专栏首页张善友的专栏What is aspnet.config

What is aspnet.config

今天认真的看了一下1.1和2.0版本的Aspnet.config,发现非常的不同,也许是asp.net 2.0比1.1的修改非常大。在MSDN上也找不到相关的文档, 好不容易找到一篇文章 What is aspnet.config

内容附后,各位对这个文件有研究的兄弟帮帮忙:

File under: important but hard to find info. Found bits of this in Stefan Schackow excellent book and added some context.

You may know when you are impersonating and you spawn a new thread, the impersonation token will not be copied to this new thread automatically, but the process token will be used. This can lead to subtle security holes, e.g. when your process is running as LOCAL SYSTEM (never do that!!) and is impersonating a least privilege account (e.g. a client) and you spawn a new thread, this new thread will run as LOCAL SYSTEM. This can also happen if you call a STA COM component (e.g. VB6) and a thread switch occurs.

This is the behavior of Windows itself – so this also applies to managed applications. In 2.0 Microsoft decided to change this for managed apps to what you would actually expect - by default the impersonation token is now copied to new threads. This can be modified with the System.Thread.ExecutionContext class. Mike Woodring has an excellent sample which make it easy to examine this.

ASP.NET async modules and pages are also dependent on this behavior. For ASP.NET Microsoft decided to stick with the 1.1 way to not break existing async code that relies on running under the process identity. You can easily verify this by outputting a WindowsIdentity.GetCurrent().Name in an async module or page. This will always show the process identity name regardless of impersonation settings.

You can control how execution flow is handled with a file called aspnet.config which has to reside in the framework configuration directory. This file does not exist by default and you have to create it with the following contents:

  < configuration >  
    < runtime >  
      < legacyUnhandledExceptionPolicy   enabled = " false " />  
      < SymbolReadingPolicy   enabled = " 1 " />  
      < legacyImpersonationPolicy   enabled = " false " />  
      < alwaysFlowImpersonationPolicy   enabled = " true " />  
    </ runtime >  
  < configuration >  

The important ones here are the two last settings. The first specifies if exceptions originating from background threads "bubble" up to the main thread. The 2nd settings is not documented at all

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • HELP! I’m an Object Factory!

    It has been a week since my last post, I’ve been coding on ePortal WYSIWYG ASP.N...

    张善友
  • 用schemaSpy制作数据库文档

    Schemaspy是一款Java开发的数据库文档生成工具,是开源的。生成的数据库文档非常的漂亮,实用。最近探索了两天终于会使用这个工具了。我接触到这个工具是在开...

    张善友
  • 服务器同时存在1.1和2.0程序注意事项

    Asp.net和asp.net2.0同时部署在服务器上:发生如下错误 Server Application Unavailable The web appli...

    张善友
  • 什么是python/django web程序员在三个月内应该学习的知识

    This is a collection of things I think any beginner web developer working on the...

    小小科
  • CoppeliaSim(V-Rep)和ROS2的使用说明

    版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

    zhangrelay
  • 在DataGrid中选择,确认,删除多行复选框列表

    在DataGrid中选择,确认,删除多行复选框列表 Selecting, Confirming & Deleting Mul...

    阿新
  • [Android][Framework] Android O SystemServer启动流程

    SystemServer通过ZygoteInit.java反射启动,首先会进入main方法,main会构造一个新的SystemServer,然后运行run()方...

    wOw
  • SVN:retrieval of mergeinfo unsupported by

    今天在使用TortoiseSVN合并代码时,遇到了获取mergeinfo不支持的问题,具体出错截图:

    Dylan Liu
  • Overview of Kotlin & Comparison Between Kotlin and Java

    Reading Time: 10 Minutes by Navdeep Singh Gill

    一个会写诗的程序员
  • 论文实践讨论 - Pyramid Scene Parsing Network

    for the training, the issues are mainly related to bn layer:

    AIHGF

扫码关注云+社区

领取腾讯云代金券