FileIOPermission FileIOPermission FileIOPermission FileIOPermission Class

定义

控制文件和文件夹的访问权限。Controls the ability to access files and folders. 此类不能被继承。This class cannot be inherited.

public ref class FileIOPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class FileIOPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
继承
属性
实现

示例

以下示例说明了使用的代码FileIOPermissionThe following examples illustrate code that uses FileIOPermission. 以下两行代码,该对象后f表示读取计算机的本地磁盘的客户端上的所有文件的权限。After the following two lines of code, the object f represents permission to read all files on the client computer's local disks. 然后,代码示例要求权限来确定应用程序是否有权读取的文件。The code example then demands the permission to determine whether the application has permission to read the files.

FileIOPermission^ f = gcnew FileIOPermission( PermissionState::None );
f->AllLocalFiles = FileIOPermissionAccess::Read;
try
{
 f->Demand();
}
catch (SecurityException^ s)
{
 Console::WriteLine(s->Message);
}
FileIOPermission f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
try
{
    f.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}

Dim f As New FileIOPermission(PermissionState.None)
f.AllLocalFiles = FileIOPermissionAccess.Read
Try
    f.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

以下两行代码,该对象后f2表示读取 C:\test_r 和读取并写入到 C:\example\out.txt 的权限。After the following two lines of code, the object f2 represents permissions to read C:\test_r and read and write to C:\example\out.txt. ReadWrite表示按前面所述的文件/文件夹权限。Read and Write represent the file/folder permissions as previously described. 在创建后的权限,该代码要求权限来确定应用程序是否具有读取和写入文件的权限。After creating the permission, the code demands the permission to determine whether the application has the right to read and write to the file.

FileIOPermission^ f2 = gcnew FileIOPermission( FileIOPermissionAccess::Read,"C:\\test_r" );
f2->AddPathList( (FileIOPermissionAccess) (FileIOPermissionAccess::Write | FileIOPermissionAccess::Read), "C:\\example\\out.txt" );
try
{
 f2->Demand();
}
catch (SecurityException^ s)
{
 Console::WriteLine(s->Message);
}
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\test_r");
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, "C:\\example\\out.txt");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f2 As New FileIOPermission(FileIOPermissionAccess.Read, "C:\test_r")
f2.AddPathList(FileIOPermissionAccess.Write Or FileIOPermissionAccess.Read, "C:\example\out.txt")
Try
    f2.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

注解

此权限可区分以下四种类型的文件 IO 访问提供的FileIOPermissionAccess:This permission distinguishes between the following four types of file IO access provided by FileIOPermissionAccess:

  • Read:对文件或访问文件,例如它的长度或上次修改时间有关的信息的内容读取访问。Read: Read access to the contents of the file or access to information about the file, such as its length or last modification time.

  • Write:写入到文件或更改的文件,如其名称信息的访问权限的内容的访问权限。Write: Write access to the contents of the file or access to change information about the file, such as its name. 此外可以删除和覆盖。Also allows for deletion and overwriting.

  • Append:要写入到文件仅末尾的功能。Append: Ability to write to the end of a file only. 无法读取。No ability to read.

  • PathDiscovery:对路径本身中的信息的访问。PathDiscovery: Access to the information in the path itself. 这有助于保护敏感信息在路径中,如用户名称,以及有关路径中显示的目录结构的信息。This helps protect sensitive information in the path, such as user names, as well as information about the directory structure that is revealed in the path. 此值不会授予对文件或文件夹路径所表示的访问。This value does not grant access to files or folders represented by the path.

备注

为提供Write对程序集的访问是类似于它授予完全信任。Giving Write access to an assembly is similar to granting it full trust. 如果应用程序不应写入到文件系统,它不应具有Write访问。If an application should not write to the file system, it should not have Write access.

所有这些权限是独立的这意味着一个权限并不意味着对另一个权限。All these permissions are independent, meaning that rights to one do not imply rights to another. 例如,Write权限不表示对权限ReadAppendFor example, Write permission does not imply permission to Read or Append. 如果需要多个权限,则它们可以组合使用位或运算,如下面的代码示例中所示。If more than one permission is desired, they can be combined using a bitwise OR as shown in the code example that follows. 根据规范的绝对路径; 定义的文件权限始终应使用规范的文件路径进行调用。File permission is defined in terms of canonical absolute paths; calls should always be made with canonical file paths.

FileIOPermission 介绍受保护的文件和文件夹上的操作。FileIOPermission describes protected operations on files and folders. File类可帮助提供对文件和文件夹的安全访问。The File class helps provide secure access to files and folders. 创建文件的句柄时执行的安全访问权限检查。The security access check is performed when the handle to the file is created. 通过执行操作可以在创建时检查,安全检查的性能影响降到最低。By doing the check at creation time, the performance impact of the security check is minimized. 打开一个文件发生一次,而读取和写入可能发生多次。Opening a file happens once, while reading and writing can happen multiple times. 一旦打开文件,无需再执行检查。Once the file is opened, no further checks are done. 如果该对象传递给不受信任调用方,它可能被误用。If the object is passed to an untrusted caller, it can be misused. 例如,文件句柄应不存储在具有较少权限的代码可以访问它们的公用全局静态对象。For example, file handles should not be stored in public global statics where code with less permission can access them.

FileIOPermissionAccess 指定可执行文件或文件夹的操作。FileIOPermissionAccess specifies actions that can be performed on the file or folder. 此外,可以使用位或运算来构成复杂实例组合这些操作。In addition, these actions can be combined using a bitwise OR to form complex instances.

