Редагувати

Поділитися через


PolicyLevel.Resolve(Evidence) Method

Definition

Resolves policy based on evidence for the policy level, and returns the resulting PolicyStatement.

public:
 System::Security::Policy::PolicyStatement ^ Resolve(System::Security::Policy::Evidence ^ evidence);
public System.Security.Policy.PolicyStatement Resolve (System.Security.Policy.Evidence evidence);
member this.Resolve : System.Security.Policy.Evidence -> System.Security.Policy.PolicyStatement
Public Function Resolve (evidence As Evidence) As PolicyStatement

Parameters

evidence
Evidence

The Evidence used to resolve the PolicyLevel.

Returns

The resulting PolicyStatement.

Exceptions

The policy level contains multiple matching code groups marked as exclusive.

The evidence parameter is null.

Examples

The following code shows the use of the Resolve method. This code example is part of a larger example provided for the PolicyLevel class.

// Demonstrate the use of ResolvePolicy for the supplied evidence and a specified policy level.
void CheckEvidence( PolicyLevel^ pLevel, Evidence^ evidence )
{
   // Display the code groups to which the evidence belongs.
   Console::WriteLine( "\tResolvePolicy for the given evidence: " );
   IEnumerator^ codeGroup = evidence->GetEnumerator();
   while ( codeGroup->MoveNext() )
   {
      Console::WriteLine( "\t\t{0}", (dynamic_cast<CodeGroup^>(codeGroup->Current))->Name );
   }

   Console::WriteLine( "The current evidence belongs to the following root CodeGroup:" );

   // pLevel is the current PolicyLevel, evidence is the Evidence to be resolved.
   CodeGroup^ cg1 = pLevel->ResolveMatchingCodeGroups( evidence );
   Console::WriteLine( "{0} Level", pLevel->Label );
   Console::WriteLine( "\tRoot CodeGroup = {0}", cg1->Name );

   // Show how Resolve is used to determine the set of permissions that 
   // the security system grants to code, based on the evidence.
   // Show the granted permissions. 
   Console::WriteLine( "\nCurrent permissions granted:" );
   PolicyStatement^ pState = pLevel->Resolve( evidence );
   Console::WriteLine( pState->ToXml() );
   return;
}
// Demonstrate the use of ResolvePolicy for the supplied evidence and a specified policy level.
private static void CheckEvidence(PolicyLevel pLevel, Evidence evidence)
{
    // Display the code groups to which the evidence belongs.
    Console.WriteLine("\tResolvePolicy for the given evidence: ");
    IEnumerator codeGroup = evidence.GetEnumerator();
    while (codeGroup.MoveNext())
    {
        Console.WriteLine("\t\t" + ((CodeGroup)codeGroup.Current).Name);
    }
    Console.WriteLine("The current evidence belongs to the following root CodeGroup:");
    // pLevel is the current PolicyLevel, evidence is the Evidence to be resolved.
    CodeGroup cg1 = pLevel.ResolveMatchingCodeGroups(evidence);
    Console.WriteLine(pLevel.Label + " Level");
    Console.WriteLine("\tRoot CodeGroup = " + cg1.Name);

    // Show how Resolve is used to determine the set of permissions that 
    // the security system grants to code, based on the evidence.

    // Show the granted permissions. 
    Console.WriteLine("\nCurrent permissions granted:");
    PolicyStatement pState = pLevel.Resolve(evidence);
    Console.WriteLine(pState.ToXml().ToString());

    return;
}
' Demonstrate the use of ResolvePolicy for the supplied evidence and a specified policy level.
Private Overloads Shared Sub CheckEvidence(ByVal pLevel As PolicyLevel, ByVal evidence As Evidence)
    ' Display the code groups to which the evidence belongs.
    Console.WriteLine(ControlChars.Tab + "ResolvePolicy for the given evidence: ")
    Dim codeGroup As IEnumerator = evidence.GetEnumerator()
    While codeGroup.MoveNext()
        Console.WriteLine((ControlChars.Tab + ControlChars.Tab + CType(codeGroup.Current, CodeGroup).Name))
    End While
    Console.WriteLine("The current evidence belongs to the following root CodeGroup:")
    ' pLevel is the current PolicyLevel, evidence is the Evidence to be resolved.
    Dim cg1 As CodeGroup = pLevel.ResolveMatchingCodeGroups(evidence)
    Console.WriteLine((pLevel.Label + " Level"))
    Console.WriteLine((ControlChars.Tab + "Root CodeGroup = " + cg1.Name))

    ' Show how Resolve is used to determine the set of permissions that 
    ' the security system grants to code, based on the evidence.
    ' Show the granted permissions. 
    Console.WriteLine(ControlChars.Lf + "Current permissions granted:")
    Dim pState As PolicyStatement = pLevel.Resolve(evidence)
    Console.WriteLine(pState.ToXml().ToString())

    Return
End Sub

Remarks

Resolve is the basic policy evaluation operation for policy levels. Given a set of evidence as input, this method tests membership conditions of code groups starting at the root and working down as matched. The combination of permissions resulting from the matching code groups produces a PolicyStatement that is returned.

In granting permissions to code, security policy uses the resolved policy statements for all applicable policy levels, together with the code request for permissions.

Applies to