RegistryAccessRule 类
定义
表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.
public ref class RegistryAccessRule sealed : System::Security::AccessControl::AccessRule
public sealed class RegistryAccessRule : System.Security.AccessControl.AccessRule
[System.Security.SecurityCritical]
public sealed class RegistryAccessRule : System.Security.AccessControl.AccessRule
type RegistryAccessRule = class
inherit AccessRule
[<System.Security.SecurityCritical>]
type RegistryAccessRule = class
inherit AccessRule
Public NotInheritable Class RegistryAccessRule
Inherits AccessRule
- 继承
- 属性
示例
下面的代码示例演示使用继承和传播的访问规则。The following code example demonstrates access rules with inheritance and propagation. 该示例创建一个 RegistrySecurity 对象,然后创建并添加两个具有标志的规则 ContainerInherit 。The example creates a RegistrySecurity object, then creates and adds two rules that have the ContainerInherit flag. 第一个规则没有传播标志,而第二条具有 NoPropagateInherit 和 InheritOnly 。The first rule has no propagation flags, while the second has NoPropagateInherit and InheritOnly.
该程序将在对象中显示规则 RegistrySecurity ,然后使用对象创建子项。The program displays the rules in the RegistrySecurity object, and then uses the object to create a subkey. 该程序创建一个子子项和一个孙级子项,然后显示每个子项的安全性。The program creates a child subkey and a grandchild subkey, and then displays the security for each subkey. 最后,程序删除测试密钥。Finally, the program deletes the test keys.
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
const string TestKey = "TestKey3927";
RegistryKey cu = Registry.CurrentUser;
string user = Environment.UserDomainName +
"\\" + Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow
);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly |
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create the test key using the security object.
//
RegistryKey rk = cu.CreateSubKey(TestKey,
RegistryKeyPermissionCheck.ReadWriteSubTree, mSec);
// Create a child subkey and a grandchild subkey,
// without security.
RegistryKey rkChild = rk.CreateSubKey("ChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
RegistryKey rkGrandChild =
rkChild.CreateSubKey("GrandChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
Show(rk);
Show(rkChild);
Show(rkGrandChild);
rkGrandChild.Close();
rkChild.Close();
rk.Close();
cu.DeleteSubKeyTree(TestKey);
}
private static void Show(RegistryKey rk)
{
Console.WriteLine(rk.Name);
ShowSecurity(rk.GetAccessControl());
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927\ChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: None
Propagation: None
Inherited? True
HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Const TestKey As String = "TestKey3927"
Dim cu As RegistryKey = Registry.CurrentUser
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create the test key using the security object.
'
Dim rk As RegistryKey = cu.CreateSubKey(TestKey, _
RegistryKeyPermissionCheck.ReadWriteSubTree, _
mSec)
' Create a child subkey and a grandchild subkey,
' without security.
Dim rkChild As RegistryKey= rk.CreateSubKey("ChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Dim rkGrandChild As RegistryKey = _
rkChild.CreateSubKey("GrandChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Show(rk)
Show(rkChild)
Show(rkGrandChild)
rkGrandChild.Close()
rkChild.Close()
rk.Close()
cu.DeleteSubKeyTree(TestKey)
End Sub
Private Shared Sub Show(ByVal rk As RegistryKey)
Console.WriteLine(rk.Name)
ShowSecurity(rk.GetAccessControl())
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: None
' Propagation: None
' Inherited? True
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
注解
RegistryAccessRule类是 .NET Framework 提供的一组类中的一组,用于管理注册表项的 Windows 访问控制安全性。The RegistryAccessRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. 有关这些类的概述及其与基础 Windows 访问控制结构的关系,请参阅 RegistrySecurity 。For an overview of these classes, and their relationship to the underlying Windows access control structures, see RegistrySecurity.
备注
Windows 访问控制安全性只能应用于注册表项。Windows access control security can only be applied to registry keys. 它不能应用于存储在键中的各个键/值对。It cannot be applied to individual key/value pairs stored in a key.
若要获取当前应用于注册表项的规则列表,请使用 RegistryKey.GetAccessControl 方法获取 RegistrySecurity 对象,然后使用其 GetAccessRules 方法来获取对象的集合 RegistryAccessRule 。To get a list of the rules currently applied to a registry key, use the RegistryKey.GetAccessControl method to get a RegistrySecurity object, and then use its GetAccessRules method to obtain a collection of RegistryAccessRule objects.
RegistryAccessRule 对象不会将一对一映射到基本自由控制访问列表中的访问控制项 (DACL) 。RegistryAccessRule objects do not map one-to-one with access control entries in the underlying discretionary control access list (DACL). 获取注册表项的所有访问规则集时,该集包含当前用于表示所有访问控制项所需的最小规则数。When you get the set of all access rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.
