ASP.net 在 Internet 信息服务中配置时网站无法正常工作
ASP.net website is not working properly while configuring in Internet Information Services
我在 ASP.net 中创建了小网页,前端使用 c#,后端使用 oracle 11g。网页在我的本地电脑上 运行 以及 windows 服务器 2008 r/2 在 visual studio 2010 中成功。因此,我在服务器 2008 的 IIS 中配置了相同的网页 r/2 当我尝试 "Browse" 通过 IIS 页面访问同一页面时 运行 但是当我单击任何显示错误的按钮时页面有 3 个按钮。
服务器和我的电脑都在同一个 network.Thus,当我浏览同一个网页时,从我的电脑上,它是 运行 但是当我点击按钮时得到与 IIS 中相同的错误
综上所述,简单的静态页面在 IIS 和本地 pc 中 运行 成功,但是动态页面意味着如果任何事件(按钮单击)包含数据库连接都会出错。
附加信息 - Windows 服务器 2008 r/2 - 64 位
基于 .NET Framework 4 构建的网页
VS 2010 - 配置属性 - 调试 - 任何 PC - 构建已检查
我的代码:-
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OracleClient;
using System.Data;
public partial class Delivery_Delete : System.Web.UI.Page
{
DataSet ds = new DataSet();
OracleConnection con = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True");
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click1(object sender, EventArgs e)
{
con.Open();
OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
GridView1.DataSource = ds;
GridView1.DataBind();
GridView1.Visible = true;
con.Close();
}
}
protected void Button2_Click(object sender, EventArgs e)
{
con.Open();
OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "' ", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
OracleConnection con1 = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True");
con1.Open();
OracleDataAdapter a1 = new OracleDataAdapter("SELECT DATA_STS FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' AND DATA_STS = 0", con1);
if (ds.Tables[0].Rows[0].ItemArray[0] == "0")
{
OracleCommand cmd = con1.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE WI_TO SET ORD_STS = 'D' WHERE TO_NO = '" + TextBox1.Text + "' ";
cmd.ExecuteNonQuery();
string display = "Delivery has been removed from ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
string display = "Please cancel MPN first...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
con.Close();
}
}
}
protected void Button3_Click(object sender, EventArgs e)
{
OracleDataAdapter a = new OracleDataAdapter("SELECT ORD_STS FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows[0].ItemArray[0].ToString() == "D")
{
con.Open();
OracleCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE WI_TO SET ORD_STS = 'C' WHERE TO_NO = '" + TextBox1.Text + "' ";
cmd.ExecuteNonQuery();
string display = "Delivery has been successfully inserted in ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
con.Close();
}
else
{
string display = "Delivery in ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
}
}
错误:-
试图加载格式不正确的程序。 (HRESULT 异常:0x8007000B)
问题描述:当前网络请求执行过程中出现未处理的异常。请查看堆栈跟踪以获取有关错误及其在代码中的来源的更多信息。
异常详细信息:System.BadImageFormatException:尝试加载格式不正确的程序。 (HRESULT 异常:0x8007000B)
来源错误:
第 22 行:DataSet ds = new DataSet();
第 23 行:OracleConnection con = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True");
第 24 行:con.Open();
第 25 行:OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
第 26 行:a.Fill(ds);
源文件:e:\Portal_Final\Delivery Delete.aspx.cs 行:24
堆栈跟踪:
[BadImageFormatException: 试图加载带有
的程序
格式不正确。 (HRESULT 异常:0x8007000B)]
System.Data.Common.UnsafeNativeMethods.OCILobCopy2(IntPtr svchp, IntPtr errhp, IntPtr dst_locp, IntPtr src_locp, UInt64 数量, UInt64 dst_offset, UInt64 src_offset) +0
System.Data.OracleClient.OCI.DetermineClientVersion() +284
[InvalidOperationException:尝试加载 Oracle 客户端库引发了 BadImageFormatException。在安装了 32 位 Oracle 客户端组件的 64 位模式下 运行 时会出现此问题。]
System.Data.OracleClient.OCI.DetermineClientVersion() +1058
System.Data.OracleClient.OracleInternalConnection.OpenOnLocalTransaction(String userName, String password, String serverName, Boolean integratedSecurity, Boolean unicode, Boolean omitOracleConnectionName) +70
System.Data.OracleClient.OracleInternalConnection..ctor(OracleConnectionString connectionOptions) +136
System.Data.OracleClient.OracleConnectionFactory.CreateConnection(DbConnectionOptions 选项,对象 poolGroupProviderInfo,DbConnectionPool 池,DbConnection owningObject)+58
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection、DbConnectionPool 池、DbConnectionOptions 选项)+49
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +984
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +91
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +1908
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +85
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +270
System.Data.OracleClient.OracleConnection.Open() +48
Delivery_Delete.Button1_Click1(Object sender, EventArgs e) in e:\Portal_Final\Delivery Delete.aspx.cs:24
System.Web.UI.WebControls.Button.RaisePostBackEvent(字符串事件参数)+154
System.Web.UI.Page.ProcessRequestMain(布尔 includeStagesBeforeAsyncPoint,布尔 includeStagesAfterAsyncPoint)+3394
我个人没有使用过 Oracle 数据库,但从您的堆栈跟踪中我看到以下错误:
Attempt to load Oracle client libraries threw BadImageFormatException. This problem will occur when running in 64 bit mode with the 32 bit Oracle client components installed.
