SecurityManager.GetStandardSandbox(Evidence) 方法

定義

命名空間:

System.Security

組件:

System.Security.Permissions.dll

套件:

System.Security.Permissions v9.0.0-rc.2.24473.5

來源:

SecurityManager.cs

取得可安全授與具提供之辨識項的應用程式的權限集合。

public:
 static System::Security::PermissionSet ^ GetStandardSandbox(System::Security::Policy::Evidence ^ evidence);

public static System.Security.PermissionSet GetStandardSandbox (System.Security.Policy.Evidence evidence);

static member GetStandardSandbox : System.Security.Policy.Evidence -> System.Security.PermissionSet

Public Shared Function GetStandardSandbox (evidence As Evidence) As PermissionSet

參數

evidence

Evidence

要與權限集合比對的主辨識項。

傳回

PermissionSet

權限集合，可用來當做具提供之辨識項的應用程式的授權集。

例外狀況

ArgumentNullException

evidence 為 null。

範例

下列範例示範如何使用 GetStandardSandbox 方法來取得沙盒化應用程式的許可權集合。 如需在沙盒中執行應用程式的詳細資訊，請參閱 如何：在沙盒中執行部分信任的程序代碼。

using System;
using System.Collections;
using System.Diagnostics;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Reflection;
using System.IO;

namespace SimpleSandboxing
{
    class Program
    {
        static void Main(string[] args)
        {
            // Create the permission set to grant to other assemblies.
            // In this case we are granting the permissions found in the LocalIntranet zone.
            Evidence e = new Evidence();
            e.AddHostEvidence(new Zone(SecurityZone.Intranet));
            PermissionSet pset = SecurityManager.GetStandardSandbox(e);

            AppDomainSetup ads = new AppDomainSetup();
            // Identify the folder to use for the sandbox.
            ads.ApplicationBase = "C:\\Sandbox";
            // Copy the application to be executed to the sandbox.
            Directory.CreateDirectory("C:\\Sandbox");
            File.Copy("..\\..\\..\\HelloWorld\\bin\\debug\\HelloWorld.exe", "C:\\sandbox\\HelloWorld.exe", true);

            // Create the sandboxed domain.
            AppDomain sandbox = AppDomain.CreateDomain(
               "Sandboxed Domain",
               e,
               ads,
               pset,
               null);
            sandbox.ExecuteAssemblyByName("HelloWorld");
        }
    }
}

Imports System.Collections
Imports System.Diagnostics
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Reflection
Imports System.IO



Class Program
    
    Shared Sub Main(ByVal args() As String) 
        ' Create the permission set to grant to other assemblies.
        ' In this case we are granting the permissions found in the LocalIntranet zone.
        Dim e As New Evidence()
        e.AddHostEvidence(New Zone(SecurityZone.Intranet))
        Dim pset As PermissionSet = SecurityManager.GetStandardSandbox(e)
        
        Dim ads As New AppDomainSetup()
        ' Identify the folder to use for the sandbox.
        ads.ApplicationBase = "C:\Sandbox"
        ' Copy the application to be executed to the sandbox.
        Directory.CreateDirectory("C:\Sandbox")
        File.Copy("..\..\..\HelloWorld\bin\debug\HelloWorld.exe", "C:\sandbox\HelloWorld.exe", True)
        
        ' Create the sandboxed domain.
        Dim sandbox As AppDomain = AppDomain.CreateDomain("Sandboxed Domain", e, ads, pset, Nothing)
        sandbox.ExecuteAssemblyByName("HelloWorld")
    
    End Sub
End Class

備註

注意

在 .NET Framework 4 中，中的evidence主機辨識項必須包含System.Security.Policy.Zone辨識項。

下表顯示針對每個區域傳回的許可權集合。

區域	權限集合
MyComputer	FullTrust
Intranet	LocalIntranet
Trusted	Internet
Internet	Internet
Untrusted	無
NoZone	無

可能會考慮其他辨識項，例如 Url 或 Site。

沙箱可以使用傳回的許可權集合來執行應用程式。 請注意，這個方法不會指定原則，但可協助主機判斷應用程式所要求的許可權集合是否合理。 這個方法可用來將區域對應至沙盒。