PrincipalPermission PrincipalPermission PrincipalPermission PrincipalPermission Class

定义

允许使用为声明和强制安全性操作定义的语言结构来检查活动用户(请参见 IPrincipal)。Allows checks against the active principal (see IPrincipal) using the language constructs defined for both declarative and imperative security actions. 此类不能被继承。This class cannot be inherited.

public ref class PrincipalPermission sealed : System::Security::IPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class PrincipalPermission : System.Security.IPermission, System.Security.Permissions.IUnrestrictedPermission
type PrincipalPermission = class
    interface IPermission
    interface IUnrestrictedPermission
    interface ISecurityEncodable
Public NotInheritable Class PrincipalPermission
Implements IPermission, IUnrestrictedPermission
继承
PrincipalPermissionPrincipalPermissionPrincipalPermissionPrincipalPermission
属性
实现

示例

下面的示例要求活动主体是管理员。The following example requires the active principal to be an administrator. name参数为null,它允许任何管理员用户通过该需求。The name parameter is null, which enables any user who is an administrator to pass the demand.

备注

在 Windows Vista 中,用户帐户控制 (UAC) 决定用户的特权。In Windows Vista, User Account Control (UAC) determines the privileges of a user. 如果您是内置的 Administrators 组的成员,将为您分配两个运行时访问令牌:一个标准用户访问令牌和一个管理员访问令牌。If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. 默认情况下,您拥有标准用户角色。By default, you are in the standard user role. 要执行需要管理员身份的代码,必须首先将你的特权从标准用户提升至管理员。To execute the code that requires you to be an administrator, you must first elevate your privileges from standard user to administrator. 你可以通过以下方式执行此操作:右键单击应用程序图标并指示需以管理员身份运行。You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Security::Policy;
using namespace System::Security::Principal;

int main(array<System::String ^> ^args)
{
    System::String^ null;
    AppDomain::CurrentDomain->SetPrincipalPolicy(PrincipalPolicy::WindowsPrincipal);
    PrincipalPermission^ principalPerm = gcnew PrincipalPermission(null, "Administrators" );
      principalPerm->Demand();
      Console::WriteLine("Demand succeeded");
    return 0;
}
using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{

    public static void Main()
    {
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
        principalPerm.Demand();
        Console.WriteLine("Demand succeeded.");
    }
}
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal



Class SecurityPrincipalDemo


    Public Shared Sub Main()
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
        Dim principalPerm As New PrincipalPermission(Nothing, "Administrators")
        principalPerm.Demand()
        Console.WriteLine("Demand succeeded.")

    End Sub
End Class

注解

通过将标识信息(用户名和角色)传递给构造函数, PrincipalPermission可以使用来要求活动主体的标识与此信息相匹配。By passing identity information (user name and role) to the constructor, PrincipalPermission can be used to demand that the identity of the active principal matches this information.

若要匹配活动IPrincipal和关联IIdentity,指定的标识和角色都必须匹配。To match the active IPrincipal and associated IIdentity, both the specified identity and role must match. 如果null使用标识字符串,则会将其解释为请求以匹配任何标识。If null identity string is used, it is interpreted as a request to match any identity. null使用角色字符串将匹配任何角色。Use of null role string will match any role. 根据隐含,传递nullname role IPrincipal的参数将匹配任意中的标识和角色。 PrincipalPermissionBy implication, passing null parameter for name or role to PrincipalPermission will match the identity and roles in any IPrincipal. 还可以构造PrincipalPermission仅确定IIdentity是否表示经过身份验证或未经身份验证的实体的。It is also possible to construct a PrincipalPermission that only determines whether the IIdentity represents an authenticated or unauthenticated entity. 在这种情况namerole ,将忽略和。In this case, name and role are ignored.

与大多数其他权限不同PrincipalPermission ,不会CodeAccessPermission扩展。Unlike most other permissions, PrincipalPermission does not extend CodeAccessPermission. 但它确实实现了IPermission接口。It does, however, implement the IPermission interface. 这是因为PrincipalPermission不是代码访问权限; 也就是说,它不是根据正在执行的程序集的标识授予的。This is because PrincipalPermission is not a code access permission; that is, it is not granted based on the identity of the executing assembly. 相反,它允许代码以与为代码Demand访问Union和代码标识权限执行这些操作的方式一致的方式对当前用户标识执行操作(、、 Intersect等)。Instead, it allows code to perform actions (Demand, Union, Intersect, and so on) against the current user identity in a manner consistent with the way those actions are performed for code access and code identity permissions.

重要

在要求主体权限之前,需要将当前应用程序域的主体策略设置为枚举值WindowsPrincipalPrior to a demand for principal permission it is necessary to set the current application domain's principal policy to the enumeration value WindowsPrincipal. 默认情况下,主体策略设置为UnauthenticatedPrincipalBy default, the principal policy is set to UnauthenticatedPrincipal. 如果不将主体策略设置为WindowsPrincipal,则对主体权限的要求会失败。If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. 在要求主体权限之前,应执行以下代码:The following code should be executed before the principal permission is demanded:

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).

构造函数

PrincipalPermission(PermissionState) PrincipalPermission(PermissionState) PrincipalPermission(PermissionState) PrincipalPermission(PermissionState)

使用指定的 PrincipalPermission 初始化 PermissionState 类的新实例。Initializes a new instance of the PrincipalPermission class with the specified PermissionState.

PrincipalPermission(String, String) PrincipalPermission(String, String) PrincipalPermission(String, String) PrincipalPermission(String, String)

初始化指定的 namerolePrincipalPermission 类的新实例。Initializes a new instance of the PrincipalPermission class for the specified name and role.

PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean) PrincipalPermission(String, String, Boolean)

初始化指定 namerole 和身份验证状态的 PrincipalPermission 类的新实例。Initializes a new instance of the PrincipalPermission class for the specified name, role, and authentication status.

方法

Copy() Copy() Copy() Copy()

创建并返回当前权限的相同副本。Creates and returns an identical copy of the current permission.

Demand() Demand() Demand() Demand()

在运行时确定当前主体是否与当前权限所指定的主体相匹配。Determines at run time whether the current principal matches the principal specified by the current permission.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的 PrincipalPermission 对象是否等于当前的 PrincipalPermissionDetermines whether the specified PrincipalPermission object is equal to the current PrincipalPermission.

FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement)

从 XML 编码重新构造具有指定状态的权限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

获取 PrincipalPermission 对象的哈希代码,此代码适合在哈希算法和数据结构(例如哈希表)中使用。Gets a hash code for the PrincipalPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission) Intersect(IPermission) Intersect(IPermission) Intersect(IPermission)

创建并返回一个权限,该权限是当前权限与指定权限的交集。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission)

确定当前权限是否为指定权限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted() IsUnrestricted() IsUnrestricted() IsUnrestricted()

返回一个值,该值指示当前权限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

创建并返回表示当前权限的字符串。Creates and returns a string representing the current permission.

ToXml() ToXml() ToXml() ToXml()

创建权限及其当前状态的 XML 编码。Creates an XML encoding of the permission and its current state.

Union(IPermission) Union(IPermission) Union(IPermission) Union(IPermission)

创建一个权限,该权限是当前权限与指定权限的并集。Creates a permission that is the union of the current permission and the specified permission.

适用于

另请参阅