SecurityAction 列舉
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
警告
Code Access Security is not supported or honored by the runtime.
指定可以使用宣告式安全性執行的安全性動作。
public enum class SecurityAction[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public enum SecurityActionpublic enum SecurityAction[System.Serializable]
public enum SecurityAction[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public enum SecurityAction[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type SecurityAction = type SecurityAction = [<System.Serializable>]
type SecurityAction = [<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type SecurityAction = Public Enum SecurityAction- 繼承
- 屬性
欄位
| Assert | 3 | 即使堆疊中較高層的呼叫端未獲得資源存取權限,呼叫程式碼仍可以存取目前權限物件所識別的資源 (請參閱使用 Assert 方法)。 |
| Demand | 2 | 呼叫堆疊中較高層的所有呼叫端,必須已獲得目前權限物件所指定的權限。 |
| Deny | 4 | 拒絕呼叫端存取目前權限物件所指定的資源,即使呼叫端獲得資源存取權限亦然 (請參閱使用 Deny 方法)。 |
| InheritanceDemand | 7 | 繼承類別或覆寫方法的衍生類別 (Derived Class) 必須已經授與指定的使用權限。 |
| LinkDemand | 6 | 直接呼叫端必須已獲得指定權限。 請勿在 .NET Framework 4 中使用。 如需完全信任,請使用 SecurityCriticalAttribute,部分信任則使用 Demand。 |
| PermitOnly | 5 | 只可存取這個權限物件所指定的資源,即使程式碼已獲得其他資源存取權限亦然。 |
| RequestMinimum | 8 | 要求執行程式碼所需的最低權限。 這個動作只能在組件的範圍內使用。 |
| RequestOptional | 9 | 要求選擇性 (非執行所需) 的其他權限。 這項要求會隱含拒絕未特別要求的所有其他權限。 這個動作只能在組件的範圍內使用。 |
| RequestRefuse | 10 | 要求不將可能遭到誤用的權限授權給呼叫程式碼。 這個動作只能在組件的範圍內使用。 |
範例
此範例示範如何通知 CLR,呼叫方法中的程式代碼只有 IsolatedStoragePermission,也會示範如何撰寫和讀取隔離儲存區。
using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::IO::IsolatedStorage;
using namespace System::IO;
static void WriteIsolatedStorage()
{
try
{
// Attempt to create a storage file that is isolated by
// user and assembly. IsolatedStorageFilePermission
// granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this
// statement.
Stream^ fileCreateStream = gcnew
IsolatedStorageFileStream(
"AssemblyData",
FileMode::Create,
IsolatedStorageFile::GetUserStoreForAssembly());
StreamWriter^ streamWriter = gcnew StreamWriter(
fileCreateStream);
try
{
// Write some data out to the isolated file.
streamWriter->Write("This is some test data.");
streamWriter->Close();
}
finally
{
delete fileCreateStream;
delete streamWriter;
}
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
try
{
Stream^ fileOpenStream =
gcnew IsolatedStorageFileStream(
"AssemblyData",
FileMode::Open,
IsolatedStorageFile::GetUserStoreForAssembly());
// Attempt to open the file that was previously created.
StreamReader^ streamReader = gcnew StreamReader(
fileOpenStream);
try
{
// Read the data from the file and display it.
Console::WriteLine(streamReader->ReadLine());
streamReader->Close();
}
finally
{
delete fileOpenStream;
delete streamReader;
}
}
catch (FileNotFoundException^ ex)
{
Console::WriteLine(ex->Message);
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
}
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction::PermitOnly, UsageAllowed = IsolatedStorageContainment::AssemblyIsolationByUser)]
int main()
{
WriteIsolatedStorage();
}
// This code produces the following output.
//
// This is some test data.
using System;
using System.Security.Permissions;
using System.IO.IsolatedStorage;
using System.IO;
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser)]
public sealed class App
{
static void Main()
{
WriteIsolatedStorage();
}
private static void WriteIsolatedStorage()
{
// Attempt to create a storage file that is isolated by user and assembly.
// IsolatedStorageFilePermission granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this statement.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Write some data out to the isolated file.
using (StreamWriter sw = new StreamWriter(s))
{
sw.Write("This is some test data.");
}
}
// Attempt to open the file that was previously created.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Read the data from the file and display it.
using (StreamReader sr = new StreamReader(s))
{
Console.WriteLine(sr.ReadLine());
}
}
}
}
// This code produces the following output.
//
// Some test data.
Option Strict On
Imports System.Security.Permissions
Imports System.IO.IsolatedStorage
Imports System.IO
' Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
' This restricts the called methods to working only with storage files that are isolated
' by user and assembly.
<IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed:=IsolatedStorageContainment.AssemblyIsolationByUser)> _
Public NotInheritable Class App
Shared Sub Main()
WriteIsolatedStorage()
End Sub
Shared Sub WriteIsolatedStorage()
' Attempt to create a storage file that is isolated by user and assembly.
' IsolatedStorageFilePermission granted to the attribute at the top of this file
' allows CLR to load this assembly and execution of this statement.
Dim s As New IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Write some data out to the isolated file.
Dim sw As New StreamWriter(s)
Try
sw.Write("This is some test data.")
Finally
sw.Dispose()
End Try
Finally
s.Dispose()
End Try
' Attempt to open the file that was previously created.
Dim t As New IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Read the data from the file and display it.
Dim sr As New StreamReader(t)
Try
Console.WriteLine(sr.ReadLine())
Finally
sr.Dispose()
End Try
Finally
t.Dispose()
End Try
End Sub
End Class
' This code produces the following output.
'
' Some test data.
備註
警告
代碼啟用安全性 (CAS) 已在所有 .NET Framework 和 .NET 版本中淘汰。 最新版本的 .NET 不接受 CAS 批注,並在使用 CAS 相關 API 時產生錯誤。 開發人員應尋求替代方案來完成安全性工作。
下表描述每個安全性動作發生的時間及其支持的目標。
重要
在 .NET Framework 4 中,已移除運行時間支援,以強制執行 Deny、RequestMinimum、RequestOptional 和 RequestRefuse 許可權要求。 這些要求不應該用於以 .NET Framework 4 或更新版本為基礎的程序代碼中。 如需此變更和其他變更的詳細資訊,請參閱 安全性變更。
您不應該在 .NET Framework 4 中使用 LinkDemand 。 請改用 SecurityCriticalAttribute 來限制完全信任應用程式的使用方式,或使用 Demand 來限制部分信任的呼叫端。
| 安全性動作的宣告 | 動作時間 | 支持的目標 |
|---|---|---|
LinkDemand (不適用於 .NET Framework 4) |
Just-In-Time 編譯 | 類別、方法 |
InheritanceDemand |
載入時間 | 類別、方法 |
Demand |
執行階段 | 類別、方法 |
Assert |
執行階段 | 類別、方法 |
Deny 在 .NET Framework 4) 中 (過時 |
執行階段 | 類別、方法 |
PermitOnly |
執行階段 | 類別、方法 |
RequestMinimum 在 .NET Framework 4) 中 (過時 |
授與時間 | 組件 |
RequestOptional 在 .NET Framework 4) 中 (過時 |
授與時間 | 組件 |
RequestRefuse 在 .NET Framework 4) 中 (過時 |
授與時間 | 組件 |
如需屬性目標的其他資訊,請參閱 Attribute。
