HostSecurityManager クラス

定義

アプリケーション ドメインのセキュリティ動作の制御およびカスタマイズを実行できるようにします。Allows the control and customization of security behavior for application domains.

public ref class HostSecurityManager
[System.Runtime.InteropServices.ComVisible(true)]
[System.Security.SecurityCritical]
[System.Serializable]
public class HostSecurityManager
type HostSecurityManager = class
Public Class HostSecurityManager
継承
HostSecurityManager
属性

次の例は、HostSecurityManagerの非常に単純な実装を示しています。The following example shows a very simple implementation of a HostSecurityManager.

// To replace the default security manager with MySecurityManager, add the 
// assembly to the GAC and call MySecurityManager in the
// custom implementation of the AppDomainManager.

using System;
using System.Collections;
using System.Net;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Security.Principal;
using System.Threading;
using System.Runtime.InteropServices;
using System.Runtime.Hosting;

[assembly: System.Security.AllowPartiallyTrustedCallersAttribute()]
namespace MyNamespace
{
    [Serializable()]
    [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.Infrastructure)]
    public class MySecurityManager : HostSecurityManager
    {
        public MySecurityManager()
        {
            Console.WriteLine(" Creating MySecurityManager.");
        }

        private HostSecurityManagerOptions hostFlags = HostSecurityManagerOptions.HostDetermineApplicationTrust |
                                                   HostSecurityManagerOptions.HostAssemblyEvidence;
        public override HostSecurityManagerOptions Flags
        {
            get
            {
                return hostFlags;
            }
        }

        public override Evidence ProvideAssemblyEvidence(Assembly loadedAssembly, Evidence evidence)
        {
            Console.WriteLine("Provide assembly evidence for: " + (loadedAssembly == null ? "Unknown" : loadedAssembly.ToString()) + ".");
            if (evidence == null)
                return null;

            evidence.AddAssemblyEvidence(new CustomEvidenceType());
            return evidence;
        }
        public override Evidence ProvideAppDomainEvidence(Evidence evidence)
        {
            Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.");
            if (evidence == null)
                return null;

            evidence.AddHostEvidence(new CustomEvidenceType());
            return evidence;
        }

        [SecurityPermissionAttribute(SecurityAction.Demand, Execution = true)]
        [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted = true)]
        public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
        {
            if (applicationEvidence == null)
                throw new ArgumentNullException("applicationEvidence");

            // Get the activation context from the application evidence.
            // This HostSecurityManager does not examine the activator evidence
            // nor is it concerned with the TrustManagerContext;
            // it simply grants the requested grant in the application manifest.

            IEnumerator enumerator = applicationEvidence.GetHostEnumerator();
            ActivationArguments activationArgs = null;
            while (enumerator.MoveNext())
            {
                activationArgs = enumerator.Current as ActivationArguments;
                if (activationArgs != null)
                    break;
            }

            if (activationArgs == null)
                return null;

            ActivationContext activationContext = activationArgs.ActivationContext;
            if (activationContext == null)
                return null;

            ApplicationTrust trust = new ApplicationTrust(activationContext.Identity);
            ApplicationSecurityInfo asi = new ApplicationSecurityInfo(activationContext);
            trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
            trust.IsApplicationTrustedToRun = true;
            return trust;
        }
    }
    [Serializable()]
    public class CustomEvidenceType : EvidenceBase
    {
        public CustomEvidenceType() { }

        public override string ToString()
        {
            return "CustomEvidenceType";
        }
    }
}
' To replace the default security manager with MySecurityManager, add the 
' assembly to the GAC and call MySecurityManager in the
' custom implementation of the AppDomainManager.
Imports System.Collections
Imports System.Net
Imports System.Reflection
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Security.Principal
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.Runtime.Hosting



<Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()> 

<Serializable(), SecurityPermissionAttribute(SecurityAction.Demand, Flags:=SecurityPermissionFlag.Infrastructure)> _
Public Class MySecurityManager
    Inherits HostSecurityManager

    Public Sub New()
        Console.WriteLine(" Creating MySecurityManager.")

    End Sub


    Private hostFlags As HostSecurityManagerOptions = HostSecurityManagerOptions.HostDetermineApplicationTrust Or HostSecurityManagerOptions.HostAssemblyEvidence

    Public Overrides ReadOnly Property Flags() As HostSecurityManagerOptions
        Get
            Return hostFlags
        End Get
    End Property

    Public Overrides Function ProvideAssemblyEvidence(ByVal loadedAssembly As [Assembly], ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide assembly evidence for: " + IIf(loadedAssembly Is Nothing, "Unknown", loadedAssembly.ToString()) + ".") 'TODO: For performance reasons this should be changed to nested IF statements
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddAssemblyEvidence(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAssemblyEvidence

    Public Overrides Function ProvideAppDomainEvidence(ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.")
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddHostEvidence(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAppDomainEvidence

    <SecurityPermissionAttribute(SecurityAction.Demand, Execution:=True), SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted:=True)> _
    Public Overrides Function DetermineApplicationTrust(ByVal applicationEvidence As Evidence, ByVal activatorEvidence As Evidence, ByVal context As TrustManagerContext) As ApplicationTrust
        If applicationEvidence Is Nothing Then
            Throw New ArgumentNullException("applicationEvidence")
        End If
        ' Get the activation context from the application evidence.
        ' This HostSecurityManager does not examine the activator evidence
        ' nor is it concerned with the TrustManagerContext;
        ' it simply grants the requested grant in the application manifest.
        Dim enumerator As IEnumerator = applicationEvidence.GetHostEnumerator()
        Dim activationArgs As ActivationArguments = Nothing
        While enumerator.MoveNext()
            activationArgs = enumerator.Current '
            If Not (activationArgs Is Nothing) Then
                Exit While
            End If
        End While
        If activationArgs Is Nothing Then
            Return Nothing
        End If
        Dim activationContext As ActivationContext = activationArgs.ActivationContext
        If activationContext Is Nothing Then
            Return Nothing
        End If
        Dim trust As New ApplicationTrust(activationContext.Identity)
        Dim asi As New ApplicationSecurityInfo(activationContext)
        trust.DefaultGrantSet = New PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing)
        trust.IsApplicationTrustedToRun = True
        Return trust

