程式碼存取安全(CAS) 是一項未受支援的舊有技術。 啟用 CAS 的基礎架構僅存在於 .NET Framework 2.x 至 4.x,已棄用且未獲得服務或安全修補。
因此,從 .NET 5 開始,大多數與程式碼存取安全(CAS)相關的類型已過時。 這包括 CAS 屬性,例如 SecurityPermissionAttribute、CAS 許可權物件,例如 SocketPermission、 EvidenceBase衍生型別和其他支援的 API。 使用這些 API 會在編譯時產生警告 SYSLIB0003 。
已過時的 CAS API 完整清單如下:
- System.AppDomain.ExecuteAssembly(String, String[], Byte[], AssemblyHashAlgorithm)
- System.AppDomain.PermissionSet
- System.Configuration.ConfigurationPermission
- System.Configuration.ConfigurationPermissionAttribute
- System.Data.Common.DBDataPermission
- System.Data.Common.DBDataPermissionAttribute
- System.Data.Odbc.OdbcPermission
- System.Data.Odbc.OdbcPermissionAttribute
- System.Data.OleDb.OleDbPermission
- System.Data.OleDb.OleDbPermissionAttribute
- System.Data.OracleClient.OraclePermission
- System.Data.OracleClient.OraclePermissionAttribute
- System.Data.SqlClient.SqlClientPermission
- System.Data.SqlClient.SqlClientPermissionAttribute
- System.Diagnostics.EventLogPermission
- System.Diagnostics.EventLogPermissionAttribute
- System.Diagnostics.PerformanceCounterPermission
- System.Diagnostics.PerformanceCounterPermissionAttribute
- System.DirectoryServices.DirectoryServicesPermission
- System.DirectoryServices.DirectoryServicesPermissionAttribute
- System.Drawing.Printing.PrintingPermission
- System.Drawing.Printing.PrintingPermissionAttribute
- System.Net.DnsPermission
- System.Net.DnsPermissionAttribute
- System.Net.Mail.SmtpPermission
- System.Net.Mail.SmtpPermissionAttribute
- System.Net.NetworkInformation.NetworkInformationPermission
- System.Net.NetworkInformation.NetworkInformationPermissionAttribute
- System.Net.PeerToPeer.Collaboration.PeerCollaborationPermission
- System.Net.PeerToPeer.Collaboration.PeerCollaborationPermissionAttribute
- System.Net.PeerToPeer.PnrpPermission
- System.Net.PeerToPeer.PnrpPermissionAttribute
- System.Net.SocketPermission
- System.Net.SocketPermissionAttribute
- System.Net.WebPermission
- System.Net.WebPermissionAttribute
- System.Runtime.InteropServices.AllowReversePInvokeCallsAttribute
- System.Security.CodeAccessPermission
- System.Security.HostProtectionException
- System.Security.IPermission
- System.Security.IStackWalk
- System.Security.NamedPermissionSet
- System.Security.PermissionSet
- System.Security.Permissions.CodeAccessSecurityAttribute
- System.Security.Permissions.DataProtectionPermission
- System.Security.Permissions.DataProtectionPermissionAttribute
- System.Security.Permissions.DataProtectionPermissionFlags
- System.Security.Permissions.EnvironmentPermission
- System.Security.Permissions.EnvironmentPermissionAccess
- System.Security.Permissions.EnvironmentPermissionAttribute
- System.Security.Permissions.FileDialogPermission
- System.Security.Permissions.FileDialogPermissionAccess
- System.Security.Permissions.FileDialogPermissionAttribute
- System.Security.Permissions.FileIOPermission
- System.Security.Permissions.FileIOPermissionAccess
- System.Security.Permissions.FileIOPermissionAttribute
- System.Security.Permissions.GacIdentityPermission
- System.Security.Permissions.GacIdentityPermissionAttribute
- System.Security.Permissions.HostProtectionAttribute
- System.Security.Permissions.HostProtectionResource
- System.Security.Permissions.IUnrestrictedPermission
- System.Security.Permissions.IsolatedStorageContainment
- System.Security.Permissions.IsolatedStorageFilePermission
- System.Security.Permissions.IsolatedStorageFilePermissionAttribute
- System.Security.Permissions.IsolatedStoragePermission
- System.Security.Permissions.IsolatedStoragePermissionAttribute
- System.Security.Permissions.KeyContainerPermission
- System.Security.Permissions.KeyContainerPermissionAccessEntry
- System.Security.Permissions.KeyContainerPermissionAccessEntryCollection
- System.Security.Permissions.KeyContainerPermissionAccessEntryEnumerator
- System.Security.Permissions.KeyContainerPermissionAttribute
- System.Security.Permissions.KeyContainerPermissionFlags
- System.Security.Permissions.MediaPermission
- System.Security.Permissions.MediaPermissionAttribute
- System.Security.Permissions.MediaPermissionAudio
- System.Security.Permissions.MediaPermissionImage
- System.Security.Permissions.MediaPermissionVideo
- System.Security.Permissions.PermissionSetAttribute
- System.Security.Permissions.PermissionState
- System.Security.Permissions.PrincipalPermission
- System.Security.Permissions.PrincipalPermissionAttribute
- System.Security.Permissions.PublisherIdentityPermission
- System.Security.Permissions.PublisherIdentityPermissionAttribute
- System.Security.Permissions.ReflectionPermission
- System.Security.Permissions.ReflectionPermissionAttribute
- System.Security.Permissions.ReflectionPermissionFlag
- System.Security.Permissions.RegistryPermission
