浠婂ぉ璁ょ湡鐨勭湅浜嗕竴涓?.1鍜?.0鐗堟湰鐨凙spnet.config,鍙戠幇闈炲父鐨勪笉鍚?涔熻鏄痑sp.net 2.0姣?.1鐨勪慨鏀归潪甯稿ぇ銆傚湪MSDN涓婁篃鎵句笉鍒扮浉鍏崇殑鏂囨。, 濂戒笉瀹规槗鎵惧埌涓绡囨枃绔?
What is aspnet.config
鍐呭闄勫悗锛屽悇浣嶅杩欎釜鏂囦欢鏈夌爺绌剁殑鍏勫紵甯府蹇?
File under: important but hard to find info. Found bits of this in Stefan Schackow excellent book and added some context.
You may know when you are impersonating and you spawn a new thread, the impersonation token will not be copied to this new thread automatically, but the process token will be used. This can lead to subtle security holes, e.g. when your process is running as LOCAL SYSTEM (never do that!!) and is impersonating a least privilege account (e.g. a client) and you spawn a new thread, this new thread will run as LOCAL SYSTEM. This can also happen if you call a STA COM component (e.g. VB6) and a thread switch occurs.
This is the behavior of Windows itself 鈥?so this also applies to managed applications. In 2.0 Microsoft decided to change this for managed apps to what you would actually expect - by default the impersonation token is now copied to new threads. This can be modified with the System.Thread.ExecutionContext class. Mike Woodring has an excellent sample which聽make it聽easy to聽examine this.
ASP.NET async modules and pages are also dependent on this behavior. For ASP.NET Microsoft decided to stick with the 1.1 way to not break existing async code that relies on running under the process identity. You can easily verify this by outputting a WindowsIdentity.GetCurrent().Name in an async module or page. This will always show the process identity name regardless of impersonation settings.
You can control how execution flow is handled with a file called aspnet.config which has to reside in the framework configuration directory. This file does not exist by default and you have to create it with the following contents:
<
configuration
>
聽 <
runtime
>
聽聽聽聽聽聽
聽聽聽聽聽聽 <
legacyUnhandledExceptionPolicy
enabled
=
"
false
"
/>
聽聽聽聽聽聽
聽聽聽聽聽聽 <
SymbolReadingPolicy
enabled
=
"
1
"
/>
聽
聽聽聽聽聽聽
聽聽聽聽聽聽 <
legacyImpersonationPolicy
enabled
=
"
false
"
/>
聽聽聽聽聽聽
聽聽聽聽聽聽 <
alwaysFlowImpersonationPolicy
enabled
=
"
true
"
/>
聽 </
runtime
>
<
configuration
>
The important ones here are the two last settings. The first specifies if exceptions originating from聽background threads "bubble" up to the main thread. The 2nd settings is not documented at all
聽
|