在这里查看类似的问题:BadImageFormatException. This will occur when running in 64 bit mode with the 32 bit Oracle client components installed
这与您的原始问题无关,我不是安全分析师,但您的代码有几个 SQL 注入攻击的警告标志,如果这是针对生产站点的确保在查询中使用来自客户端的任何数据之前对其进行清理。
恶意用户可以使用以下代码在您的数据库中执行几乎所有操作:
new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
如果用户在 TextBox1 中输入以下文本
'; SELECT * FROM WI_TO --
查询结果为:
SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = ''; SELECT * FROM WI_TO --' OR TRUCK_NO = ''; SELECT * FROM WI_TO --'
select 语句在这种情况下可能相对无害,但想象一下,如果它是删除,它可能是删除数据库中任何表中的任何数据的语句。
下面是几个链接,可以了解有关此类攻击的更多信息。
我在 ASP.net 中创建了小网页,前端使用 c#,后端使用 oracle 11g。网页在我的本地电脑上 运行 以及 windows 服务器 2008 r/2 在 visual studio 2010 中成功。因此,我在服务器 2008 的 IIS 中配置了相同的网页 r/2 当我尝试 "Browse" 通过 IIS 页面访问同一页面时 运行 但是当我单击任何显示错误的按钮时页面有 3 个按钮。 服务器和我的电脑都在同一个 network.Thus,当我浏览同一个网页时,从我的电脑上,它是 运行 但是当我点击按钮时得到与 IIS 中相同的错误
综上所述,简单的静态页面在 IIS 和本地 pc 中 运行 成功,但是动态页面意味着如果任何事件(按钮单击)包含数据库连接都会出错。
附加信息 - Windows 服务器 2008 r/2 - 64 位 基于 .NET Framework 4 构建的网页 VS 2010 - 配置属性 - 调试 - 任何 PC - 构建已检查
我的代码:-
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OracleClient;
using System.Data;
public partial class Delivery_Delete : System.Web.UI.Page
{
DataSet ds = new DataSet();
OracleConnection con = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True");
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click1(object sender, EventArgs e)
{
con.Open();
OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
GridView1.DataSource = ds;
GridView1.DataBind();
GridView1.Visible = true;
con.Close();
}
}
protected void Button2_Click(object sender, EventArgs e)
{
con.Open();
OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "' ", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
OracleConnection con1 = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True");
con1.Open();
OracleDataAdapter a1 = new OracleDataAdapter("SELECT DATA_STS FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' AND DATA_STS = 0", con1);
if (ds.Tables[0].Rows[0].ItemArray[0] == "0")
{
OracleCommand cmd = con1.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE WI_TO SET ORD_STS = 'D' WHERE TO_NO = '" + TextBox1.Text + "' ";
cmd.ExecuteNonQuery();
string display = "Delivery has been removed from ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else
{
string display = "Please cancel MPN first...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
con.Close();
}
}
}
protected void Button3_Click(object sender, EventArgs e)
{
OracleDataAdapter a = new OracleDataAdapter("SELECT ORD_STS FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
a.Fill(ds);
if (String.IsNullOrEmpty(TextBox1.Text))
{
string display = "Please enter report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows.Count == 0)
{
string display = "Please check report no. or truck no...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
else if (ds.Tables[0].Rows[0].ItemArray[0].ToString() == "D")
{
con.Open();
OracleCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE WI_TO SET ORD_STS = 'C' WHERE TO_NO = '" + TextBox1.Text + "' ";
cmd.ExecuteNonQuery();
string display = "Delivery has been successfully inserted in ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
con.Close();
}
else
{
