35cf0 00000000`00000000 : clr!LogHelp_LogAssert+0x25a04
000007fe`f98598a5 : 00000000`0fb2e8c8 00000000`00000001 00000000`0fb2e8d0 00000000`0fb2eb20 : clr!LogHelp_LogAssert+0x25b19
000007fe`f9859d88 : 00000000`0fb2eb18 000007fe`f7374860 00000000`0fb2ebb0 000007fe`f713cd7c : clr!LogHelp_LogAssert+0x25b95
000007fe`f9a198a0 : 00000000`0fb2f380 00000000`0fb2eba0 00000000`0fb2f420 000007fe`f754dea0 : clr!LogHelp_LogAssert+0x26078
000007fe`f9869402 : 00000000`00000000 00000000`0fb2f380 00000000`04af0ed0 00000000`00000001 : clr!ClrCreateManagedInstance+0x1d00
000007fe`f9869397 : 00000000`00000000 00000000`770400e0 00000000`0fb2ee60 00000000`00392c70 : clr!LogHelp_LogAssert+0x356f2
000007fe`f9869304 : 00000000`04af12d0 000007fe`f986a0be ffffffff`fffffffe 00000000`003981f4 : clr!LogHelp_LogAssert+0x35687
000007fe`f9869604 : 00000000`0fb2f128 00000000`04af0ed0 00000000`00000000 00000000`04af0ed0 : clr!LogHelp_LogAssert+0x355f4
000007fe`f9c3305a : 00000000`00000000 00000000`02463320 00000000`0257ffc0 000007fe`fd2fb002 : clr!LogHelp_LogAssert+0x358f4
000007fe`f9869638 : 00000000`00000002 00000000`0fb2f380 00000000`0fb2f380 00000000`04af0ed0 : clr!CreateAssemblyConfigCookie+0x9faca
000007fe`f9869397 : 00000000`00000000 00000000`04af0ed0 ffffffff`fffffffe 00000000`04af0ed0 : clr!LogHelp_LogAssert+0x35928
000007fe`f9869304 : 00000000`00000048 00000000`00000001 00000000`00000000 00000000`00000000 : clr!LogHelp_LogAssert+0x35687
000007fe`f986945b : ffffffff`ffffffff 00000000`04af0ed0 00000000`00000000 00000000`00000000 : clr!LogHelp_LogAssert+0x355f4
000007fe`f9a196f0 : 00000000`04af0ed0 00000000`0fb2f840 00000000`00000001 00000000`00000000 : clr!LogHelp_LogAssert+0x3574b
000007fe`f998a7c2 : 00000000`04ac1960 00000000`0fb2f438 00000000`04af0ed0 00000000`00000000 : clr!ClrCreateManagedInstance+0x1b50
00000000`76e3652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!PreBindAssemblyEx+0x5b5fe
00000000`7706c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
OS Thread Id: 0x39f0 (30)
Child SP IP Call Site
000000000fb2ced8 000007fefd2fcacd [HelperMethodFrame: 000000000fb2ced8]
000000000fb2d020 000007fef7a61233 System.Security.CodeAccessSecurityEngine.ThrowSecurityException(System.Reflection.RuntimeAssembly, System.Security.PermissionSet, System.Security.PermissionSet, System.RuntimeMethodHandleInternal, System.Security.Permissions.SecurityAction, System.Object, System.Security.IPermission)
000000000fb2d0b0 000007fef7a61515 System.Security.CodeAccessSecurityEngine.CheckHelper(System.Security.PermissionSet, System.Security.PermissionSet, System.Security.CodeAccessPermission, System.Security.PermissionToken, System.RuntimeMethodHandleInternal, System.Object, System.Security.Permissions.SecurityAction, Boolean)
000000000fb2d120 000007fef7b0f6e2 System.Security.PermissionListSet.CheckDemand(System.Security.CodeAccessPermission, System.Security.PermissionToken, System.RuntimeMethodHandleInternal)
000000000fb2d518 000007fef9859714 [GCFrame: 000000000fb2d518]
000000000fb2d6d0 000007fef9859714 [GCFrame: 000000000fb2d6d0]
000000000fb2d828 000007fef9859714 [GCFrame: 000000000fb2d828]
000000000fb2d8d8 000007fef9859714 [DebuggerSecurityCodeMarkFrame: 000000000fb2d8d8]
000000000fb2d9b8 000007fef9859714 [HelperMethodFrame: 000000000fb2d9b8] System.StubHelpers.StubHelpers.BeginStandalone(IntPtr, IntPtr, Int32)
000000000fb2dc08 000007fef67af41f [NDirectMethodFrameStandalone: 000000000fb2dc08] Microsoft.Win32.NativeMethods.GetCurrentProcessId()
000000000fb2dbd0 000007fef67af41f DomainNeutralILStubClass.IL_STUB_PInvoke()
000000000fb2dc90 000007fef67a38e6 System.Diagnostics.Process.GetCurrentProcess()
000000000fb2dce0 000007ff001a5c34 Oracle.DataAccess.Client.OracleTuningAgent.GetCurrentVirtualMemorySize()
000000000fb2dd30 000007ff001a5a12 Oracle.DataAccess.Client.OracleTuningAgent.DoScan()
000000000fb2dd80 000007ff00187109 Oracle.DataAccess.Client.OracleTuningAgent.TuningFunction()
000000000fb2de10 000007fef73f30c8 System.Threading.ExecutionContext.runTryCode(System.Object)
