如何:执行命令性安全检查

对于命令性请求,可以调用 PrincipalPermission 对象的 Demand 方法来确定当前主体对象表示的是指定的身份、角色还是这两者。 假定有一个适当构造的 PrincipalPermission 对象(称为 MyPrincipalPermission),可使用以下代码调用命令式请求。

MyPrincipalPermission.Demand()
MyPrincipalPermission.Demand();

示例

下面的代码示例使用命令性检查来确保 GenericPrincipalPrincipalPermission 对象匹配。 当应用程序域中的许多方法或其他程序集必须做出基于角色的决定时,命令式检查是有用的。 尽管此示例极其简单,但它阐明了与基于角色的请求相关的行为。

Imports System
Imports System.Security.Permissions
Imports System.Security.Principal
Imports System.Security
Imports System.Threading
Imports System.Security.Cryptography

Public Class MainClass

    Public Overloads Shared Function Main() As Integer

        Console.WriteLine("Enter '1' to use the proper identity or " _
            & "any other character to use the improper identity.")

        If Console.ReadLine() = "1" Then
            ' Create a generic identity.
            Dim MyIdentity As New GenericIdentity("MyUser")

            ' Create a generic principal.
            Dim MyString As [String]() = {"Administrator", "User"}

            Dim MyPrincipal As New GenericPrincipal( _
                MyIdentity, MyString)

            Thread.CurrentPrincipal = MyPrincipal
        End If

        PrivateInfo()

        Return 0
    End Function

    Public Shared Sub PrivateInfo()
        Try
            ' Create a PrincipalPermission object.
            Dim MyPermission As New PrincipalPermission( _
                "MyUser", "Administrator")

            ' Demand this permission.
            MyPermission.Demand()

            ' Print secret data.
            Console.WriteLine(ControlChars.Cr & ControlChars.Cr & _
                "You have access to the private data!")
        Catch e As SecurityException
            Console.WriteLine(e.Message)
        End Try
    End Sub
End Class
using System;
using System.Security.Permissions;
using System.Security.Principal;
using System.Security;
using System.Threading;
using System.Security.Cryptography;

public class MainClass
{
    public static int Main(string[] args)
    {
        Console.WriteLine("Enter '1' to use the proper identity or " +
            "any other character to use the improper identity.");

        if(Console.ReadLine() == "1")
        {
            // Create a generic identity.
            GenericIdentity MyIdentity = new GenericIdentity("MyUser");

            // Create a generic principal.
            String[] MyString = {"Administrator", "User"};

            GenericPrincipal MyPrincipal = 
                new GenericPrincipal(MyIdentity, MyString);

            Thread.CurrentPrincipal = MyPrincipal;
        }

        PrivateInfo();
        return 0;
    }

    public static void PrivateInfo()
    {
        try
        {
            // Create a PrincipalPermission object.
            PrincipalPermission MyPermission = 
                new PrincipalPermission("MyUser", "Administrator");

            // Demand this permission.
            MyPermission.Demand();

            // Print secret data.
            Console.WriteLine(
                "\n\nYou have access to the private data!");
        }
        catch(SecurityException e) 
        {
            Console.WriteLine(e.Message);
        }
    }
}

如果用户键入 1,则将创建访问 PrivateInfo 方法所需的主体和标识对象。 如果用户键入任何其他字符,则不会创建主体和标识对象,并且在调用 PrivateInfo 方法时,会引发一个安全异常。 如果当前线程与一个名称为 MyUser、角色为 Administrator 的主体关联,则会出现下面的消息。

You have access to the private data!

请参见

参考

PrincipalPermission

概念

基于角色的安全检查