string display = "Delivery in ASRS...!!!";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + display + "');", true);
}
}
}
错误:- 试图加载格式不正确的程序。 (HRESULT 异常:0x8007000B)
问题描述:当前网络请求执行过程中出现未处理的异常。请查看堆栈跟踪以获取有关错误及其在代码中的来源的更多信息。
异常详细信息:System.BadImageFormatException:尝试加载格式不正确的程序。 (HRESULT 异常:0x8007000B)
来源错误:
第 22 行:DataSet ds = new DataSet(); 第 23 行:OracleConnection con = new OracleConnection("Data Source=10.31.41.103/ORCL;User ID=RL_PET;Password=RL_PET;Unicode=True"); 第 24 行:con.Open(); 第 25 行:OracleDataAdapter a = new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con); 第 26 行:a.Fill(ds);
源文件:e:\Portal_Final\Delivery Delete.aspx.cs 行:24
堆栈跟踪:
[BadImageFormatException: 试图加载带有
的程序
格式不正确。 (HRESULT 异常:0x8007000B)]
System.Data.Common.UnsafeNativeMethods.OCILobCopy2(IntPtr svchp, IntPtr errhp, IntPtr dst_locp, IntPtr src_locp, UInt64 数量, UInt64 dst_offset, UInt64 src_offset) +0
System.Data.OracleClient.OCI.DetermineClientVersion() +284
[InvalidOperationException:尝试加载 Oracle 客户端库引发了 BadImageFormatException。在安装了 32 位 Oracle 客户端组件的 64 位模式下 运行 时会出现此问题。]
System.Data.OracleClient.OCI.DetermineClientVersion() +1058
System.Data.OracleClient.OracleInternalConnection.OpenOnLocalTransaction(String userName, String password, String serverName, Boolean integratedSecurity, Boolean unicode, Boolean omitOracleConnectionName) +70
System.Data.OracleClient.OracleInternalConnection..ctor(OracleConnectionString connectionOptions) +136
System.Data.OracleClient.OracleConnectionFactory.CreateConnection(DbConnectionOptions 选项,对象 poolGroupProviderInfo,DbConnectionPool 池,DbConnection owningObject)+58
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection、DbConnectionPool 池、DbConnectionOptions 选项)+49
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +984
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +91
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +1908
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +85
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +270
System.Data.OracleClient.OracleConnection.Open() +48
Delivery_Delete.Button1_Click1(Object sender, EventArgs e) in e:\Portal_Final\Delivery Delete.aspx.cs:24
System.Web.UI.WebControls.Button.RaisePostBackEvent(字符串事件参数)+154
System.Web.UI.Page.ProcessRequestMain(布尔 includeStagesBeforeAsyncPoint,布尔 includeStagesAfterAsyncPoint)+3394
我个人没有使用过 Oracle 数据库,但从您的堆栈跟踪中我看到以下错误:
Attempt to load Oracle client libraries threw BadImageFormatException. This problem will occur when running in 64 bit mode with the 32 bit Oracle client components installed.
在这里查看类似的问题:BadImageFormatException. This will occur when running in 64 bit mode with the 32 bit Oracle client components installed
这与您的原始问题无关,我不是安全分析师,但您的代码有几个 SQL 注入攻击的警告标志,如果这是针对生产站点的确保在查询中使用来自客户端的任何数据之前对其进行清理。
恶意用户可以使用以下代码在您的数据库中执行几乎所有操作:
new OracleDataAdapter("SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = '" + TextBox1.Text + "' OR TRUCK_NO = '" + TextBox1.Text + "'", con);
如果用户在 TextBox1 中输入以下文本
'; SELECT * FROM WI_TO --
查询结果为:
SELECT TO_NO, MERGE, TRUCK_NO, CUST_NM, QTY, PLANT_CD, DATA_STS, ORD_STS, MPNSEQ_NO, DEL_NO FROM WI_TO WHERE TO_NO = ''; SELECT * FROM WI_TO --' OR TRUCK_NO = ''; SELECT * FROM WI_TO --'
select 语句在这种情况下可能相对无害,但想象一下,如果它是删除,它可能是删除数据库中任何表中的任何数据的语句。
下面是几个链接,可以了解有关此类攻击的更多信息。