000000000fb2e538 000007fef9859714 [HelperMethodFrame_PROTECTOBJ: 000000000fb2e538] System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
000000000fb2e660 000007fef73e17b1 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
000000000fb2e6c0 000007fef73e16fb System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
000000000fb2e710 000007fef7476e5d System.Threading.ThreadHelper.ThreadStart()
000000000fb2eb68 000007fef9859714 [GCFrame: 000000000fb2eb68]
000000000fb2ef50 000007fef9859714 [DebuggerU2MCatchHandlerFrame: 000000000fb2ef50]
000000000fb2f128 000007fef9859714 [ContextTransitionFrame: 000000000fb2f128]
000000000fb2f310 000007fef9859714 [DebuggerU2MCatchHandlerFrame: 000000000fb2f310]
我按照ODP.NET README中的说明将OraclePermission添加到web_mediumtrust.config(32位和64位),但我仍然遇到相同的错误。
如何让ODP.NET正确使用" Medium Trust"?
这是我的web_mediumtrust.config:
<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet" />
<SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="TypeDescriptorPermission" Description="System.Security.Permissions.TypeDescriptorPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="UIPermission" Description="System.Security.Permissions.UIPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="OraclePermission" Description="System.Data.OracleClient.OraclePermission, System.Data.OracleClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet class="NamedPermissionSet" version="1" Unrestricted="true" Name="FullTrust" Description="Allows full access to all resources" />
<PermissionSet class="NamedPermissionSet" version="1" Name="Nothing" Description="Denies all resources, including the right to execute" />
<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
<IPermission class="AspNetHostingPermission" version="1" Level="Medium" />
<IPermission class="DnsPermission" version="1" Unrestricted="true" />
<IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
<IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
<IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
<IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
<IPermission class="SecurityPermission" version="1" Flags="Execution, ControlThread, ControlPrincipal, RemotingConfiguration" />
<IPermission class="SmtpPermission" version="1" Access="Connect" />
<IPermission class="SqlClientPermission" version="1" Unrestricted="true" />
<IPermission class="TypeDescriptorPermission" version="1" Unrestricted="true" />
<IPermission class="WebPermission" version="1" Unrestricted="true" />
<IPermission class="ReflectionPermission" version="1" Flags="RestrictedMemberAccess" />
<IPermission class="OraclePermission" version="1" Unrestricted="true" />
<IPermission class="Oracle.DataAccess.Client.OraclePermission, Oracle.DataAccess, Version=4.112.2.0, Culture=neutral, PublicKeyToken=89b483f429c47342" version="1" Unrestricted="true" />
</PermissionSet>
</NamedPermissionSets>
<CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition class="AllMembershipCondition" version="1" />
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/*" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net">
<IMembershipCondition class="UrlMembershipCondition" version="1" Url="$CodeGen$/*" />
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>
答案 0 :(得分:6)
从错误消息判断,我相信这里发生的事情是,当应用程序运行时,ODP.net库会在某个单独的线程上产生OracleTuningAgent。当OracleTuningAgent正在执行时,它会调用:
System.Diagnostics.Process.GetCurrentProcess()
对GetCurrentProcess requires Full Trust的调用,当您在中信任下运行时会导致SecurityException。由于异常未在请求线程上发生且未处理,it causes the web application to recycle(参见风险#1)。
确保我创建了一个测试Web应用程序并将其设置为Medium Trust。然后我试着打电话给System.Diagnostics.Process.GetCurrentProcess(),我得到以下例外:
安全例外
应用程序尝试执行不允许的操作 安全政策。授予此应用程序所需的权限 请联系您的系统管理员或更改应用程序 配置文件中的信任级别。
异常详细信息:System.Security.SecurityException:请求失败。
我也尝试过High Trust并获得相同的结果。在完全信任下运行,我的测试应用程序工作正常。
因此,为了回答问题,似乎ODP.net导致w3wp在Medium Trust下崩溃,因为对Process.GetCurrentProcess()的调用需要完全信任。如果有以下任何一种方法,您可以使您的代码在Medium Trust下工作:
Process.GetCurrentProcess()的调用可以在中等信任下工作(我尝试过但无法想出办法,但这当然不意味着它不可能),或OracleTuningAgent