    End Function 'DetermineApplicationTrust
End Class
<Serializable()> _
Public Class CustomEvidenceType
    Inherits EvidenceBase

    Public Sub New()

    End Sub

    Public Overrides Function ToString() As String
        Return "CustomEvidenceType"

    End Function 'ToString
End Class

注釈

新しい AppDomainを作成すると、共通言語ランタイムが AppDomainManager に対してクエリを実行し、HostSecurityManagerが存在することを確認します。これは、AppDomainのセキュリティ上の決定に関与します。When you create a new AppDomain, the common language runtime queries the AppDomainManager for the presence of a HostSecurityManager, which participates in making security decisions for the AppDomain. ホストプロバイダーは、HostSecurityManager クラスを継承するホストセキュリティマネージャーを実装する必要があります。Host providers should implement a host security manager that inherits from the HostSecurityManager class.

注意 (継承者)

HostSecurityManager の一部のメンバーは、アセンブリが暗黙的または明示的に読み込まれるたびに呼び出されます。Some members of a HostSecurityManager are called whenever an assembly is loaded, either implicitly or explicitly. ProvideAssemblyEvidence(Assembly, Evidence) メソッドと ProvideAppDomainEvidence(Evidence) メソッドでは、アセンブリを読み込むことはできません。これにより、HostSecurityManager のメンバーが再帰的に呼び出されます。The ProvideAssemblyEvidence(Assembly, Evidence) and ProvideAppDomainEvidence(Evidence) methods must not load any assemblies, because doing so will result in the members of the HostSecurityManager being recursively called. 循環参照を回避するには、クラスの新しいインスタンスを作成して、HostSecurityManagerから派生したクラスのコンストラクターにアセンブリが暗黙的または明示的に読み込まれるようにする必要があります。To avoid circular references, you should create new instances of classes that can cause assemblies to be loaded, either implicitly or explicitly, in the constructor of a class that derives from HostSecurityManager.

コンストラクター

HostSecurityManager()

HostSecurityManager クラスの新しいインスタンスを初期化します。Initializes a new instance of the HostSecurityManager class.

プロパティ

DomainPolicy

派生クラスでオーバーライドされると、現在のアプリケーション ドメインのセキュリティ ポリシーを取得します。When overridden in a derived class, gets the security policy for the current application domain.

Flags

ホストにとって重要なセキュリティ ポリシー コンポーネントを表すフラグを取得します。Gets the flag representing the security policy components of concern to the host.

メソッド

DetermineApplicationTrust(Evidence, Evidence, TrustManagerContext)

アプリケーションを実行するかどうかを決定します。Determines whether an application should be executed.

Equals(Object)

指定されたオブジェクトが現在のオブジェクトと等しいかどうかを判定します。Determines whether the specified object is equal to the current object.

(継承元 Object)
GenerateAppDomainEvidence(Type)

アプリケーション ドメインの特定の証拠型を要求します。Requests a specific evidence type for the application domain.

GenerateAssemblyEvidence(Type, Assembly)

アセンブリの特定の証拠型を要求します。Requests a specific evidence type for the assembly.

GetHashCode()

既定のハッシュ関数として機能します。Serves as the default hash function.

(継承元 Object)
GetHostSuppliedAppDomainEvidenceTypes()

要求された場合に、アプリケーション ドメインに対してホストが提供できる証拠の型を決定します。Determines which evidence types the host can supply for the application domain, if requested.

GetHostSuppliedAssemblyEvidenceTypes(Assembly)

要求された場合に、アセンブリに対してホストが提供できる証拠の型を決定します。Determines which evidence types the host can supply for the assembly, if requested.

GetType()

現在のインスタンスの Type を取得します。Gets the Type of the current instance.

(継承元 Object)
MemberwiseClone()

現在の Object の簡易コピーを作成します。Creates a shallow copy of the current Object.

(継承元 Object)
ProvideAppDomainEvidence(Evidence)

読み込まれるアセンブリに対するアプリケーション ドメインの証拠を提供します。Provides the application domain evidence for an assembly being loaded.

ProvideAssemblyEvidence(Assembly, Evidence)

読み込まれるアセンブリに対するアセンブリの証拠を提供します。Provides the assembly evidence for an assembly being loaded.

ResolvePolicy(Evidence)

指定された証拠に基づいて、コードに与えるアクセス許可を決定します。Determines what permissions to grant to code based on the specified evidence.

ToString()

現在のオブジェクトを表す string を返します。Returns a string that represents the current object.

(継承元 Object)

セキュリティ

SecurityCriticalAttribute
直前の呼び出し元に完全信頼が必要です。requires full trust for the immediate caller. このクラスは、部分的に信頼されているコードまたは透過的なコードでは使用できません。This class cannot be used by partially trusted or transparent code.

InheritanceDemand
継承者に対する完全な信頼の場合。for full trust for inheritors. このクラスを、部分的に信頼されているコードが継承することはできません。This class cannot be inherited by partially trusted code.

適用対象