PrincipalPermission PrincipalPermission PrincipalPermission PrincipalPermission Class

定义

允许使用为声明性和命令性安全操作定义的语言构造对活动主体执行检查(请参阅 IPrincipal)。Allows checks against the active principal (see IPrincipal) using the language constructs defined for both declarative and imperative security actions. 此类不能被继承。This class cannot be inherited.

public ref class PrincipalPermission sealed : System::Security::IPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class PrincipalPermission : System.Security.IPermission, System.Security.Permissions.IUnrestrictedPermission
type PrincipalPermission = class
    interface IPermission
    interface IUnrestrictedPermission
    interface ISecurityEncodable
Public NotInheritable Class PrincipalPermission
Implements IPermission, IUnrestrictedPermission
继承
PrincipalPermissionPrincipalPermissionPrincipalPermissionPrincipalPermission
属性
实现

示例

下面的示例要求活动主体是管理员。The following example requires the active principal to be an administrator. name参数是null,这样只要用户是管理员才能满足该要求。The name parameter is null, which enables any user who is an administrator to pass the demand.

备注

在 Windows Vista 中,用户帐户控制 (UAC) 决定用户的特权。In Windows Vista, User Account Control (UAC) determines the privileges of a user. 如果您是内置的 Administrators 组的成员,将为您分配两个运行时访问令牌:一个标准用户访问令牌和一个管理员访问令牌。If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. 默认情况下,您拥有标准用户角色。By default, you are in the standard user role. 要执行需要管理员身份的代码,必须首先将你的特权从标准用户提升至管理员。To execute the code that requires you to be an administrator, you must first elevate your privileges from standard user to administrator. 你可以通过以下方式执行此操作:右键单击应用程序图标并指示需以管理员身份运行。You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Security::Policy;
using namespace System::Security::Principal;

int main(array<System::String ^> ^args)
{
	System::String^ null;
	AppDomain::CurrentDomain->SetPrincipalPolicy(PrincipalPolicy::WindowsPrincipal);
	PrincipalPermission^ principalPerm = gcnew PrincipalPermission(null, "Administrators" );
      principalPerm->Demand();
	  Console::WriteLine("Demand succeeded");
    return 0;
}
using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{

    public static void Main()
    {
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
        principalPerm.Demand();
        Console.WriteLine("Demand succeeded.");
    }
}
Imports System
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal



Class SecurityPrincipalDemo


    Public Shared Sub Main()
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
        Dim principalPerm As New PrincipalPermission(Nothing, "Administrators")
        principalPerm.Demand()
        Console.WriteLine("Demand succeeded.")

    End Sub 'Main
End Class 'SecurityPrincipalDemo

注解

通过将标识信息 (用户名和角色) 传递给构造函数中,PrincipalPermission可用于要求活动主体的标识匹配此信息。By passing identity information (user name and role) to the constructor, PrincipalPermission can be used to demand that the identity of the active principal matches this information.

若要匹配活动IPrincipal和关联IIdentity,必须匹配指定的标识和角色。To match the active IPrincipal and associated IIdentity, both the specified identity and role must match. 如果null标识字符串,它被解释为匹配任何标识的请求。If null identity string is used, it is interpreted as a request to match any identity. 使用null角色字符串将匹配任何角色。Use of null role string will match any role. 通过暗示、 传递null参数namerolePrincipalPermission将匹配的标识和角色中任何IPrincipalBy implication, passing null parameter for name or role to PrincipalPermission will match the identity and roles in any IPrincipal. 还有可能构造PrincipalPermission,它仅确定是否IIdentity表示已经过身份验证或未经身份验证实体。It is also possible to construct a PrincipalPermission that only determines whether the IIdentity represents an authenticated or unauthenticated entity. 在这种情况下,namerole将被忽略。In this case, name and role are ignored.

与大多数其他权限,不同PrincipalPermission不会扩展CodeAccessPermissionUnlike most other permissions, PrincipalPermission does not extend CodeAccessPermission. 它,但是,实现IPermission接口。It does, however, implement the IPermission interface. 这是因为PrincipalPermission不是代码访问权限; 也就是说,它未被授予基于执行的程序集标识。This is because PrincipalPermission is not a code access permission; that is, it is not granted based on the identity of the executing assembly. 相反,它允许代码执行的操作 (DemandUnionIntersect,依此类推) 的代码访问权限和代码标识权限执行这些操作时针对当前用户标识的方式一致的方式。Instead, it allows code to perform actions (Demand, Union, Intersect, and so on) against the current user identity in a manner consistent with the way those actions are performed for code access and code identity permissions.

重要

在要求主体权限之前它是必须将当前应用程序域的主体的策略设置为枚举值WindowsPrincipalPrior to a demand for principal permission it is necessary to set the current application domain's principal policy to the enumeration value WindowsPrincipal. 默认情况下,主体的策略设置为UnauthenticatedPrincipalBy default, the principal policy is set to UnauthenticatedPrincipal. 如果你未设置为主体的策略WindowsPrincipal,对主体的权限的请求将失败。If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. 在要求主体的权限之前,应执行以下代码:The following code should be executed before the principal permission is demanded:

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).

构造函数

PrincipalPermission(PermissionState) PrincipalPermission(PermissionState) PrincipalPermission(PermissionState) PrincipalPermission(PermissionState)

使用指定的 PrincipalPermission 初始化 PermissionState 类的新实例。Initializes a new instance of the PrincipalPermission class with the specified PermissionState.

PrincipalPermission(String, String) PrincipalPermission(String, String) PrincipalPermission(String, String) PrincipalPermission(String, String)

为指定的 namerole 初始化 PrincipalPermission 类的新实例。Initializes a new instance of the PrincipalPermission class for the specified name and role.

PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean)

为指定的 namerole 和身份验证状态初始化 PrincipalPermission 类的新实例。Initializes a new instance of the PrincipalPermission class for the specified name, role, and authentication status.

方法

Copy() Copy() Copy() Copy()

创建并返回当前权限的相同副本。Creates and returns an identical copy of the current permission.

Demand() Demand() Demand() Demand()

在运行时确定当前主体是否与当前权限指定的主体相匹配。Determines at run time whether the current principal matches the principal specified by the current permission.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的 PrincipalPermission 对象是否等于当前的 PrincipalPermissionDetermines whether the specified PrincipalPermission object is equal to the current PrincipalPermission.

FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement)

从 XML 编码重新构造具有指定状态的权限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

获取 PrincipalPermission 对象的哈希代码,此代码适合在哈希算法和数据结构(例如哈希表)中使用。Gets a hash code for the PrincipalPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission) Intersect(IPermission) Intersect(IPermission) Intersect(IPermission)

创建并返回一个权限,该权限是当前权限与指定权限的交集。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission)

确定当前权限是否为指定权限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted() IsUnrestricted() IsUnrestricted() IsUnrestricted()

返回一个值,该值指示当前权限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

创建并返回表示当前权限的字符串。Creates and returns a string representing the current permission.

ToXml() ToXml() ToXml() ToXml()

创建权限及其当前状态的 XML 编码。Creates an XML encoding of the permission and its current state.

Union(IPermission) Union(IPermission) Union(IPermission) Union(IPermission)

创建一个权限,该权限是当前权限与指定权限的并集。Creates a permission that is the union of the current permission and the specified permission.

适用于

另请参阅