Reemplazar un objeto Principal
Las aplicaciones que proporcionan servicios de autenticación deben poder reemplazar el objeto Principal para un subproceso dado. Además, el sistema de seguridad debe ayudar a proteger la capacidad de reemplazar objetos Principal porque un objeto Principal incorrecto asociado de forma malintencionada pone en peligro la seguridad de la aplicación al reivindicar una identidad o un rol falsos. Por consiguiente, las aplicaciones que necesitan la posibilidad de reemplazar objetos Principal deben tener concedido el objeto System.Security.Permissions.SecurityPermission para el control de la entidad de seguridad. Observe que este permiso no se requiere para realizar comprobaciones de seguridad basada en funciones ni para crear objetos Principal.
El objeto Principal actual se puede reemplazar realizando las tareas siguientes:
Cree el objeto Principal de reemplazo y el objeto Identity asociado.
Adjunte el nuevo objeto Principal al contexto de llamada.
Ejemplo
En el ejemplo siguiente, se muestra cómo crear un objeto de entidad de seguridad genérico y cómo usarlo para establecer la entidad de seguridad de un subproceso.
Imports System
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal
Class SecurityPrincipalDemo
' Create a generic principal based on values from the current
' WindowsIdentity.
Private Shared Function GetGenericPrincipal() As GenericPrincipal
' Use values from the current WindowsIdentity to construct
' a set of GenericPrincipal roles.
Dim windowsIdentity As WindowsIdentity = windowsIdentity.GetCurrent()
Dim roles(9) As String
If windowsIdentity.IsAuthenticated Then
' Add custom NetworkUser role.
roles(0) = "NetworkUser"
End If
If windowsIdentity.IsGuest Then
' Add custom GuestUser role.
roles(1) = "GuestUser"
End If
If windowsIdentity.IsSystem Then
' Add custom SystemUser role.
roles(2) = "SystemUser"
End If
' Construct a GenericIdentity object based on the current Windows
' identity name and authentication type.
Dim authenticationType As String = windowsIdentity.AuthenticationType
Dim userName As String = windowsIdentity.Name
Dim genericIdentity As New GenericIdentity(userName, authenticationType)
' Construct a GenericPrincipal object based on the generic identity
' and custom roles for the user.
Dim genericPrincipal As New GenericPrincipal(genericIdentity, roles)
Return genericPrincipal
End Function 'GetGenericPrincipal
Public Shared Sub Main()
' Retrieve a GenericPrincipal that is based on the current user's
' WindowsIdentity.
Dim genericPrincipal As GenericPrincipal = GetGenericPrincipal()
' Retrieve the generic identity of the GenericPrincipal object.
Dim principalIdentity As GenericIdentity = CType(genericPrincipal.Identity, GenericIdentity)
' Display the identity name and authentication type.
If principalIdentity.IsAuthenticated Then
Console.WriteLine(principalIdentity.Name)
Console.WriteLine("Type:" + principalIdentity.AuthenticationType)
End If
' Verify that the generic principal has been assigned the
' NetworkUser role.
If genericPrincipal.IsInRole("NetworkUser") Then
Console.WriteLine("User belongs to the NetworkUser role.")
End If
Thread.CurrentPrincipal = genericPrincipal
End Sub 'Main
End Class 'SecurityPrincipalDemo
using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;
class SecurityPrincipalDemo
{
public static void Main()
{
// Retrieve a GenericPrincipal that is based on the current user's
// WindowsIdentity.
GenericPrincipal genericPrincipal = GetGenericPrincipal();
// Retrieve the generic identity of the GenericPrincipal object.
GenericIdentity principalIdentity =
(GenericIdentity)genericPrincipal.Identity;
// Display the identity name and authentication type.
if (principalIdentity.IsAuthenticated)
{
Console.WriteLine(principalIdentity.Name);
Console.WriteLine("Type:" + principalIdentity.AuthenticationType);
}
// Verify that the generic principal has been assigned the
// NetworkUser role.
if (genericPrincipal.IsInRole("NetworkUser"))
{
Console.WriteLine("User belongs to the NetworkUser role.");
}
Thread.CurrentPrincipal = genericPrincipal;
}
// Create a generic principal based on values from the current
// WindowsIdentity.
private static GenericPrincipal GetGenericPrincipal()
{
// Use values from the current WindowsIdentity to construct
// a set of GenericPrincipal roles.
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
string[] roles = new string[10];
if (windowsIdentity.IsAuthenticated)
{
// Add custom NetworkUser role.
roles[0] = "NetworkUser";
}
if (windowsIdentity.IsGuest)
{
// Add custom GuestUser role.
roles[1] = "GuestUser";
}
if (windowsIdentity.IsSystem)
{
// Add custom SystemUser role.
roles[2] = "SystemUser";
}
// Construct a GenericIdentity object based on the current Windows
// identity name and authentication type.
string authenticationType = windowsIdentity.AuthenticationType;
string userName = windowsIdentity.Name;
GenericIdentity genericIdentity =
new GenericIdentity(userName, authenticationType);
// Construct a GenericPrincipal object based on the generic identity
// and custom roles for the user.
GenericPrincipal genericPrincipal =
new GenericPrincipal(genericIdentity, roles);
return genericPrincipal;
}
}
Vea también
Referencia
System.Security.Permissions.SecurityPermission