FileIOPermission FileIOPermission FileIOPermission FileIOPermission Class

定义

控制文件和文件夹的访问权限。Controls the ability to access files and folders. 此类不能被继承。This class cannot be inherited.

public ref class FileIOPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class FileIOPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
继承
属性
实现

示例

下面的示例演示使用FileIOPermission的代码。The following examples illustrate code that uses FileIOPermission. 在以下两行代码之后,对象f表示读取客户端计算机本地磁盘上的所有文件的权限。After the following two lines of code, the object f represents permission to read all files on the client computer's local disks. 然后,该代码示例要求权限来确定应用程序是否有权读取文件。The code example then demands the permission to determine whether the application has permission to read the files.

FileIOPermission^ f = gcnew FileIOPermission( PermissionState::None );
f->AllLocalFiles = FileIOPermissionAccess::Read;
try
{
    f->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
try
{
    f.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}

Dim f As New FileIOPermission(PermissionState.None)
f.AllLocalFiles = FileIOPermissionAccess.Read
Try
    f.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

在以下两行代码之后,对象f2表示读取 C:\test_r 和读取和写入 C:\example\out.txt. 的权限。After the following two lines of code, the object f2 represents permissions to read C:\test_r and read and write to C:\example\out.txt. ReadWrite表示前面所述的文件/文件夹权限。Read and Write represent the file/folder permissions as previously described. 创建权限后,代码需要权限来确定应用程序是否具有读取和写入文件的权限。After creating the permission, the code demands the permission to determine whether the application has the right to read and write to the file.

FileIOPermission^ f2 = gcnew FileIOPermission( FileIOPermissionAccess::Read,"C:\\test_r" );
f2->AddPathList( (FileIOPermissionAccess) (FileIOPermissionAccess::Write | FileIOPermissionAccess::Read), "C:\\example\\out.txt" );
try
{
    f2->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\test_r");
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, "C:\\example\\out.txt");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f2 As New FileIOPermission(FileIOPermissionAccess.Read, "C:\test_r")
f2.AddPathList(FileIOPermissionAccess.Write Or FileIOPermissionAccess.Read, "C:\example\out.txt")
Try
    f2.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

注解

此权限可区分提供FileIOPermissionAccess的以下四种文件 IO 访问类型:This permission distinguishes between the following four types of file IO access provided by FileIOPermissionAccess:

  • Read:读取对文件内容的访问权限或访问有关文件的信息,如其长度或上次修改时间。Read: Read access to the contents of the file or access to information about the file, such as its length or last modification time.

  • Write:写入对文件内容的访问权限,或访问以更改有关文件的信息,如文件的名称。Write: Write access to the contents of the file or access to change information about the file, such as its name. 还允许删除和覆盖。Also allows for deletion and overwriting.

  • Append:只能写入文件尾。Append: Ability to write to the end of a file only. 不能读取。No ability to read.

  • PathDiscovery:访问路径本身中的信息。PathDiscovery: Access to the information in the path itself. 这有助于保护路径中的敏感信息,例如用户名,以及有关路径中显示的目录结构的信息。This helps protect sensitive information in the path, such as user names, as well as information about the directory structure that is revealed in the path. 此值不授予对路径所指代的文件或文件夹的访问权限。This value does not grant access to files or folders represented by the path.

备注

授予对程序集的访问权限类似于向其授予完全信任。WriteGiving Write access to an assembly is similar to granting it full trust. 如果应用程序不应写入文件系统,则它不应具有Write访问权限。If an application should not write to the file system, it should not have Write access.

所有这些权限都是独立的,这意味着对某个权限的权限不表示对另一个权限的权限。All these permissions are independent, meaning that rights to one do not imply rights to another. 例如, Write权限不表示对ReadAppend的权限。For example, Write permission does not imply permission to Read or Append. 如果需要多个权限,可以使用按位 "或" 将其组合起来,如下面的代码示例中所示。If more than one permission is desired, they can be combined using a bitwise OR as shown in the code example that follows. 文件权限根据规范绝对路径进行定义;应始终通过规范文件路径发出调用。File permission is defined in terms of canonical absolute paths; calls should always be made with canonical file paths.

FileIOPermission描述对文件和文件夹的受保护操作。FileIOPermission describes protected operations on files and folders. File类可帮助提供对文件和文件夹的安全访问。The File class helps provide secure access to files and folders. 当创建文件的句柄时,将执行安全访问检查。The security access check is performed when the handle to the file is created. 通过在创建时进行检查,最小化安全检查对性能的影响。By doing the check at creation time, the performance impact of the security check is minimized. 打开文件只发生一次,而读取和写入可以发生多次。Opening a file happens once, while reading and writing can happen multiple times. 打开该文件后,不进行进一步检查。Once the file is opened, no further checks are done. 如果对象被传递给不受信任的调用方,则可能会被误用。If the object is passed to an untrusted caller, it can be misused. 例如,文件句柄不应存储在公共全局静态静态位置,而具有较少权限的代码可以访问这些静态静态。For example, file handles should not be stored in public global statics where code with less permission can access them.

FileIOPermissionAccess指定可对文件或文件夹执行的操作。FileIOPermissionAccess specifies actions that can be performed on the file or folder. 此外,可以使用按位 "或" 构成复杂的实例来合并这些操作。In addition, these actions can be combined using a bitwise OR to form complex instances.

