FirstMatchCodeGroup 類別
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
警告
This type is obsolete. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.
警告
This type is obsolete. See https://go.microsoft.com/fwlink/?LinkID=155570 for more information.
警告
Code Access Security is not supported or honored by the runtime.
警告
This type is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.
允許由程式碼群組和第一個相符子程式碼群組的原則陳述式聯合定義安全性原則。 此類別無法獲得繼承。
public ref class FirstMatchCodeGroup sealed : System::Security::Policy::CodeGroupC#
[System.Obsolete("This type is obsolete. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroupC#
[System.Obsolete("This type is obsolete. See https://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroupC#
[System.Obsolete("Code Access Security is not supported or honored by the runtime.")]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroupC#
[System.Serializable]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroupC#
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroupC#
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
[System.Obsolete("This type is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
public sealed class FirstMatchCodeGroup : System.Security.Policy.CodeGroup[<System.Obsolete("This type is obsolete. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")>]
type FirstMatchCodeGroup = class
inherit CodeGroup[<System.Obsolete("This type is obsolete. See https://go.microsoft.com/fwlink/?LinkID=155570 for more information.")>]
type FirstMatchCodeGroup = class
inherit CodeGroup[<System.Obsolete("Code Access Security is not supported or honored by the runtime.")>]
type FirstMatchCodeGroup = class
inherit CodeGroup[<System.Serializable>]
type FirstMatchCodeGroup = class
inherit CodeGroup[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type FirstMatchCodeGroup = class
inherit CodeGroup[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
[<System.Obsolete("This type is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")>]
type FirstMatchCodeGroup = class
inherit CodeGroupPublic NotInheritable Class FirstMatchCodeGroup
Inherits CodeGroup- 繼承
- 屬性
下列範例顯示 類別成員的使用 FirstMatchCodeGroup 。
using namespace System;
using namespace System::Security;
using namespace System::Security::Policy;
using namespace System::Security::Permissions;
using namespace System::Reflection;
ref class Members
{
public:
[STAThread]
static void Main()
{
// Create a new FirstMatchCodeGroup.
FirstMatchCodeGroup^ codeGroup = constructDefaultGroup();
// Create a deep copy of the FirstMatchCodeGroup.
FirstMatchCodeGroup^ copyCodeGroup =
dynamic_cast<FirstMatchCodeGroup^>(codeGroup->Copy());
// Compare the original code group with the copy.
CompareTwoCodeGroups( codeGroup, copyCodeGroup );
addPolicy( &codeGroup );
addXmlMember( &codeGroup );
updateMembershipCondition( &codeGroup );
addChildCodeGroup( &codeGroup );
Console::Write( L"Comparing the resolved code group " );
Console::WriteLine( L"with the initial code group." );
FirstMatchCodeGroup^ resolvedCodeGroup =
ResolveGroupToEvidence( codeGroup );
if ( CompareTwoCodeGroups( codeGroup, resolvedCodeGroup ) )
{
PrintCodeGroup( resolvedCodeGroup );
}
else
{
PrintCodeGroup( codeGroup );
}
Console::WriteLine( L"This sample completed successfully; "
L"press Enter to exit." );
Console::ReadLine();
}
private:
// Create a FirstMatchCodeGroup with an exclusive policy and membership
// condition.
static FirstMatchCodeGroup^ constructDefaultGroup()
{
// Construct a new FirstMatchCodeGroup with Read, Write, Append
// and PathDiscovery access.
// Create read access permission to the root directory on drive C.
FileIOPermission^ rootFilePermissions =
gcnew FileIOPermission( PermissionState::None );
rootFilePermissions->AllLocalFiles = FileIOPermissionAccess::Read;
rootFilePermissions->SetPathList( FileIOPermissionAccess::Read, L"C:\\" );
// Add a permission to a named permission set.
NamedPermissionSet^ namedPermissions =
gcnew NamedPermissionSet( L"RootPermissions" );
namedPermissions->AddPermission( rootFilePermissions );
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement^ policy = gcnew PolicyStatement(
namedPermissions,PolicyStatementAttribute::Exclusive );
// Create a FirstMatchCodeGroup with a membership condition that
// matches all code, and an exclusive policy.
FirstMatchCodeGroup^ codeGroup = gcnew FirstMatchCodeGroup(
gcnew AllMembershipCondition,policy );
// Set the name of the first match code group.
codeGroup->Name = L"TempCodeGroup";
// Set the description of the first match code group.
codeGroup->Description = L"Temp folder permissions group";
return codeGroup;
}
// Add file permission to restrict write access to all files
// on the local machine.
static void addPolicy( interior_ptr<FirstMatchCodeGroup^> codeGroup )
{
// Set the PolicyStatement property to a policy with read access to
// the root directory on drive C.
FileIOPermission^ rootFilePermissions =
gcnew FileIOPermission( PermissionState::None );
rootFilePermissions->AllLocalFiles = FileIOPermissionAccess::Read;
rootFilePermissions->SetPathList( FileIOPermissionAccess::Read, L"C:\\" );
NamedPermissionSet^ namedPermissions =
gcnew NamedPermissionSet( L"RootPermissions" );
namedPermissions->AddPermission( rootFilePermissions );
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement^ policy = gcnew PolicyStatement(
namedPermissions,PolicyStatementAttribute::Exclusive );
( *codeGroup )->PolicyStatement = policy;
}
// Set the membership condition of the code group.
static void updateMembershipCondition(
interior_ptr<FirstMatchCodeGroup^> codeGroup )
{
// Set the membership condition of the specified FirstMatchCodeGroup
// to the Intranet zone.
