Windows 10 WindowsIdentity.Impersonate抛出'';灾难性故障(HRESULT异常:0x8000FFFF(E#u意外))&x27;2018年4月(1803)更新后
我们的安装程序应用程序使用以下代码验证服务帐户权限:Windows 10 WindowsIdentity.Impersonate抛出'';灾难性故障(HRESULT异常:0x8000FFFF(E#u意外))&x27;2018年4月(1803)更新后,windows-10,impersonation,.net-4.6,Windows 10,Impersonation,.net 4.6,我们的安装程序应用程序使用以下代码验证服务帐户权限: try { using (svcIdentity.Impersonate()) { using (SqlConnection conn = new SqlConnection(builder.ConnectionString)) // <<< { conn.Open(); ... 内部异常提供了更多细节: Catastroph
try
{
using (svcIdentity.Impersonate())
{
using (SqlConnection conn = new SqlConnection(builder.ConnectionString)) // <<<
{
conn.Open();
...
内部异常提供了更多细节:
Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))
堆栈跟踪:
at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl)
at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.GetHostEvidence(Type type, Boolean markDelayEvaluatedEvidenceUsed)
at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.RawEvidenceEnumerator.MoveNext()
at System.Security.Policy.Evidence.EvidenceEnumerator.MoveNext()
at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)
at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)
at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigurationHost.RequireCompleteInit(IInternalConfigRecord record)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Data.SqlClient.SqlConnection..cctor()
堆栈跟踪表明SqlConnection构造函数无法打开配置节。我们的app.config
没有连接字符串部分,测试计算机上的machine.config
和security.config
自2017年以来没有更改
该代码在以下情况下起作用:
- 使用(svcindential.Impersonate)注释出
或,
- 在SqlConnection构造函数(
)正上方的行上设置断点并单步执行代码(???)时 或{
- 将我们的应用程序添加到本章末尾提到的注册表项时
GetLocationEvidence
似乎考虑了SecurityZone
,相应注册表项中列出的应用程序似乎忽略了这一点
现在我的问题是:
有谁能帮我理解到底出了什么问题,以及是否有更好的方法来解决这个问题,而不是使用一个模糊的注册表项?这似乎是一个“巧合”,这个注册表更改可以工作,我担心如果我们不理解它失败的确切原因,我们的代码可能会再次中断
Thx.在运行时,CLR在程序集上收集证据,在执行代码时使用该程序集做出安全决策。虽然我不能100%不查看Windows程序集,但似乎您的修复程序可以工作,因为它免除了您的站点在您计算机上的代码访问安全策略。其他程序可以工作,因为它们生成e与您的发布版本不同的证据。应用的Windows update可能对基础函数进行了更改,并返回了一个不同的结果,导致您的应用死机。感谢您包含注册表项修复。这至少是一个对我有效的小解决方法。
at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl)
at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.GetHostEvidence(Type type, Boolean markDelayEvaluatedEvidenceUsed)
at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(Type evidenceType)
at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
at System.Security.Policy.Evidence.RawEvidenceEnumerator.MoveNext()
at System.Security.Policy.Evidence.EvidenceEnumerator.MoveNext()
at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)
at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)
at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)
at System.Configuration.ClientConfigurationHost.RequireCompleteInit(IInternalConfigRecord record)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Data.SqlClient.SqlConnection..cctor()