Csharp/CSharp Tutorial/Security/Permissions
Версия от 15:31, 26 мая 2010; (обсуждение)
Содержание
- 1 A declarative role-based security demand for the current principal
- 2 A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
- 3 An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
- 4 An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
- 5 Create PrincipalPermission for Administrators
- 6 File IO Permission: SecurityAction.RequestRefuse, Write
- 7 Internet SecurityAction
- 8 Optional permission request for IsolatedStorageFilePermission
- 9 PrincipalPolicy.Intersect/Union
- 10 Refuse request for ReflectionPermission
- 11 Specify the certification file
- 12 Test if the current assembly has the specified permission
- 13 UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
A declarative role-based security demand for the current principal
using System;
using System.Security.Permissions;
class MainClass
{
[PrincipalPermission(SecurityAction.Demand, Name = @"MACHINE\Joe", Role = @"MACHINE\Managers")]
public static void MyMethod()
{
}
}
A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
using System;
using System.Security.Permissions;
class MainClass
{
[PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Managers")]
[PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Developers")]
public static void MyMethod()
{
}
}
An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
using System;
using System.Security.Permissions;
class MainClass
{
public static void MyMethod()
{
PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", @"MACHINE\Managers");
perm.Demand();
}
}
An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
using System;
using System.Security.Permissions;
class MainClass
{
public static void MyMethod()
{
PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", null);
perm.Demand();
}
}
Create PrincipalPermission for Administrators
using System;
using System.Threading;
using System.Security;
using System.Security.Permissions;
using System.Collections.Generic;
using System.Text;
using System.Collections;
class Program
{
static void Main(string[] args)
{
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
Thread.CurrentPrincipal = new System.Security.Principal.WindowsPrincipal(wi);
Console.WriteLine(wi.Name);
Console.WriteLine(Thread.CurrentPrincipal.Identity.Name);
PrincipalPermission pp = new PrincipalPermission(null, "Administrators", true);
pp.Demand();
PrincipalPermission pp2 = new PrincipalPermission(null, "Users", true);
pp.Union(pp2).Demand();
try
{
PrincipalPermission pp3 = new PrincipalPermission(null, "Club");
pp3.Demand();
}
catch (SecurityException e)
{
Console.WriteLine("You do not have access to the secret club.");
}
}
}
File IO Permission: SecurityAction.RequestRefuse, Write
using System.Security.Permissions;
[assembly:FileIOPermission(SecurityAction.RequestRefuse, Write = @"C:\")]
class MainClass{
public static void Main(){
}
}
Internet SecurityAction
using System.Security.Permissions;
[assembly:PermissionSet(SecurityAction.RequestOptional, Name = "Internet")]
class MainClass
{
public static void Main(){
}
}
Optional permission request for IsolatedStorageFilePermission
using System;
using System.Net;
using System.Security.Permissions;
[assembly: IsolatedStorageFilePermission(SecurityAction.RequestOptional, Unrestricted = true)]
class MainClass
{
public static void Main()
{
}
}
PrincipalPolicy.Intersect/Union
using System;
using System.Security.Permissions;
class MainClass
{
public static void MyMethod()
{
PrincipalPermission perm1 = new PrincipalPermission(null, @"MACHINE\Managers");
PrincipalPermission perm2 = new PrincipalPermission(null, @"MACHINE\Developers");
// Make the demand.
perm1.Union(perm2).Demand();
}
}
Refuse request for ReflectionPermission
using System;
using System.Net;
using System.Security.Permissions;
[assembly: ReflectionPermission(SecurityAction.RequestRefuse, Unrestricted = true)]
class MainClass
{
public static void Main()
{
FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");
fileIOPerm.Demand();
}
}
Specify the certification file
using System.Security.Permissions;
[PublisherIdentityPermission(SecurityAction.InheritanceDemand, CertFile = "YourCertFile.cer")]
public class MainClass
{
[PermissionSet(SecurityAction.InheritanceDemand, Name="FullTrust")]
public void SomeProtectedMethod ()
{
}
}
Test if the current assembly has the specified permission
using System;
using System.Security;
using System.Security.Permissions;
class MainClass
{
public static void Main()
{
FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");
Console.WriteLine(SecurityManager.IsGranted(fileIOPerm));
}
}
True
UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
using System;
using System.Net;
using System.Security.Permissions;
[assembly:SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode = true)]
class MainClass
{
public static void Main()
{
}
}