ZoneMembershipCondition^ zoneCondition =
gcnew ZoneMembershipCondition( SecurityZone::Intranet );
( *codeGroup )->MembershipCondition = zoneCondition;
}
// Create a child code group with read-access file permissions and add it
// to the specified code group.
static void addChildCodeGroup( interior_ptr<FirstMatchCodeGroup^> codeGroup )
{
// Create a first match code group with read access.
FileIOPermission^ rootFilePermissions = gcnew FileIOPermission(
PermissionState::None );
rootFilePermissions->AllLocalFiles = FileIOPermissionAccess::Read;
rootFilePermissions->SetPathList( FileIOPermissionAccess::Read, L"C:\\" );
PermissionSet^ permissions = gcnew PermissionSet(
PermissionState::Unrestricted );
permissions->AddPermission( rootFilePermissions );
FirstMatchCodeGroup^ tempFolderCodeGroup =
gcnew FirstMatchCodeGroup( gcnew AllMembershipCondition,
gcnew PolicyStatement( permissions ) );
// Set the name of the child code group and add it to
// the specified code group.
tempFolderCodeGroup->Name = L"Read-only code group";
( *codeGroup )->AddChild( tempFolderCodeGroup );
}
// Compare the two FirstMatchCodeGroups.
static bool CompareTwoCodeGroups( FirstMatchCodeGroup^ firstCodeGroup,
FirstMatchCodeGroup^ secondCodeGroup )
{
// Compare the two specified FirstMatchCodeGroups for equality.
if ( firstCodeGroup->Equals( secondCodeGroup ) )
{
Console::WriteLine( L"The two code groups are equal." );
return true;
}
else
{
Console::WriteLine( L"The two code groups are not equal." );
return false;
}
}
// Retrieve the resolved policy based on executing evidence found
// in the specified code group.
static String^ ResolveEvidence( CodeGroup^ codeGroup )
{
String^ policyString = L"None";
// Resolve the policy based on the executing assembly's evidence.
Assembly^ assembly = Members::typeid->Assembly;
Evidence^ executingEvidence = assembly->Evidence;
PolicyStatement^ policy = codeGroup->Resolve( executingEvidence );
if ( policy != nullptr )
{
policyString = policy->ToString();
}
return policyString;
}
// Retrieve the resolved code group based on the evidence from the
// specified code group.
static FirstMatchCodeGroup^ ResolveGroupToEvidence(
FirstMatchCodeGroup^ codeGroup )
{
// Resolve matching code groups to the executing assembly.
Assembly^ assembly = Members::typeid->Assembly;
Evidence^ evidence = assembly->Evidence;
CodeGroup^ resolvedCodeGroup =
codeGroup->ResolveMatchingCodeGroups( evidence );
return dynamic_cast<FirstMatchCodeGroup^>(resolvedCodeGroup);
}
// If a domain attribute is not found in the specified
// FirstMatchCodeGroup, add a child XML element identifying a custom
// membership condition.
static void addXmlMember( interior_ptr<FirstMatchCodeGroup^> codeGroup )
{
SecurityElement^ xmlElement = ( *codeGroup )->ToXml();
SecurityElement^ rootElement = gcnew SecurityElement( L"CodeGroup" );
if ( xmlElement->Attribute(L"domain") == nullptr )
{
SecurityElement^ newElement = gcnew SecurityElement(
L"CustomMembershipCondition" );
newElement->AddAttribute( L"class", L"CustomMembershipCondition" );
newElement->AddAttribute( L"version", L"1" );
newElement->AddAttribute( L"domain", L"contoso.com" );
rootElement->AddChild( newElement );
( *codeGroup )->FromXml( rootElement );
}
Console::WriteLine( L"Added a custom membership condition:" );
Console::WriteLine( rootElement );
}
// Print the properties of the specified code group to the console.
static void PrintCodeGroup( CodeGroup^ codeGroup )
{
// Compare the type of the specified object with the
// FirstMatchCodeGroup type.
if ( !codeGroup->GetType()->Equals( FirstMatchCodeGroup::typeid ) )
{
throw gcnew ArgumentException( L"Expected the FirstMatchCodeGroup type." );
}
String^ codeGroupName = codeGroup->Name;
String^ membershipCondition = codeGroup->MembershipCondition->ToString();
String^ permissionSetName = codeGroup->PermissionSetName;
int hashCode = codeGroup->GetHashCode();
String^ mergeLogic = L"";
if ( codeGroup->MergeLogic->Equals( L"First Match" ) )
{
mergeLogic = L"with first-match merge logic";
}
// Retrieve the class path for the FirstMatchCodeGroup.
String^ firstMatchGroupClass = codeGroup->ToString();
String^ attributeString = L"";
// Retrieve the string representation of the FirstMatchCodeGroup's
// attributes.
if ( codeGroup->AttributeString != nullptr )
{
attributeString = codeGroup->AttributeString;
}
// Write a summary to the console window.
