SecurityAction 枚举
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
注意
Code Access Security is not supported or honored by the runtime.
指定可以使用声明性安全执行的安全操作。
public enum class SecurityAction[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public enum SecurityActionpublic enum SecurityAction[System.Serializable]
public enum SecurityAction[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public enum SecurityAction[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type SecurityAction = type SecurityAction = [<System.Serializable>]
type SecurityAction = [<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type SecurityAction = Public Enum SecurityAction- 继承
- 属性
字段
| Assert | 3 | 调用代码可以访问当前权限对象所标识的资源,即使尚未对堆栈中的高级调用方授予访问该资源的权限(请参阅使用断言方法)。 |
| Demand | 2 | 要求调用堆栈中的所有高级调用方已被授予当前权限对象所指定的权限。 |
| Deny | 4 | 即使调用方已被授予访问权限,也会拒绝其访问当前权限对象指定的资源的能力(参见使用 Deny 方法)。 |
| InheritanceDemand | 7 | 要求继承此类或重写某一方法的派生类已被授予了指定的权限。 |
| LinkDemand | 6 | 要求直接调用方已被授予指定的权限。 请勿在 .NET Framework 4 中使用 。 对于完全信任,请改用 SecurityCriticalAttribute;对于部分信任,请使用 Demand。 |
| PermitOnly | 5 | 仅可以访问此权限对象所指定的资源,即使代码已被授予访问其他资源的权限。 |
| RequestMinimum | 8 | 代码运行所需的最低权限请求。 此操作仅可以在程序集的作用域内使用。 |
| RequestOptional | 9 | 可选的其他权限请求(不要求运行)。 此请求隐式拒绝所有未明确请求的其他权限。 此操作仅可以在程序集的作用域内使用。 |
| RequestRefuse | 10 | 可能被误用的权限将不授予给调用代码的请求。 此操作仅可以在程序集的作用域内使用。 |
示例
此示例演示如何通知 CLR 调用的方法中的代码只有 IsolatedStoragePermission,还演示如何从独立存储中写入和读取。
using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::IO::IsolatedStorage;
using namespace System::IO;
static void WriteIsolatedStorage()
{
try
{
// Attempt to create a storage file that is isolated by
// user and assembly. IsolatedStorageFilePermission
// granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this
// statement.
Stream^ fileCreateStream = gcnew
IsolatedStorageFileStream(
"AssemblyData",
FileMode::Create,
IsolatedStorageFile::GetUserStoreForAssembly());
StreamWriter^ streamWriter = gcnew StreamWriter(
fileCreateStream);
try
{
// Write some data out to the isolated file.
streamWriter->Write("This is some test data.");
streamWriter->Close();
}
finally
{
delete fileCreateStream;
delete streamWriter;
}
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
try
{
Stream^ fileOpenStream =
gcnew IsolatedStorageFileStream(
"AssemblyData",
FileMode::Open,
IsolatedStorageFile::GetUserStoreForAssembly());
// Attempt to open the file that was previously created.
StreamReader^ streamReader = gcnew StreamReader(
fileOpenStream);
try
{
// Read the data from the file and display it.
Console::WriteLine(streamReader->ReadLine());
streamReader->Close();
}
finally
{
delete fileOpenStream;
delete streamReader;
}
}
catch (FileNotFoundException^ ex)
{
Console::WriteLine(ex->Message);
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
}
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction::PermitOnly, UsageAllowed = IsolatedStorageContainment::AssemblyIsolationByUser)]
int main()
{
WriteIsolatedStorage();
}
// This code produces the following output.
//
// This is some test data.
using System;
using System.Security.Permissions;
using System.IO.IsolatedStorage;
using System.IO;
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser)]
public sealed class App
{
static void Main()
{
WriteIsolatedStorage();
}
private static void WriteIsolatedStorage()
{
// Attempt to create a storage file that is isolated by user and assembly.
// IsolatedStorageFilePermission granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this statement.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Write some data out to the isolated file.
using (StreamWriter sw = new StreamWriter(s))
{
sw.Write("This is some test data.");
}
}
// Attempt to open the file that was previously created.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Read the data from the file and display it.
using (StreamReader sr = new StreamReader(s))
{
Console.WriteLine(sr.ReadLine());
}
}
}
}
// This code produces the following output.
//
// Some test data.
Option Strict On
Imports System.Security.Permissions
Imports System.IO.IsolatedStorage
Imports System.IO
' Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
' This restricts the called methods to working only with storage files that are isolated
' by user and assembly.
<IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed:=IsolatedStorageContainment.AssemblyIsolationByUser)> _
Public NotInheritable Class App
Shared Sub Main()
WriteIsolatedStorage()
End Sub
Shared Sub WriteIsolatedStorage()
' Attempt to create a storage file that is isolated by user and assembly.
' IsolatedStorageFilePermission granted to the attribute at the top of this file
' allows CLR to load this assembly and execution of this statement.
Dim s As New IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Write some data out to the isolated file.
Dim sw As New StreamWriter(s)
Try
sw.Write("This is some test data.")
Finally
sw.Dispose()
End Try
Finally
s.Dispose()
End Try
' Attempt to open the file that was previously created.
Dim t As New IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Read the data from the file and display it.
Dim sr As New StreamReader(t)
Try
Console.WriteLine(sr.ReadLine())
Finally
sr.Dispose()
End Try
Finally
t.Dispose()
End Try
End Sub
End Class
' This code produces the following output.
'
' Some test data.
注解
注意
代码访问安全性 (CAS) 已在所有版本的 .NET Framework 和 .NET 中弃用。 如果使用与 CAS 相关的 API,最新版本的 .NET 不会遵循 CAS 注释,并会生成错误。 开发人员应寻求用于完成安全任务的替代方法。
下表描述了每个安全操作的发生时间及其支持的目标。
重要
在 .NET Framework 4 中,为强制实施 Deny、RequestMinimum、RequestOptional 和 RequestRefuse 权限请求而删除了运行时支持。 不应在基于 .NET Framework 4 或更高版本的代码中使用这些请求。 有关此更改和其他更改的详细信息,请参阅 安全更改。
不应在 .NET Framework 4 中使用 LinkDemand 。 请改用 SecurityCriticalAttribute 来限制完全信任的应用程序的使用,或使用 Demand 来限制部分受信任的调用方。
| 安全操作声明 | 操作时间 | 支持的目标 |
|---|---|---|
LinkDemand (不使用 .NET Framework 4) |
实时编译 | 类、方法 |
InheritanceDemand |
加载时间 | 类、方法 |
Demand |
运行时 | 类、方法 |
Assert |
运行时 | 类、方法 |
Deny (.NET Framework 4) 中已过时 |
运行时 | 类、方法 |
PermitOnly |
运行时 | 类、方法 |
RequestMinimum (.NET Framework 4) 中已过时 |
授予时间 | 程序集 |
RequestOptional (.NET Framework 4) 中已过时 |
授予时间 | 程序集 |
RequestRefuse (.NET Framework 4) 中已过时 |
授予时间 | 程序集 |
有关属性目标的其他信息,请参阅 Attribute。
