Csharp/CSharp Tutorial/Security/Permissions
Содержание
- 1 A declarative role-based security demand for the current principal
- 2 A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
- 3 An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
- 4 An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
- 5 Create PrincipalPermission for Administrators
- 6 File IO Permission: SecurityAction.RequestRefuse, Write
- 7 Internet SecurityAction
- 8 Optional permission request for IsolatedStorageFilePermission
- 9 PrincipalPolicy.Intersect/Union
- 10 Refuse request for ReflectionPermission
- 11 Specify the certification file
- 12 Test if the current assembly has the specified permission
- 13 UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
A declarative role-based security demand for the current principal
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
[PrincipalPermission(SecurityAction.Demand, Name = @"MACHINE\Joe", Role = @"MACHINE\Managers")]
public static void MyMethod()
{
}
}</source>
A declarative role-based security demand for the current principal to be a member of the roles Managers OR Developers
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
[PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Managers")]
[PrincipalPermission(SecurityAction.Demand, Role = @"MACHINE\Developers")]
public static void MyMethod()
{
}
}</source>
An imperative role-based security demand for the current principal to represent an identity with the name Anya AND be a member of the Managers role
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod()
{
PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", @"MACHINE\Managers");
perm.Demand();
}
}</source>
An imperative role-based security demand for the current principal to represent an identity with the name Anya, the roles of the principal are irrelevant
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod()
{
PrincipalPermission perm = new PrincipalPermission(@"MACHINE\Joe", null);
perm.Demand();
}
}</source>
Create PrincipalPermission for Administrators
<source lang="csharp">using System; using System.Threading; using System.Security; using System.Security.Permissions; using System.Collections.Generic; using System.Text; using System.Collections;
class Program
{
static void Main(string[] args)
{
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
Thread.CurrentPrincipal = new System.Security.Principal.WindowsPrincipal(wi);
Console.WriteLine(wi.Name);
Console.WriteLine(Thread.CurrentPrincipal.Identity.Name);
PrincipalPermission pp = new PrincipalPermission(null, "Administrators", true);
pp.Demand();
PrincipalPermission pp2 = new PrincipalPermission(null, "Users", true);
pp.Union(pp2).Demand();
try
{
PrincipalPermission pp3 = new PrincipalPermission(null, "Club");
pp3.Demand();
}
catch (SecurityException e)
{
Console.WriteLine("You do not have access to the secret club.");
}
}
}</source>
File IO Permission: SecurityAction.RequestRefuse, Write
<source lang="csharp">using System.Security.Permissions; [assembly:FileIOPermission(SecurityAction.RequestRefuse, Write = @"C:\")] class MainClass{
public static void Main(){
}
}</source>
Internet SecurityAction
<source lang="csharp">using System.Security.Permissions; [assembly:PermissionSet(SecurityAction.RequestOptional, Name = "Internet")] class MainClass {
public static void Main(){
}
}</source>
Optional permission request for IsolatedStorageFilePermission
<source lang="csharp">using System; using System.Net; using System.Security.Permissions;
[assembly: IsolatedStorageFilePermission(SecurityAction.RequestOptional, Unrestricted = true)] class MainClass {
public static void Main()
{
}
}</source>
PrincipalPolicy.Intersect/Union
<source lang="csharp">using System; using System.Security.Permissions; class MainClass {
public static void MyMethod()
{
PrincipalPermission perm1 = new PrincipalPermission(null, @"MACHINE\Managers");
PrincipalPermission perm2 = new PrincipalPermission(null, @"MACHINE\Developers");
// Make the demand.
perm1.Union(perm2).Demand();
}
}</source>
Refuse request for ReflectionPermission
<source lang="csharp">using System; using System.Net; using System.Security.Permissions;
[assembly: ReflectionPermission(SecurityAction.RequestRefuse, Unrestricted = true)] class MainClass {
public static void Main()
{
FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");
fileIOPerm.Demand();
}
}</source>
Specify the certification file
<source lang="csharp">using System.Security.Permissions; [PublisherIdentityPermission(SecurityAction.InheritanceDemand, CertFile = "YourCertFile.cer")] public class MainClass {
[PermissionSet(SecurityAction.InheritanceDemand, Name="FullTrust")]
public void SomeProtectedMethod ()
{
}
}</source>
Test if the current assembly has the specified permission
<source lang="csharp">using System; using System.Security; using System.Security.Permissions; class MainClass {
public static void Main()
{
FileIOPermission fileIOPerm = new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");
Console.WriteLine(SecurityManager.IsGranted(fileIOPerm));
}
}</source>
True
UnmanagedCode element of SecurityPermission( controls the code�s ability to execute unmanaged code)
<source lang="csharp">using System; using System.Net; using System.Security.Permissions; [assembly:SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode = true)] class MainClass {
public static void Main()
{
}
}</source>