Console::WriteLine( L"\n*** {0} summary ***", firstMatchGroupClass );
Console::Write( L"A FirstMatchCodeGroup named " );
Console::Write( L"{0}{1}", codeGroupName, mergeLogic );
Console::Write( L" has been created with hash code({0}).", hashCode );
Console::Write( L"\nThis code group contains a {0}", membershipCondition );
Console::Write( L" membership condition with the " );
Console::WriteLine( L"{0} permission set.", permissionSetName );
Console::Write( L"The code group contains the following policy: " );
Console::Write( ResolveEvidence( codeGroup ) );
Console::Write( L"\nIt also contains the following attributes: " );
Console::WriteLine( attributeString );
int childCount = codeGroup->Children->Count;
if ( childCount > 0 )
{
Console::Write( L"There are {0}", childCount );
Console::WriteLine( L" child elements in the code group." );
// Iterate through the child code groups to display their names
// and then remove them from the specified code group.
for ( int i = 0; i < childCount; i++ )
{
// Retrieve a child code group, which has been cast as a
// FirstMatchCodeGroup type.
FirstMatchCodeGroup^ childCodeGroup =
dynamic_cast<FirstMatchCodeGroup^>(codeGroup->Children->default[ i ]);
Console::Write( L"Removing the {0}.", childCodeGroup->Name );
// Remove the child code group.
codeGroup->RemoveChild( childCodeGroup );
}
Console::WriteLine();
}
else
{
Console::WriteLine( L" No child code groups were found in this"
L" code group." );
}
}
};
int main()
{
Members::Main();
}
//
// This sample produces the following output:
//
// The two code groups are equal.
// Added a custom membership condition:
// <CustomMembershipCondition class="CustomMembershipCondition"
// version="1"
// domain="contoso.com"/>
//
// Comparing the resolved code group with the initial code group.
// The two code groups are not equal.
//
// *** System.Security.Policy.FirstMatchCodeGroup summary ***
// A FirstMatchCodeGroup named with first-match merge logic has been created
// with hash code(113151525).
// This code group contains a Zone - Intranet membership condition with the
// permission set. The code group contains the following policy:
// It also contains the following attributes:
// There are 1 child elements in the code group.
// Removing the Read-only code group.
// This sample completed successfully; press Enter to exit.
C#
using System;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
class Members
{
[STAThread]
static void Main(string[] args)
{
// Create a new FirstMatchCodeGroup.
FirstMatchCodeGroup codeGroup = constructDefaultGroup();
// Create a deep copy of the FirstMatchCodeGroup.
FirstMatchCodeGroup copyCodeGroup =
(FirstMatchCodeGroup)codeGroup.Copy();
// Compare the original code group with the copy.
CompareTwoCodeGroups(codeGroup, copyCodeGroup);
addPolicy(ref codeGroup);
addXmlMember(ref codeGroup);
updateMembershipCondition(ref codeGroup);
addChildCodeGroup(ref codeGroup);
Console.Write("Comparing the resolved code group ");
Console.WriteLine("with the initial code group.");
FirstMatchCodeGroup resolvedCodeGroup =
ResolveGroupToEvidence(codeGroup);
if (CompareTwoCodeGroups(codeGroup, resolvedCodeGroup))
{
PrintCodeGroup(resolvedCodeGroup);
}
else
{
PrintCodeGroup(codeGroup);
}
Console.WriteLine("This sample completed successfully; " +
"press Enter to exit.");
Console.ReadLine();
}
// Create a FirstMatchCodeGroup with an exclusive policy and membership
// condition.
private static FirstMatchCodeGroup constructDefaultGroup()
{
// Construct a new FirstMatchCodeGroup with Read, Write, Append
// and PathDiscovery access.
// Create read access permission to the root directory on drive C.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read,"C:\\");
// Add a permission to a named permission set.
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions,PolicyStatementAttribute.Exclusive);
// Create a FirstMatchCodeGroup with a membership condition that
// matches all code, and an exclusive policy.
FirstMatchCodeGroup codeGroup =
new FirstMatchCodeGroup(
new AllMembershipCondition(),
policy);
// Set the name of the first match code group.
codeGroup.Name = "TempCodeGroup";
// Set the description of the first match code group.
codeGroup.Description = "Temp folder permissions group";
return codeGroup;
}
// Add file permission to restrict write access to all files
// on the local machine.
private static void addPolicy(ref FirstMatchCodeGroup codeGroup)
{
// Set the PolicyStatement property to a policy with read access to
// the root directory on drive C.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read,"C:\\");
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions,
PolicyStatementAttribute.Exclusive);
codeGroup.PolicyStatement = policy;
}
// Set the membership condition of the code group.
private static void updateMembershipCondition(
ref FirstMatchCodeGroup codeGroup)
{
// Set the membership condition of the specified FirstMatchCodeGroup
// to the Intranet zone.