对文件夹的访问权限意味着可以访问其包含的所有文件,以及访问其子文件夹中的所有文件和文件夹。Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. 例如, Read访问 C:\folder1\ 意味着Read访问 C:\folder1\file1.txt、C:\folder1\folder2\、C:\folder1\folder2\file2.txt 等。For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

备注

在之前.NET Framework 4.NET Framework 4.NET Framework 版本中,你可以CodeAccessPermission.Deny使用方法来防止无意中通过受信任代码访问系统资源。In versions of the .NET Framework before the .NET Framework 4.NET Framework 4, you could use the CodeAccessPermission.Deny method to prevent inadvertent access to system resources by trusted code. Deny现已过时,并且现在仅由为程序集授予的权限集确定对资源的访问权限。Deny is now obsolete, and access to resources is now determined solely by the granted permission set for an assembly. 若要限制对文件的访问,必须在沙盒中运行部分受信任的代码,并仅向该代码允许访问的资源分配权限。To limit access to files, you must run partially trusted code in a sandbox and assign it permissions only to resources that the code is allowed to access. 有关在沙盒中运行应用程序的信息,请参阅如何:运行沙盒中部分受信任的代码中所述。For information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

构造函数

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String)

使用对指定文件或目录的指定访问权限和对文件控制信息的指定访问权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[])

使用对指定文件和目录的指定访问权限和对文件控制信息的指定访问权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String)

初始化对指定文件或目录具有指定访问权限的 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory.

FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[])

初始化对指定文件和目录具有指定访问权限的 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories.

FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState)

根据指定,使用完全受限制或不受限制的权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with fully restricted or unrestricted permission as specified.

属性

AllFiles AllFiles AllFiles AllFiles

获取或设置对所有文件的允许访问权限。Gets or sets the permitted access to all files.

AllLocalFiles AllLocalFiles AllLocalFiles AllLocalFiles

获取或设置对所有本地文件的允许访问权限。Gets or sets the permitted access to all local files.

方法

AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String)

将指定文件或目录的访问权限添加到现有的权限状态。Adds access for the specified file or directory to the existing state of the permission.

AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[])

将指定文件和目录的访问权限添加到现有的权限状态中。Adds access for the specified files and directories to the existing state of the permission.

Assert() Assert() Assert() Assert()

声明调用代码能够通过调用此方法的代码,访问受权限请求保护的资源,即使未对堆栈中处于较高位置的调用方授予访问该资源的权限。Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. 使用 Assert() 会引起安全问题。Using Assert() can create security issues.

(Inherited from CodeAccessPermission)
Copy() Copy() Copy() Copy()

创建并返回当前权限的相同副本。Creates and returns an identical copy of the current permission.

Demand() Demand() Demand() Demand()

如果未给调用堆栈中处于较高位置的所有调用方授予当前实例所指定的权限,则在运行时强制 SecurityExceptionForces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(Inherited from CodeAccessPermission)
Deny() Deny() Deny() Deny()

防止调用堆栈中处于较高位置的调用方通过调用此方法的代码来访问由当前实例指定的资源。Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(Inherited from CodeAccessPermission)
Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的 FileIOPermission 对象是否等于当前的 FileIOPermissionDetermines whether the specified FileIOPermission object is equal to the current FileIOPermission.

FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement)

从 XML 编码重新构造具有指定状态的权限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

获取 FileIOPermission 对象的哈希代码,此代码适合在哈希算法和数据结构(例如哈希表)中使用。Gets a hash code for the FileIOPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess)

使用指定的 FileIOPermissionAccess 权限获取所有文件和目录。Gets all files and directories with the specified FileIOPermissionAccess.

GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission) Intersect(IPermission) Intersect(IPermission) Intersect(IPermission)

创建并返回一个权限,该权限是当前权限与指定权限的交集。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission)

确定当前权限是否为指定权限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted() IsUnrestricted() IsUnrestricted() IsUnrestricted()

返回一个值,该值指示当前权限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
PermitOnly() PermitOnly() PermitOnly() PermitOnly()

防止调用堆栈中处于较高位置的调用方通过调用此方法的代码来访问除当前实例指定的资源外的所有资源。Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(Inherited from CodeAccessPermission)
SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String)

设置指定文件或目录的特定访问权限,以替换现有的权限状态。Sets the specified access to the specified file or directory, replacing the existing state of the permission.

SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[])

设置对指定文件和目录的指定访问权限,同时用一组新路径替换指定访问权限的当前状态。Sets the specified access to the specified files and directories, replacing the current state for the specified access with the new set of paths.

ToString() ToString() ToString() ToString()

创建并返回当前权限对象的字符串表示形式。Creates and returns a string representation of the current permission object.

(Inherited from CodeAccessPermission)
ToXml() ToXml() ToXml() ToXml()

创建权限及其当前状态的 XML 编码。Creates an XML encoding of the permission and its current state.

Union(IPermission) Union(IPermission) Union(IPermission) Union(IPermission)

创建一个权限,该权限是当前权限与指定权限的并集。Creates a permission that is the union of the current permission and the specified permission.

显式界面实现

IPermission.Demand() IPermission.Demand() IPermission.Demand() IPermission.Demand() Inherited from CodeAccessPermission
IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() Inherited from CodeAccessPermission
IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() Inherited from CodeAccessPermission
IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() Inherited from CodeAccessPermission
IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() Inherited from CodeAccessPermission

适用于

另请参阅