Csharp/CSharp Tutorial/Security/Permissions — различия между версиями
Admin (обсуждение | вклад) м (1 версия) |
Admin (обсуждение | вклад) м (1 версия) |
(нет различий)
|
Текущая версия на 15:17, 26 мая 2010
Содержание
- 1 A declarative role-based security demand for the current principal
- 2 A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
- 3 An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
- 4 An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
- 5 Create PrincipalPermission for Administrators
- 6 File IO Permission: SecurityAction.RequestRefuse, Write
- 7 Internet SecurityAction
- 8 Optional permission request for IsolatedStorageFilePermission
- 9 PrincipalPolicy.Intersect/Union
- 10 Refuse request for ReflectionPermission
- 11 Specify the certification file
- 12 Test if the current assembly has the specified permission
- 13 UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
A declarative role-based security demand for the current principal
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
[PrincipalPermission(SecurityAction.Demand, Name = @"MACHINE\Joe", Role = @"MACHINE\Managers")] public static void MyMethod() { }
}</source>
A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
[PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Managers")] [PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Developers")] public static void MyMethod() { }
}</source>
An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod() { PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", @"MACHINE\Managers"); perm.Demand(); }
}</source>
An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod() { PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", null); perm.Demand(); }
}</source>
Create PrincipalPermission for Administrators
<source lang="csharp">using System; using System.Threading; using System.Security; using System.Security.Permissions; using System.Collections.Generic; using System.Text; using System.Collections;
class Program { static void Main(string[] args) { System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent(); Thread.CurrentPrincipal = new System.Security.Principal.WindowsPrincipal(wi); Console.WriteLine(wi.Name); Console.WriteLine(Thread.CurrentPrincipal.Identity.Name); PrincipalPermission pp = new PrincipalPermission(null, "Administrators", true); pp.Demand(); PrincipalPermission pp2 = new PrincipalPermission(null, "Users", true); pp.Union(pp2).Demand(); try { PrincipalPermission pp3 = new PrincipalPermission(null, "Club"); pp3.Demand(); } catch (SecurityException e) { Console.WriteLine("You do not have access to the secret club."); } } }</source>
File IO Permission: SecurityAction.RequestRefuse, Write
<source lang="csharp">using System.Security.Permissions; [assembly:FileIOPermission(SecurityAction.RequestRefuse, Write = @"C:\")] class MainClass{
public static void Main(){ }
}</source>
Internet SecurityAction
<source lang="csharp">using System.Security.Permissions; [assembly:PermissionSet(SecurityAction.RequestOptional, Name = "Internet")] class MainClass {
public static void Main(){ }
}</source>
Optional permission request for IsolatedStorageFilePermission
<source lang="csharp">using System; using System.Net; using System.Security.Permissions;
[assembly: IsolatedStorageFilePermission(SecurityAction.RequestOptional, Unrestricted = true)] class MainClass {
public static void Main() { }
}</source>
PrincipalPolicy.Intersect/Union
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod() { PrincipalPermission perm1 = new PrincipalPermission(null, @"MACHINE\Managers"); PrincipalPermission perm2 = new PrincipalPermission(null, @"MACHINE\Developers"); // Make the demand. perm1.Union(perm2).Demand(); }
}</source>
Refuse request for ReflectionPermission
<source lang="csharp">using System; using System.Net; using System.Security.Permissions;
[assembly: ReflectionPermission(SecurityAction.RequestRefuse, Unrestricted = true)] class MainClass {
public static void Main() { FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data"); fileIOPerm.Demand(); }
}</source>
Specify the certification file
<source lang="csharp">using System.Security.Permissions; [PublisherIdentityPermission(SecurityAction.InheritanceDemand, CertFile = "YourCertFile.cer")] public class MainClass {
[PermissionSet(SecurityAction.InheritanceDemand, Name="FullTrust")] public void SomeProtectedMethod () { }
}</source>
Test if the current assembly has the specified permission
<source lang="csharp">using System; using System.Security; using System.Security.Permissions; class MainClass {
public static void Main() { FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data"); Console.WriteLine(SecurityManager.IsGranted(fileIOPerm)); }
}</source>
True
UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
<source lang="csharp">using System; using System.Net; using System.Security.Permissions; [assembly:SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode = true)] class MainClass {
public static void Main() { }
}</source>