ZoneMembershipCondition zoneCondition =
new ZoneMembershipCondition(SecurityZone.Intranet);
codeGroup.MembershipCondition = zoneCondition;
}
// Create a child code group with read-access file permissions and add it
// to the specified code group.
private static void addChildCodeGroup(ref FirstMatchCodeGroup codeGroup)
{
// Create a first match code group with read access.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read,"C:\\");
PermissionSet permissions =
new PermissionSet(PermissionState.Unrestricted);
permissions.AddPermission(rootFilePermissions);
FirstMatchCodeGroup tempFolderCodeGroup = new FirstMatchCodeGroup(
new AllMembershipCondition(),
new PolicyStatement(permissions));
// Set the name of the child code group and add it to
// the specified code group.
tempFolderCodeGroup.Name = "Read-only code group";
codeGroup.AddChild(tempFolderCodeGroup);
}
// Compare the two FirstMatchCodeGroups.
private static bool CompareTwoCodeGroups(
FirstMatchCodeGroup firstCodeGroup,
FirstMatchCodeGroup secondCodeGroup)
{
// Compare the two specified FirstMatchCodeGroups for equality.
if (firstCodeGroup.Equals(secondCodeGroup))
{
Console.WriteLine("The two code groups are equal.");
return true;
}
else
{
Console.WriteLine("The two code groups are not equal.");
return false;
}
}
// Retrieve the resolved policy based on executing evidence found
// in the specified code group.
private static string ResolveEvidence(CodeGroup codeGroup)
{
string policyString = "None";
// Resolve the policy based on the executing assembly's evidence.
Assembly assembly = typeof(Members).Assembly;
Evidence executingEvidence = assembly.Evidence;
PolicyStatement policy = codeGroup.Resolve(executingEvidence);
if (policy != null)
{
policyString = policy.ToString();
}
return policyString;
}
// Retrieve the resolved code group based on the evidence from the
// specified code group.
private static FirstMatchCodeGroup ResolveGroupToEvidence(
FirstMatchCodeGroup codeGroup)
{
// Resolve matching code groups to the executing assembly.
Assembly assembly = typeof(Members).Assembly;
Evidence evidence = assembly.Evidence;
CodeGroup resolvedCodeGroup =
codeGroup.ResolveMatchingCodeGroups(evidence);
return (FirstMatchCodeGroup)resolvedCodeGroup;
}
// If a domain attribute is not found in the specified
// FirstMatchCodeGroup, add a child XML element identifying a custom
// membership condition.
private static void addXmlMember(ref FirstMatchCodeGroup codeGroup)
{
SecurityElement xmlElement = codeGroup.ToXml();
SecurityElement rootElement = new SecurityElement("CodeGroup");
if (xmlElement.Attribute("domain") == null)
{
SecurityElement newElement =
new SecurityElement("CustomMembershipCondition");
newElement.AddAttribute("class","CustomMembershipCondition");
newElement.AddAttribute("version","1");
newElement.AddAttribute("domain","contoso.com");
rootElement.AddChild(newElement);
codeGroup.FromXml(rootElement);
}
Console.WriteLine("Added a custom membership condition:");
Console.WriteLine(rootElement.ToString());
}
// Print the properties of the specified code group to the console.
private static void PrintCodeGroup(CodeGroup codeGroup)
{
// Compare the type of the specified object with the
// FirstMatchCodeGroup type.
if (!codeGroup.GetType().Equals(typeof(FirstMatchCodeGroup)))
{
throw new ArgumentException(
"Expected the FirstMatchCodeGroup type.");
}
string codeGroupName = codeGroup.Name;
string membershipCondition = codeGroup.MembershipCondition.ToString();
string permissionSetName = codeGroup.PermissionSetName;
int hashCode = codeGroup.GetHashCode();
string mergeLogic = "";
if (codeGroup.MergeLogic.Equals("First Match"))
{
mergeLogic = "with first-match merge logic";
}
// Retrieve the class path for the FirstMatchCodeGroup.
string firstMatchGroupClass = codeGroup.ToString();
string attributeString = "";
// Retrieve the string representation of the FirstMatchCodeGroup's
// attributes.
if (codeGroup.AttributeString != null)
{
attributeString = codeGroup.AttributeString;
}
// Write a summary to the console window.
Console.WriteLine("\n*** " + firstMatchGroupClass + " summary ***");
Console.Write("A FirstMatchCodeGroup named ");
Console.Write(codeGroupName + mergeLogic);
Console.Write(" has been created with hash code(" + hashCode + ").");
Console.Write("\nThis code group contains a " + membershipCondition);
Console.Write(" membership condition with the ");
Console.WriteLine(permissionSetName + " permission set.");
Console.Write("The code group contains the following policy: ");
Console.Write(ResolveEvidence(codeGroup));
Console.Write("\nIt also contains the following attributes: ");
Console.WriteLine(attributeString);
int childCount = codeGroup.Children.Count;
if (childCount > 0 )
{
Console.Write("There are " + childCount);
Console.WriteLine(" child elements in the code group.");
// Iterate through the child code groups to display their names
// and then remove them from the specified code group.
for (int i=0; i < childCount; i++)
{
// Retrieve a child code group, which has been cast as a
// FirstMatchCodeGroup type.