- System.Security.Permissions.RegistryPermissionAccess
- System.Security.Permissions.RegistryPermissionAttribute
- System.Security.Permissions.ResourcePermissionBase
- System.Security.Permissions.ResourcePermissionBaseEntry
- System.Security.Permissions.SecurityAction
- System.Security.Permissions.SecurityAttribute
- System.Security.Permissions.SecurityPermission
- System.Security.Permissions.SecurityPermissionAttribute
- System.Security.Permissions.SecurityPermissionFlag
- System.Security.Permissions.SiteIdentityPermission
- System.Security.Permissions.SiteIdentityPermissionAttribute
- System.Security.Permissions.StorePermission
- System.Security.Permissions.StorePermissionAttribute
- System.Security.Permissions.StorePermissionFlags
- System.Security.Permissions.StrongNameIdentityPermission
- System.Security.Permissions.StrongNameIdentityPermissionAttribute
- System.Security.Permissions.StrongNamePublicKeyBlob
- System.Security.Permissions.TypeDescriptorPermission
- System.Security.Permissions.TypeDescriptorPermissionAttribute
- System.Security.Permissions.TypeDescriptorPermissionFlags
- System.Security.Permissions.UIPermission
- System.Security.Permissions.UIPermissionAttribute
- System.Security.Permissions.UIPermissionClipboard
- System.Security.Permissions.UIPermissionWindow
- System.Security.Permissions.UrlIdentityPermission
- System.Security.Permissions.UrlIdentityPermissionAttribute
- System.Security.Permissions.WebBrowserPermission
- System.Security.Permissions.WebBrowserPermissionAttribute
- System.Security.Permissions.WebBrowserPermissionLevel
- System.Security.Permissions.ZoneIdentityPermission
- System.Security.Permissions.ZoneIdentityPermissionAttribute
- System.Security.Policy.ApplicationTrust.ApplicationTrust(PermissionSet, IEnumerable<StrongName>)
- System.Security.Policy.ApplicationTrust.FullTrustAssemblies
- System.Security.Policy.FileCodeGroup
- System.Security.Policy.GacInstalled
- System.Security.Policy.IIdentityPermissionFactory
- System.Security.Policy.PolicyLevel.AddNamedPermissionSet(NamedPermissionSet)
- System.Security.Policy.PolicyLevel.ChangeNamedPermissionSet(String, PermissionSet)
- System.Security.Policy.PolicyLevel.GetNamedPermissionSet(String)
- System.Security.Policy.PolicyLevel.RemoveNamedPermissionSet
- System.Security.Policy.PolicyStatement.PermissionSet
- System.Security.Policy.PolicyStatement.PolicyStatement
- System.Security.Policy.Publisher
- System.Security.Policy.Site
- System.Security.Policy.StrongName
- System.Security.Policy.StrongNameMembershipCondition
- System.Security.Policy.Url
- System.Security.Policy.Zone
- System.Security.SecurityContext
- System.Security.SecurityManager
- System.ServiceProcess.ServiceControllerPermission
- System.ServiceProcess.ServiceControllerPermissionAttribute
- System.Threading.Thread.GetCompressedStack()
- System.Threading.Thread.SetCompressedStack(CompressedStack)
- System.Transactions.DistributedTransactionPermission
- System.Transactions.DistributedTransactionPermissionAttribute
- System.Web.AspNetHostingPermission
- System.Web.AspNetHostingPermissionAttribute
- System.Xaml.Permissions.XamlLoadPermission
因應措施
如果您要宣告任何安全性許可權,請移除宣告該許可權的屬性或呼叫。
// REMOVE the attribute below. [SecurityPermission(SecurityAction.Assert, ControlThread = true)] public void DoSomething() { } public void DoAssert() { // REMOVE the line below. new SecurityPermission(SecurityPermissionFlag.ControlThread).Assert(); }如果您透過
PermitOnly拒絕或限制任何許可權,請聯絡您的安全性顧問。 因為 .NET 5+ 運行時間不接受 CAS 屬性,所以如果應用程式不正確地依賴 CAS 基礎結構來限制對這些方法的存取,您的應用程式可能會有安全性漏洞。// REVIEW the attribute below; could indicate security vulnerability. [SecurityPermission(SecurityAction.Deny, ControlThread = true)] public void DoSomething() { } public void DoPermitOnly() { // REVIEW the line below; could indicate security vulnerability. new SecurityPermission(SecurityPermissionFlag.ControlThread).PermitOnly(); }如果您要求任何許可權(除了 PrincipalPermission),請移除要求。 所有要求在執行時都會成功。
// REMOVE the attribute below; it will always succeed. [SecurityPermission(SecurityAction.Demand, ControlThread = true)] public void DoSomething() { } public void DoDemand() { // REMOVE the line below; it will always succeed. new SecurityPermission(SecurityPermissionFlag.ControlThread).Demand(); }如果您需要 PrincipalPermission,請參閱有關 SYSLIB0002 的指引:PrincipalPermissionAttribute 已過時。 這個指導方針適用於 PrincipalPermission 和 PrincipalPermissionAttribute。
隱藏警告
如果您必須使用過時的 API,您可以在程式碼或專案檔中隱藏警告。
若要僅抑制單一違規,請將預處理器指示詞新增至來源檔案以停用,然後重新啟用警告。
// Disable the warning.
#pragma warning disable SYSLIB0003
// Code that uses obsolete API.
// ...
// Re-enable the warning.
#pragma warning restore SYSLIB0003
若要隱藏 SYSLIB0003 專案中的所有警告,請將屬性新增至 <NoWarn> 專案檔。
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
...
<NoWarn>$(NoWarn);SYSLIB0003</NoWarn>
</PropertyGroup>
</Project>
如需詳細資訊,請參閱隱藏警告。
