【发布时间】:2013-06-13 14:05:21
【问题描述】:
我创建了一个 CLR 用户定义函数,用于使用 Google 地理编码查找某个位置的纬度和经度信息。函数如下:
using System;
using System.Net;
using System.Xml.XPath;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
public partial class latlong
{
[Microsoft.SqlServer.Server.SqlFunction]
public static SqlString GetLatLong(string address, string city, string state, string zip)
{
string latitude = "#NA", longitude = "#NA";
string url = "http://maps.googleapis.com/maps/api/geocode/xml?address=";
string[] addresssplit = Regex.Split(address, @"\W+");
if (address != "NULL")
for (int i = 0; i < addresssplit.Length; i++)
url = url + addresssplit[i] + "+";
if (city != "NULL")
{
if (state != "NULL")
{
if (zip != "NULL") url = url + city + "+" + state + "+" + zip;
else url = url + city + "+" + state;
}
else
{
if (zip!= "NULL") url = url + city + "+" + zip;
else url = url + city;
}
}
else
{
if (state != "NULL")
{
if (zip != "NULL") url = url + state + "+" + zip;
else url = url + state;
}
else
{
if (zip != "NULL") url = url + zip;
}
}
url = url + "&sensor=false";
WebResponse response = null;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "GET";
response = request.GetResponse();
if (response != null)
{
XPathDocument document = new XPathDocument(response.GetResponseStream());
XPathNavigator navigator = document.CreateNavigator();
XPathNodeIterator statusIterator = navigator.Select("/GeocodeResponse/status");
while (statusIterator.MoveNext())
if (statusIterator.Current.Value != "OK")
{
Thread.Sleep(1000);
return new SqlString("OQL, OQL");
}
XPathNodeIterator resultIterator = navigator.Select("/GeocodeResponse/result");
while (resultIterator.MoveNext())
{
XPathNodeIterator geometryIterator = resultIterator.Current.Select("geometry");
while (geometryIterator.MoveNext())
{
XPathNodeIterator locationIterator = geometryIterator.Current.Select("location");
while (locationIterator.MoveNext())
{
XPathNodeIterator latIterator = locationIterator.Current.Select("lat");
while (latIterator.MoveNext())
latitude = latIterator.Current.Value;
XPathNodeIterator longIterator = locationIterator.Current.Select("long");
while (longIterator.MoveNext())
longitude = longIterator.Current.Value;
}
}
}
}
Thread.Sleep(1000);
return new SqlString(latitude + ", " + longitude);
}
}
我已经成功构建并部署了该功能。于是我尝试在SQL server中执行如下函数:
SELECT dba.dbo.GetLatLong('3366 Cherry Avenue','Zion','WI','54963')
当我这样做时,会引发以下安全表达式
A .NET Framework error occurred during execution of user-defined routine or aggregate "GetLatLong":
System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
at System.Net.HttpRequestCreator.Create(Uri Uri)
at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
at latlong.GetLatLong(String address, String city, String state, String zip).
我可以看到安全权限有问题。但除此之外,我看不到修复异常的方法。
感谢任何帮助。
【问题讨论】:
-
这是什么应用?
-
我的意思是winforms、aspnet、winphone等
-
我知道做生意总是有原因的。不幸的是,我不得不问,将这个逻辑放入数据库是解决问题的最佳方法吗?我没有看到任何与数据访问相关的代码。我的第一个猜测是你之前有一个程序在数据库中查找它并且你正在保持兼容性,但它仍然看起来很奇怪。让数据库直接连接到互联网通常是安全的“不,不”。