FirstMatchCodeGroup childCodeGroup =
(FirstMatchCodeGroup)codeGroup.Children[i];
Console.Write("Removing the " + childCodeGroup.Name + ".");
// Remove the child code group.
codeGroup.RemoveChild(childCodeGroup);
}
Console.WriteLine();
}
else
{
Console.WriteLine(" No child code groups were found in this" +
" code group.");
}
}
}
//
// This sample produces the following output:
//
// The two code groups are equal.
// Added a custom membership condition:
// <CustomMembershipCondition class="CustomMembershipCondition"
// version="1"
// domain="contoso.com"/>
//
// Comparing the resolved code group with the initial code group.
// The two code groups are not equal.
//
// *** System.Security.Policy.FirstMatchCodeGroup summary ***
// A FirstMatchCodeGroup named with first-match merge logic has been created
// with hash code(113151525).
// This code group contains a Zone - Intranet membership condition with the
// permission set. The code group contains the following policy:
// It also contains the following attributes:
// There are 1 child elements in the code group.
// Removing the Read-only code group.
// This sample completed successfully; press Enter to exit.
Imports System.Security
Imports System.Security.Policy
Imports System.Security.Permissions
Imports System.Reflection
Imports System.Windows.Forms
Public Class Form1
Inherits System.Windows.Forms.Form
' Event handler for Run button.
Private Sub Button1_Click( _
ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button1.Click
tbxOutput.Cursor = Cursors.WaitCursor
tbxOutput.Text = ""
' Create a new FirstMatchCodeGroup.
Dim codeGroup As FirstMatchCodeGroup = constructDefaultGroup()
' Create a deep copy of the FirstMatchCodeGroup.
Dim copyCodeGroup As FirstMatchCodeGroup
copyCodeGroup = CType(codeGroup.Copy(), FirstMatchCodeGroup)
' Compare the original code group with the copy.
CompareTwoCodeGroups(codeGroup, copyCodeGroup)
addPolicy(codeGroup)
addXmlMember(codeGroup)
updateMembershipCondition(codeGroup)
addChildCodeGroup(codeGroup)
Write("Comparing the resolved code group ")
WriteLine("with the initial code group.")
Dim resolvedCodeGroup As FirstMatchCodeGroup
resolvedCodeGroup = ResolveGroupToEvidence(codeGroup)
If (CompareTwoCodeGroups(codeGroup, resolvedCodeGroup)) Then
PrintCodeGroup(resolvedCodeGroup)
Else
PrintCodeGroup(codeGroup)
End If
' Reset the cursor and conclude application.
tbxOutput.AppendText(vbCrLf + "This sample completed " + _
"successfully; press Exit to continue.")
tbxOutput.Cursor = Cursors.Default
End Sub
' Create a FirstMatchCodeGroup with an exclusive policy and membership
' condition.
Private Function constructDefaultGroup() As FirstMatchCodeGroup
' Construct a new FirstMatchCodeGroup with Read, Write, Append
' and PathDiscovery access.
' Create read access permission to the root directory on drive C.
Dim rootFilePermissions As New FileIOPermission(PermissionState.None)
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\")
' Add a permission to a named permission set.
Dim namedPermissions As New NamedPermissionSet("RootPermissions")
namedPermissions.AddPermission(rootFilePermissions)
' Create a PolicyStatement with exclusive rights to the policy.
Dim policy As New PolicyStatement( _
namedPermissions, _
PolicyStatementAttribute.Exclusive)
' Create a FirstMatchCodeGroup with a membership condition that
' matches all code, and an exclusive policy.
Dim codeGroup As New FirstMatchCodeGroup( _
New AllMembershipCondition, _
policy)
' Set the name of the first match code group.
codeGroup.Name = "TempCodeGroup"
' Set the description of the first match code group.
codeGroup.Description = "Temp folder permissions group"
Return codeGroup
End Function
' Add file permission to restrict write access to all files
' on the local machine.
Private Sub addPolicy(ByRef codeGroup As FirstMatchCodeGroup)
' Set the PolicyStatement property to a policy with read access to the
' root directory on drive C.
Dim rootFilePermissions As New FileIOPermission(PermissionState.None)
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\")
Dim namedPermissions As New NamedPermissionSet("RootPermissions")
namedPermissions.AddPermission(rootFilePermissions)
' Create a PolicyStatement with exclusive rights to the policy.
Dim policy As New PolicyStatement( _
namedPermissions, _
PolicyStatementAttribute.Exclusive)
codeGroup.PolicyStatement = policy
End Sub
' Set the membership condition of the code group.
Private Sub updateMembershipCondition( _
ByRef codeGroup As FirstMatchCodeGroup)
' Set the membership condition of the specified FirstMatchCodeGroup
' to the Intranet zone.
Dim zoneCondition As _
New ZoneMembershipCondition(SecurityZone.Intranet)
codeGroup.MembershipCondition = zoneCondition
End Sub
' Create a child code group with read-access file permissions and add it
' to the specified code group.
Private Sub addChildCodeGroup(ByRef codegroup As FirstMatchCodeGroup)
' Create a first match code group with read access.