备注
在应用和删除规则时,基础访问控制项会更改。The underlying access control entries change as you apply and remove rules. 如果可能,将合并规则中的信息以保持最小数量的访问控制项。The information in rules is merged if possible, to maintain the smallest number of access control entries. 因此,当您阅读当前的规则列表时,它可能看起来与您添加的所有规则的列表并不完全相同。Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.
使用 RegistryAccessRule 对象指定对用户或组允许或拒绝的访问权限。Use RegistryAccessRule objects to specify access rights to allow or deny to a user or group. RegistryAccessRule对象始终表示允许的访问权限或拒绝访问,这两种方法都不会。A RegistryAccessRule object always represents either allowed access or denied access, never both.
若要将规则应用于注册表项,请使用 RegistryKey.GetAccessControl 方法来获取 RegistrySecurity 对象。To apply a rule to a registry key, use the RegistryKey.GetAccessControl method to get the RegistrySecurity object. RegistrySecurity通过使用对象的方法添加规则来修改对象,然后使用 RegistryKey.SetAccessControl 方法重新附加安全对象。Modify the RegistrySecurity object by using its methods to add the rule, and then use the RegistryKey.SetAccessControl method to reattach the security object.
重要
对对象所做 RegistrySecurity 的更改不会影响注册表项的访问级别,直到调用方法将已 RegistryKey.SetAccessControl 更改的安全对象分配给注册表项。Changes you make to a RegistrySecurity object do not affect the access levels of the registry key until you call the RegistryKey.SetAccessControl method to assign the altered security object to the registry key.
RegistryAccessRule 对象是不可变的。RegistryAccessRule objects are immutable. 使用类的方法来修改注册表项的安全性, RegistrySecurity 以添加或删除规则; 执行此操作时,将修改基础访问控制项。Security for a registry key is modified using the methods of the RegistrySecurity class to add or remove rules; as you do this, the underlying access control entries are modified.
构造函数
| RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定此规则应用到的用户或组、访问权限以及是否允许或拒绝指定的访问权限。Initializes a new instance of the RegistryAccessRule class, specifying the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied. |
| RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定此规则应用到的用户或组、访问权限、传播标志以及是否允许或拒绝指定的访问权限。Initializes a new instance of the RegistryAccessRule class, specifying the user or group the rule applies to, the access rights, the inheritance flags, the propagation flags, and whether the specified access rights are allowed or denied. |
| RegistryAccessRule(String, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定应用此规则的用户或组的名称、访问权限以及是否允许或拒绝指定的访问权限。Initializes a new instance of the RegistryAccessRule class, specifying the name of the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied. |
| RegistryAccessRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定应用此规则的用户或组的名称、访问权限、传播标志以及是否允许或拒绝指定的访问权限。Initializes a new instance of the RegistryAccessRule class, specifying the name of the user or group the rule applies to, the access rights, the inheritance flags, the propagation flags, and whether the specified access rights are allowed or denied. |
属性
| AccessControlType |
获取与此 AccessControlType 对象关联的 AccessRule 对象。Gets the AccessControlType value associated with this AccessRule object. (继承自 AccessRule) |
| AccessMask |
获取此规则的访问掩码。Gets the access mask for this rule. (继承自 AuthorizationRule) |
| IdentityReference |
获取对其应用此规则的 IdentityReference。Gets the IdentityReference to which this rule applies. (继承自 AuthorizationRule) |
| InheritanceFlags |
获取用于确定子对象如何继承此规则的标志的值。Gets the value of flags that determine how this rule is inherited by child objects. (继承自 AuthorizationRule) |
| IsInherited |
获取一个值,该值指示此规则是否为显式设置或继承自父级容器对象。Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object. (继承自 AuthorizationRule) |
| PropagationFlags |
获取传播标志的值,该值确定如何将此规则的继承传播到子对象。Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. 仅当 InheritanceFlags 枚举的值不为 None 时,此属性才有意义。This property is significant only when the value of the InheritanceFlags enumeration is not None. (继承自 AuthorizationRule) |
| RegistryRights |
获取访问规则允许或拒绝的权限。Gets the rights allowed or denied by the access rule. |
方法
| Equals(Object) |
确定指定对象是否等于当前对象。Determines whether the specified object is equal to the current object. (继承自 Object) |
| GetHashCode() |
作为默认哈希函数。Serves as the default hash function. (继承自 Object) |
| GetType() |
获取当前实例的 Type。Gets the Type of the current instance. (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。Creates a shallow copy of the current Object. (继承自 Object) |
| ToString() |
返回表示当前对象的字符串。Returns a string that represents the current object. (继承自 Object) |