问题描述
我开始使用实体框架代码优先和 Unity 进行依赖注入开发一个新的 MVC 应用程序.我使用了 EF5 和 Unity,因为我认为它们应该在 Medium Trust 中工作.然而,当我在我的 <trust level="Medium"/>
标签中抛出 <trust level="Medium"/>
标签时,我开始收到反射权限异常.
I started developing a new MVC app with Entity Framework code-first and Unity for dependency injection. I used EF5 and Unity because I thought they were supposed to work in Medium Trust. However, when I threw the <trust level="Medium" />
tag in my web.config
, I started getting Reflection Permission exceptions.
似乎每当我超越使用诸如 System.Data.SqlClient
ADO.net 之类的内置内容时,我总是在 Medium Trust 中遇到问题.自动映射器:失败.NHibernate:失败.MySQL:失败.EF5 代码优先:失败.国际奥委会:失败.
It always seems like whenever I go beyond using built-in things like the System.Data.SqlClient
ADO.net stuff I always run into problems in Medium Trust. Auto-Mapper: fail. NHibernate: fail. MySQL: fail. EF5 Code-first: fail. IOC: fail.
我只是在做白日梦吗?是否有可能使用现代技术实现一个架构良好且可测试的 Web 应用程序,并在 Medium Trust 中运行?
Am I just chasing a pipe-dream? Is it possible to achieve a well-architected and testable web application using modern technology that will run in Medium Trust?
在虚拟机/虚拟服务器/云计算(甚至是一些将您的应用程序池设置为完全信任的共享主机)时代,有没有人发现为 Medium Trust 进行开发值得付出努力?
In the age of VMs/Virtual Servers/Cloud Computing (and even a few shared hosts that will set your application pools to Full Trust) has anyone found developing for Medium Trust to be worth the effort?
推荐答案
ASP.NET 团队的官方立场是 Medium Trust 已过时.这意味着一些事情:
The official position of the ASP.NET team is that Medium Trust is obsolete. This means a few things:
- 我们会自动解决所有向我们报告的无法修复"的与 Medium Trust 相关的错误.
- 我们已向托管服务商提供了指导,说明他们应该从 Medium Trust 迁移并改用适当的操作系统级隔离 (http://support.microsoft.com/kb/2698981).
- 我们正在从我们开发的框架(MVC、WebAPI、SignalR 等)中移除 Medium Trust 支持.展望未来,基于这些框架构建的应用将需要完全信任.
此处,上面的术语中等信任"是指 ASP.NET 中的所有非完全信任配置,包括使用内置信任级别(最小、低、中、高)或任何自定义信任级别.
Here, the term "Medium Trust" above to refers to all non-Full Trust configurations in ASP.NET, including use of the built-in trust levels (Minimal, Low, Medium, High) or any custom trust levels.
编辑 2015 年 5 月 26 日: .NET Framework 整体已弃用部分信任,建议客户不要依赖它作为安全边界.来自 MSDN:
Edit 26 May 2015: The .NET Framework as a whole has deprecated partial trust, and customers are advised not to rely on it as a security boundary. From MSDN:
.NET Framework 中的代码访问安全不应用作部分可信代码的安全边界,尤其是来源不明.我们建议不要加载和执行以下代码未采取替代安全措施的未知来源地点.
这篇关于尝试为 Medium Trust 开发是一个失败的事业吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!