Dim rootFilePermissions As New FileIOPermission(PermissionState.None)
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\")
Dim permissions As New PermissionSet(PermissionState.Unrestricted)
permissions.AddPermission(rootFilePermissions)
Dim tempFolderCodeGroup = New FirstMatchCodeGroup( _
New AllMembershipCondition, _
New PolicyStatement(permissions))
' Set the name of the child code group and add it to the specified
' code group.
tempFolderCodeGroup.Name = "Read-only code group"
codegroup.AddChild(tempFolderCodeGroup)
End Sub
' Compare the two FirstMatchCodeGroups.
Private Function CompareTwoCodeGroups( _
ByVal firstCodeGroup As FirstMatchCodeGroup, _
ByVal secondCodeGroup As FirstMatchCodeGroup) As Boolean
' Compare the two specified FirstMatchCodeGroups for equality.
If (firstCodeGroup.Equals(secondCodeGroup)) Then
WriteLine("The two code groups are equal.")
Return True
Else
WriteLine("The two code groups are not equal.")
Return False
End If
End Function
' Retrieve the resolved policy based on executing evidence found
' in the specified code group.
Private Function ResolveEvidence(ByVal codeGroup As CodeGroup) As String
Dim policyString As String = "None"
' Resolve the policy based on the executing assembly's evidence.
Dim executingAssembly As [Assembly] = Me.GetType().Assembly
Dim executingEvidence As Evidence
executingEvidence = executingAssembly.Evidence
Dim policy As PolicyStatement = codeGroup.Resolve(executingEvidence)
If (Not policy Is Nothing) Then
policyString = policy.ToString()
End If
Return policyString
End Function
' Retrieve the resolved code group based on the evidence from the
' specified code group.
Private Function ResolveGroupToEvidence( _
ByVal codegroup As FirstMatchCodeGroup) _
As FirstMatchCodeGroup
' Resolve matching code groups to the executing assembly.
Dim executingAssembly As [Assembly] = Me.GetType().Assembly
Dim evidence As Evidence = executingAssembly.Evidence
Dim resolvedCodeGroup As CodeGroup
resolvedCodeGroup = codegroup.ResolveMatchingCodeGroups(Evidence)
Return CType(resolvedCodeGroup, FirstMatchCodeGroup)
End Function
' If a domain attribute is not found in the specified FirstMatchCodeGroup,
' add a child XML element identifying a custom membership condition.
Private Sub addXmlMember(ByRef codeGroup As FirstMatchCodeGroup)
Dim xmlElement As SecurityElement = codeGroup.ToXml()
Dim rootElement As New SecurityElement("CodeGroup")
If (xmlElement.Attribute("domain") Is Nothing) Then
Dim newElement As New SecurityElement("CustomMembershipCondition")
newElement.AddAttribute("class", "CustomMembershipCondition")
newElement.AddAttribute("version", "1")
newElement.AddAttribute("domain", "contoso.com")
rootElement.AddChild(newElement)
codeGroup.FromXml(rootElement)
End If
WriteLine("Added a custom membership condition:")
WriteLine(rootElement.ToString())
End Sub
' Print the properties of the specified code group to the console.
Private Sub PrintCodeGroup(ByVal codeGroup As CodeGroup)
' Compare the type of the specified object with the
' FirstMatchCodeGroup type.
If (Not codeGroup.GetType() Is GetType(FirstMatchCodeGroup)) Then
Throw New ArgumentException( _
"Expected the FirstMatchCodeGroup type.")
End If
Dim codeGroupName As String = codeGroup.Name
Dim membershipCondition As String
membershipCondition = codeGroup.MembershipCondition.ToString()
Dim permissionSetName As String = codeGroup.PermissionSetName
Dim hashCode As Integer = codeGroup.GetHashCode()
Dim mergeLogic As String = ""
If (codeGroup.MergeLogic.Equals("First Match")) Then
mergeLogic = "with first-match merge logic"
End If
' Retrieve the class path for the FirstMatchCodeGroup.
Dim firstMatchGroupClass As String = codeGroup.ToString()
Dim attributeString As String = ""
' Retrieve the string representation of the FirstMatchCodeGroup's
' attributes.
If (Not codeGroup.AttributeString Is Nothing) Then
attributeString = codeGroup.AttributeString
End If
' Write a summary to the console window.
WriteLine(vbCrLf + "* " + firstMatchGroupClass + " summary *")
Write("A FirstMatchCodeGroup named ")
Write(codeGroupName + mergeLogic)
Write(" has been created with hash code ")
WriteLine(hashCode.ToString() + ". ")
Write("This code group contains a " + membershipCondition)
Write(" membership condition with the ")
Write(permissionSetName + " permission set. ")
Write("The code group contains the following policy: ")
Write(ResolveEvidence(codeGroup) + ". ")
Write("It also contains the following attributes: ")
WriteLine(attributeString)
Dim childCount As Integer = codeGroup.Children.Count
If (childCount > 0) Then
Write("There are " + childCount.ToString())
WriteLine(" child elements in the code group.")
' Iterate through the child code groups to display their names
' and then remove them from the specified code group.
For i As Int16 = 0 To childCount - 1 Step 1
' Retrieve each child explicitly casted as a
' FirstMatchCodeGroup type.
Dim childCodeGroup As FirstMatchCodeGroup
childCodeGroup = _
CType(codeGroup.Children(i), FirstMatchCodeGroup)
Write("Removing the " + childCodeGroup.Name + ".")
