如何使我的應用程序以完全信任模式運行 - .NET 4.0控制檯應用程序

Question

我們遇到了命令行（批處理）應用程序和完全/部分信任的問題。

我們以前的版本（版本號7.13.0.63）工作正常，然而，當我們安裝新版本（7.13.0.249），我們得到一個「那集不允許部分受信任的調用方」。

例外：

Stack Trace (edited): 
    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) 
    at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) 
    at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) 
    at System.Activator.CreateInstance[T]() 
    at <Company>.Service.<Product>.Proxy.Factories.ControllerProxyFactory.Create[T]() 
    <Stack Trace that leads to creation of a WCF client> ... 

Inner Exception: 
An error occurred creating the configuration section handler for system.serviceModel/behaviors: That assembly does not allow partially trusted callers. (C:\Program Files (x86)\InsuranceLine\ListLoader\InsuranceLine.ListLoader.Launcher.exe.Config line 53) 
Stack Trace: 
    at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecordsectionRecord, Object parentResult) 
    at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) 
    at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) 
    at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName) 
    at System.Configuration.ConfigurationManager.GetSection(String sectionName) 
    at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) 
    at System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetConfigurationSection(String sectionPath) 
    at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) 
    at System.ServiceModel.Description.ConfigLoader.LookupChannel(ContextInformation configurationContext, String configurationName, ContractDescription contract, EndpointAddress address, Boolean wildcard, Boolean useChannelElementKind, ServiceEndpoint& serviceEndpoint) 
    at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address) 
    at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress) 
    <Stack Trace that determines the correct WCF factory to create> 

Inner Exception: 
That assembly does not allow partially trusted callers. 
Stack Trace: 
    at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) 
    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) 
    at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) 
    at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) 
    at System.Activator.CreateInstance(Type type, Boolean nonPublic) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.CreateNewSection(String name) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElementCore(XmlReader reader) 
    at System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationElementCollection.OnDeserializeUnrecognizedElement(String elementName, XmlReader reader) 
    at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationElement.DeserializeElement(XmlReader reader, Boolean serializeCollectionKey) 
    at System.Configuration.ConfigurationSection.DeserializeSection(XmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionImpl(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionWithRestrictedPermissions(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.RuntimeConfigurationRecord.CreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader) 
    at System.Configuration.BaseConfigurationRecord.CallCreateSection(Boolean inputIsTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader reader, String filename, Int32 line) 

關於我們用於部署產品的過程，我們使用通過WiX創建的MSI。我們執行下列步驟：

• 卸載以前版本的產品
• 複製的MSI從網絡共享（兩個版本相同的份額，根據版本的不同子目錄）
• 安裝MSI作爲管理員
  • 這將安裝到C：\ Program Files文件（x86）的

的只有2個版本之間的變化是：

• 額外的AppSettings項目的app.config文件（myapp.exe.config）列入指定事務超時
• 更改「使用新的TransactionScope（） 「to」使用新的TransactionScope（TransactionScopeOption.Required，timeoutValueReadFromAppSettingsAndStoredInLocalVariable）「
  • 創建WCF客戶端在此事務範圍之外。

附加信息：

• 異常不會發生在我們的任何開發/分期/ QA /預生產環境。它只發生在我們的生產應用服務器上。
• 我們正在將Windows 7推廣到我們的組織，因此企業策略可能已經發生變化。
• 該應用程序面向.Net Framework 4。0
• 如果我們卸載新版本，並重新安裝老版本（包括網絡共享副本）舊版本工作正常，仍然
• 本機正在安裝爲Windows Server 2008 R2
• 本機是一種是在VMware環境中託管的虛擬機

理想我想知道的幾件事情：

1. 如何改變組件（或設定權限安裝後），以便它可以運行我吶完全信任模式
2. 如何複製在開發/分期/ QA環境問題
   • 明確將「不信任」大會可能重現，但我想重現它在相同的方式生產，這樣，當它是安裝它被認定爲不可信，在我看來，做這件事的方式與「複製」網絡共享有關，我從MSI /程序集中複製MSI或可能「不信任」發佈者信息。
3. 如何配置生產應用服務器/安全策略，以便將來安裝是完全可信的（接聽項目2很可能會回答這個問題）

感謝

Answer 1

這真是很奇怪給出.NET 4.0 CLR默認情況下不應用CAS安全策略，因此您實際上必須進行某種（希望）有意的更改才能讓本地安裝的命令行應用程序部分受信任。

試圖挖掘過深，潛在的原因之前，請您確認以下事項：

1. 請問您app.config文件包含一個NetFx40_LegacySecurityPolicy元素？
2. 您的應用程序是否真的在問題機器上的4.0 CLR下運行？ （如果在引發異常之前無法修改源以輸出Environment.Version的值，則應使用Process Explorer確定您的進程中運行的是哪個CLR版本。）