文件夹的访问权限就意味着访问包含,以及对所有文件和文件夹及其子文件夹中的所有文件。Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. 例如, Read C:\folder1\ 访问意味着Read权 C:\folder1\file1.txt,C:\folder1\folder2\,C:\folder1\folder2\file2.txt,依次类推。For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

备注

在之前的.NET framework 版本.NET Framework 4.NET Framework 4,可以使用CodeAccessPermission.Deny方法,以防止对系统资源的意外访问受信任的代码。In versions of the .NET Framework before the .NET Framework 4.NET Framework 4, you could use the CodeAccessPermission.Deny method to prevent inadvertent access to system resources by trusted code. Deny 现已过时,并对资源的访问现在只能由授予的权限集的程序集来决定。Deny is now obsolete, and access to resources is now determined solely by the granted permission set for an assembly. 若要限制访问文件,必须运行沙盒中部分受信任的代码,并将它分配给代码可以访问的资源的权限。To limit access to files, you must run partially trusted code in a sandbox and assign it permissions only to resources that the code is allowed to access. 有关在沙盒中运行的应用程序的信息,请参阅如何:运行沙盒中部分受信任的代码中所述。For information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

构造函数

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String)

使用对指定文件或目录的指定访问权限和对文件控制信息的指定访问权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[])

使用对指定文件和目录的指定访问权限和对文件控制信息的指定访问权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String)

初始化对指定文件或目录具有指定访问权限的 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory.

FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[])

初始化对指定文件和目录具有指定访问权限的 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories.

FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState)

根据指定,使用完全受限制或不受限制的权限初始化 FileIOPermission 类的新实例。Initializes a new instance of the FileIOPermission class with fully restricted or unrestricted permission as specified.

属性

AllFiles AllFiles AllFiles AllFiles

获取或设置对所有文件的允许访问权限。Gets or sets the permitted access to all files.

AllLocalFiles AllLocalFiles AllLocalFiles AllLocalFiles

获取或设置对所有本地文件的允许访问权限。Gets or sets the permitted access to all local files.

方法

AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String)

将指定文件或目录的访问权限添加到现有的权限状态。Adds access for the specified file or directory to the existing state of the permission.

AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[])

将指定文件和目录的访问权限添加到现有的权限状态中。Adds access for the specified files and directories to the existing state of the permission.

Assert() Assert() Assert() Assert()

声明调用代码能够通过调用此方法的代码,访问受权限请求保护的资源,即使未对堆栈中处于较高位置的调用方授予访问该资源的权限。Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. 使用 Assert() 会引起安全问题。Using Assert() can create security issues.

(Inherited from CodeAccessPermission)
Copy() Copy() Copy() Copy()

创建并返回当前权限的相同副本。Creates and returns an identical copy of the current permission.

Demand() Demand() Demand() Demand()

如果未给调用堆栈中处于较高位置的所有调用方授予当前实例所指定的权限,则在运行时强制 SecurityExceptionForces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(Inherited from CodeAccessPermission)
Deny() Deny() Deny() Deny()

防止调用堆栈中处于较高位置的调用方通过调用此方法的代码来访问由当前实例指定的资源。Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(Inherited from CodeAccessPermission)
Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的 FileIOPermission 对象是否等于当前的 FileIOPermissionDetermines whether the specified FileIOPermission object is equal to the current FileIOPermission.

FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement)

从 XML 编码重新构造具有指定状态的权限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

获取 FileIOPermission 对象的哈希代码,此代码适合在哈希算法和数据结构(例如哈希表)中使用。Gets a hash code for the FileIOPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess)

使用指定的 FileIOPermissionAccess 权限获取所有文件和目录。Gets all files and directories with the specified FileIOPermissionAccess.

GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission) Intersect(IPermission) Intersect(IPermission) Intersect(IPermission)

创建并返回一个权限,该权限是当前权限与指定权限的交集。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission)

确定当前权限是否为指定权限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted() IsUnrestricted() IsUnrestricted() IsUnrestricted()

返回一个值,该值指示当前权限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
PermitOnly() PermitOnly() PermitOnly() PermitOnly()

防止调用堆栈中处于较高位置的调用方通过调用此方法的代码来访问除当前实例指定的资源外的所有资源。Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(Inherited from CodeAccessPermission)
SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String)

设置指定文件或目录的特定访问权限,以替换现有的权限状态。Sets the specified access to the specified file or directory, replacing the existing state of the permission.

SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[])

设置对指定文件和目录的指定访问权限,同时用一组新路径替换指定访问权限的当前状态。Sets the specified access to the specified files and directories, replacing the current state for the specified access with the new set of paths.

ToString() ToString() ToString() ToString()

创建并返回当前权限对象的字符串表示形式。Creates and returns a string representation of the current permission object.

(Inherited from CodeAccessPermission)
ToXml() ToXml() ToXml() ToXml()

创建权限及其当前状态的 XML 编码。Creates an XML encoding of the permission and its current state.

Union(IPermission) Union(IPermission) Union(IPermission) Union(IPermission)

创建一个权限,该权限是当前权限与指定权限的并集。Creates a permission that is the union of the current permission and the specified permission.

显式界面实现

IPermission.Demand() IPermission.Demand() IPermission.Demand() IPermission.Demand() Inherited from CodeAccessPermission
IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() Inherited from CodeAccessPermission
IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() Inherited from CodeAccessPermission
IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() Inherited from CodeAccessPermission
IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() Inherited from CodeAccessPermission

适用于

另请参阅