' Remove the child code group.
codeGroup.RemoveChild(childCodeGroup)
Next
WriteLine("")
Else
WriteLine("No child code groups were found in this code group.")
End If
End Sub
Private Sub WriteLine(ByVal message As String)
tbxOutput.AppendText(message + vbCrLf)
End Sub
Private Sub Write(ByVal message As String)
tbxOutput.AppendText(message)
End Sub
' Event handler for Exit button.
Private Sub Button2_Click( _
ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button2.Click
Application.Exit()
End Sub
#Region " Windows Form Designer generated code "
Public Sub New()
MyBase.New()
'This call is required by the Windows Form Designer.
InitializeComponent()
'Add any initialization after the InitializeComponent() call
End Sub
'Form overrides dispose to clean up the component list.
Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
If disposing Then
If Not (components Is Nothing) Then
components.Dispose()
End If
End If
MyBase.Dispose(disposing)
End Sub
'Required by the Windows Form Designer
Private components As System.ComponentModel.IContainer
'NOTE: The following procedure is required by the Windows Form Designer
'It can be modified using the Windows Form Designer.
'Do not modify it using the code editor.
Friend WithEvents Panel2 As System.Windows.Forms.Panel
Friend WithEvents Panel1 As System.Windows.Forms.Panel
Friend WithEvents Button1 As System.Windows.Forms.Button
Friend WithEvents Button2 As System.Windows.Forms.Button
Friend WithEvents tbxOutput As System.Windows.Forms.RichTextBox
<System.Diagnostics.DebuggerStepThrough()> _
Private Sub InitializeComponent()
Me.Panel2 = New System.Windows.Forms.Panel
Me.Button1 = New System.Windows.Forms.Button
Me.Button2 = New System.Windows.Forms.Button
Me.Panel1 = New System.Windows.Forms.Panel
Me.tbxOutput = New System.Windows.Forms.RichTextBox
Me.Panel2.SuspendLayout()
Me.Panel1.SuspendLayout()
Me.SuspendLayout()
'
'Panel2
'
Me.Panel2.Controls.Add(Me.Button1)
Me.Panel2.Controls.Add(Me.Button2)
Me.Panel2.Dock = System.Windows.Forms.DockStyle.Bottom
Me.Panel2.DockPadding.All = 20
Me.Panel2.Location = New System.Drawing.Point(0, 320)
Me.Panel2.Name = "Panel2"
Me.Panel2.Size = New System.Drawing.Size(616, 64)
Me.Panel2.TabIndex = 1
'
'Button1
'
Me.Button1.Dock = System.Windows.Forms.DockStyle.Right
Me.Button1.Font = New System.Drawing.Font( _
"Microsoft Sans Serif", _
9.0!, _
System.Drawing.FontStyle.Regular, _
System.Drawing.GraphicsUnit.Point, _
CType(0, Byte))
Me.Button1.Location = New System.Drawing.Point(446, 20)
Me.Button1.Name = "Button1"
Me.Button1.Size = New System.Drawing.Size(75, 24)
Me.Button1.TabIndex = 2
Me.Button1.Text = "&Run"
'
'Button2
'
Me.Button2.Dock = System.Windows.Forms.DockStyle.Right
Me.Button2.Font = New System.Drawing.Font( _
"Microsoft Sans Serif", _
9.0!, _
System.Drawing.FontStyle.Regular, _
System.Drawing.GraphicsUnit.Point, _
CType(0, Byte))
Me.Button2.Location = New System.Drawing.Point(521, 20)
Me.Button2.Name = "Button2"
Me.Button2.Size = New System.Drawing.Size(75, 24)
Me.Button2.TabIndex = 3
Me.Button2.Text = "E&xit"
'
'Panel1
'
Me.Panel1.Controls.Add(Me.tbxOutput)
Me.Panel1.Dock = System.Windows.Forms.DockStyle.Fill
Me.Panel1.DockPadding.All = 20
Me.Panel1.Location = New System.Drawing.Point(0, 0)
Me.Panel1.Name = "Panel1"
Me.Panel1.Size = New System.Drawing.Size(616, 320)
Me.Panel1.TabIndex = 2
'
'tbxOutput
'
Me.tbxOutput.AccessibleDescription = _
"Displays output from application."
Me.tbxOutput.AccessibleName = "Output textbox."
Me.tbxOutput.Dock = System.Windows.Forms.DockStyle.Fill
Me.tbxOutput.Location = New System.Drawing.Point(20, 20)
Me.tbxOutput.Name = "tbxOutput"
Me.tbxOutput.Size = New System.Drawing.Size(576, 280)
Me.tbxOutput.TabIndex = 1
Me.tbxOutput.Text = "Click the Run button to run the application."
'
'Form1
'
Me.AutoScaleBaseSize = New System.Drawing.Size(6, 15)
Me.ClientSize = New System.Drawing.Size(616, 384)
Me.Controls.Add(Me.Panel1)
Me.Controls.Add(Me.Panel2)
Me.Name = "Form1"
Me.Text = "FirstMatchCodeGroup"
Me.Panel2.ResumeLayout(False)
Me.Panel1.ResumeLayout(False)
Me.ResumeLayout(False)
End Sub
#End Region
End Class
'
' This sample produces the following output:
'
' The two code groups are equal.
' Added a custom membership condition:
' <CustomMembershipCondition class="CustomMembershipCondition"
' version="1"
' domain="contoso.com"/>
'
' Comparing the resolved code group with the initial code group.
' The two code groups are not equal.
'
' * System.Security.Policy.FirstMatchCodeGroup summary *
' A FirstMatchCodeGroup named with first-match merge logic has been created
' with hash code 113155593. This code group contains a Zone - Intranet
' membership condition with the permission set. The code group contains the
' following policy: None. It also contains the following attributes:
' There are 1 child elements in the code group.
' Removing the Read-only code group.
'
' This sample completed successfully; press Exit to continue.
注意
程式碼啟用安全性 (CAS) 在所有版本的 .NET Framework 和 .NET 中已被取代。 最新版本的 .NET 不接受 CAS 批註,並在使用 CAS 相關 API 時產生錯誤。 開發人員應該尋求替代方式來完成安全性工作。
程式碼群組是程式碼存取安全性原則的建置組塊。 每個原則層級都包含可具有副程式代碼群組的根程式碼群組。 每個副程式代碼群組都可以有自己的副程式代碼群組;此行為會延伸到任意數目的層級,形成樹狀結構。 每個程式碼群組都有一個成員資格條件,根據該元件的辨識項,判斷指定的元件是否屬於它。 只有成員資格條件符合指定元件及其副程式代碼群組的程式碼群組會套用原則。
就像任何程式碼群組一樣, FirstMatchCodeGroup 只有在其成員資格條件符合元件的辨識項時才適用。 如果有相符專案,它會依序測試每個子系的成員資格條件,並在發生第一次比對時停止。 的結果 FirstMatchCodeGroup 是根程式碼群組之原則語句的聯集,以及符合該程式碼群組之第一個子群組的原則語句。
FirstMatchCodeGroup 適用于應用程式域主機設定網域原則的程式設計用途。
|
First |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
初始化 FirstMatchCodeGroup 類別的新執行個體。 |
|
Attribute |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得程式碼群組之原則陳述式屬性 (Attribute) 的字串表示。 (繼承來源 CodeGroup) |
| Children |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得或設定程式碼群組的子程式碼群組之排序清單。 (繼承來源 CodeGroup) |
| Description |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得或設定程式碼群組的描述。 (繼承來源 CodeGroup) |
|
Membership |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得或設定程式碼群組的成員資格條件。 (繼承來源 CodeGroup) |
|
Merge |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得合併邏輯。 |
| Name |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得或設定程式碼群組的名稱。 (繼承來源 CodeGroup) |
|
Permission |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得程式碼群組的具名使用權限之名稱。 (繼承來源 CodeGroup) |
|
Policy |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得或設定與程式碼群組相關的原則陳述式。 (繼承來源 CodeGroup) |
|
Add |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
加入子程式碼群組到目前程式碼群組。 (繼承來源 CodeGroup) |
| Copy() |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
製作程式碼群組的深層複本 (Deep Copy)。 |
|
Create |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
在衍生類別中覆寫時,序列化衍生的程式碼群組特定的屬性和內部狀態,並加入序列化到指定的 SecurityElement。 (繼承來源 CodeGroup) |
|
Equals(Code |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
判斷指定的程式碼群組是否等於目前程式碼群組,若有指定則檢查子程式碼群組。 (繼承來源 CodeGroup) |
| Equals(Object) |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
判斷指定的程式碼群組是否相等於目前程式碼群組。 (繼承來源 CodeGroup) |
|
From |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
使用 XML 編碼方式重建具有指定狀態的安全性物件。 (繼承來源 CodeGroup) |
|
From |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
使用 XML 編碼方式重建具有指定狀態和原則層級的安全性物件。 (繼承來源 CodeGroup) |
|
Get |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得目前程式碼群組的雜湊碼。 (繼承來源 CodeGroup) |
|
Get |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
取得目前執行個體的 Type。 (繼承來源 Object) |
|
Memberwise |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
建立目前 Object 的淺層複製。 (繼承來源 Object) |
|
Parse |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
在衍生類別中覆寫時,從指定的 SecurityElement 重建衍生程式碼群組特定的屬性和內部狀態。 (繼承來源 CodeGroup) |
|
Remove |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
移除指定的子程式碼群組。 (繼承來源 CodeGroup) |
| Resolve(Evidence) |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
解析程式碼群組的原則和其辨識項集合的子代。 |
|
Resolve |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
解析符合的程式碼群組。 |
|
To |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
傳回代表目前物件的字串。 (繼承來源 Object) |
|
To |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
建立安全物件及其目前狀態的 XML 編碼方式。 (繼承來源 CodeGroup) |
|
To |
已淘汰.
已淘汰.
已淘汰.
已淘汰.
建立安全性物件、它的目前狀態和程式碼所存在的原則層級的 XML 編碼方式。 (繼承來源 CodeGroup) |
| 產品 | 版本 (已過時) |
|---|---|
| .NET Framework | 1.1, 2.0, 3.0, 3.5 (4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8) |
| Windows Desktop | (3.0, 3.1, 5, 6, 7) |