PrincipalPermissionAttribute PrincipalPermissionAttribute PrincipalPermissionAttribute PrincipalPermissionAttribute Class


允许对要使用声明性安全应用到代码中的 PrincipalPermission 执行安全操作。Allows security actions for PrincipalPermission to be applied to code using declarative security. 此类不能被继承。This class cannot be inherited.

public ref class PrincipalPermissionAttribute sealed : System::Security::Permissions::CodeAccessSecurityAttribute
[System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method, AllowMultiple=true, Inherited=false)]
public sealed class PrincipalPermissionAttribute : System.Security.Permissions.CodeAccessSecurityAttribute
type PrincipalPermissionAttribute = class
    inherit CodeAccessSecurityAttribute
Public NotInheritable Class PrincipalPermissionAttribute
Inherits CodeAccessSecurityAttribute


下面的示例演示如何将PrincipalPermissionAttribute类以声明方式使用,以要求当前用户是管理员。The following example demonstrates how the PrincipalPermissionAttribute class is used declaratively to demand that the current user be an administrator.


在 Windows Vista 中,用户帐户控制 (UAC) 决定用户的特权。In Windows Vista, User Account Control (UAC) determines the privileges of a user. 如果您是内置的 Administrators 组的成员,将为您分配两个运行时访问令牌:一个标准用户访问令牌和一个管理员访问令牌。If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. 默认情况下,您拥有标准用户角色。By default, you are in the standard user role. 要执行需要管理员身份的代码,必须首先将你的特权从标准用户提升至管理员。To execute the code that requires you to be an administrator, you must first elevate your privileges from standard user to administrator. 你可以通过以下方式执行此操作:右键单击应用程序图标并指示需以管理员身份运行。You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Security::Policy;
using namespace System::Security::Principal;

[PrincipalPermission(SecurityAction::Demand, Role = "Administrators")]
void CheckAdministrator()
	Console::WriteLine("User is an administrator.");
int main(array<System::String ^> ^args)
		// Must set PrincipalPolicy to WindowsPrincipal
		// Check using declarative security.
		// Check using Imperative security.
		System::String^ null;
		PrincipalPermission^ principalPerm = gcnew PrincipalPermission(null, "Administrators" );
		Console::WriteLine("Demand succeeded");
	catch (Exception ^e)
	return 0;

using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
    public static void Main()
            // PrincipalPolicy must be set to WindowsPrincipal to check roles.
            // Check using the PrincipalPermissionAttribute
            // Check using PrincipalPermission class.
            PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
            Console.WriteLine("Demand succeeded.");
        catch (Exception e)
    [PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
    static void CheckAdministrator()
        Console.WriteLine("User is an administrator");
Imports System
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal

Class SecurityPrincipalDemo

    Public Shared Sub Main()
            ' PrincipalPolicy must be set to WindowsPrincipal to check roles.
            ' Check using the PrincipalPermissionAttribute
            ' Check using PrincipalPermission class.
            Dim principalPerm As New PrincipalPermission(Nothing, "Administrators")
            Console.WriteLine("Demand succeeded.")
        Catch e As Exception
        End Try

    End Sub 'Main

    <PrincipalPermission(SecurityAction.Demand, Role:="Administrators")> _
    Shared Sub CheckAdministrator()
        Console.WriteLine("User is an administrator")

    End Sub 'CheckAdministrator
End Class 'SecurityPrincipalDemo


PrincipalPermissionAttribute 可用于以声明方式要求用户运行你的代码属于指定角色或进行了身份验证。PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a specified role or have been authenticated. 利用Unrestricted创建PrincipalPermissionAuthenticated设置为trueNameRole设置为nullUse of Unrestricted creates a PrincipalPermission with Authenticated set to true and Name and Role set to null.

声明是允许的范围取决于SecurityAction的使用。The scope of the declaration that is allowed depends on the SecurityAction that is used. PrincipalPermissionAttribute 不能在程序集级别应用。PrincipalPermissionAttribute cannot be applied at the assembly level.

声明的安全特性的安全信息的属性目标的元数据中的存储,以及在运行时访问系统。The security information declared by a security attribute is stored in the metadata of the attribute target and is accessed by the system at run time. 安全特性仅用于声明性安全。Security attributes are used only for declarative security. 对于命令性安全,使用相应的权限类。For imperative security, use the corresponding permission class.


使用此类要求主体权限之前,必须将当前应用程序域的主体的策略设置为枚举值WindowsPrincipalBefore you use this class to demand principal permission, you must set the current application domain's principal policy to the enumeration value WindowsPrincipal. 默认情况下,主体的策略设置为UnauthenticatedPrincipalBy default, the principal policy is set to UnauthenticatedPrincipal. 如果你未设置为主体的策略WindowsPrincipal,对主体的权限的请求将失败。If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. 在要求主体的权限之前,应执行以下代码: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).The following code should be executed before the principal permission is demanded: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).


PrincipalPermissionAttribute(SecurityAction) PrincipalPermissionAttribute(SecurityAction) PrincipalPermissionAttribute(SecurityAction) PrincipalPermissionAttribute(SecurityAction)

使用指定的 PrincipalPermissionAttribute 初始化 SecurityAction 类的新实例。Initializes a new instance of the PrincipalPermissionAttribute class with the specified SecurityAction.


Action Action Action Action

获取或设置安全性操作。Gets or sets a security action.

(Inherited from SecurityAttribute)
Authenticated Authenticated Authenticated Authenticated

获取或设置一个指示当前主题是否已经过基于角色的基础安全提供程序验证的值。Gets or sets a value indicating whether the current principal has been authenticated by the underlying role-based security provider.

Name Name Name Name

获取或设置与当前用户关联的身份名称。Gets or sets the name of the identity associated with the current principal.

Role Role Role Role

获取或设置指定安全角色的成员条件。Gets or sets membership in a specified security role.

TypeId TypeId TypeId TypeId

在派生类中实现时,获取此 Attribute 的唯一标识符。When implemented in a derived class, gets a unique identifier for this Attribute.

(Inherited from Attribute)
Unrestricted Unrestricted Unrestricted Unrestricted

获取或设置一个值,该值指示是否声明了对受该特性保护的资源有完全(无限制的)权限。Gets or sets a value indicating whether full (unrestricted) permission to the resource protected by the attribute is declared.

(Inherited from SecurityAttribute)


CreatePermission() CreatePermission() CreatePermission() CreatePermission()

创建并返回一个新的 PrincipalPermissionCreates and returns a new PrincipalPermission.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

返回一个值,该值指示此实例是否与指定的对象相等。Returns a value that indicates whether this instance is equal to a specified object.

(Inherited from Attribute)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

返回此实例的哈希代码。Returns the hash code for this instance.

(Inherited from Attribute)
GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
IsDefaultAttribute() IsDefaultAttribute() IsDefaultAttribute() IsDefaultAttribute()

在派生类中重写时,指示此实例的值是否是派生类的默认值。When overridden in a derived class, indicates whether the value of this instance is the default value for the derived class.

(Inherited from Attribute)
Match(Object) Match(Object) Match(Object) Match(Object)

当在派生类中重写时,返回一个指示此实例是否等于指定对象的值。When overridden in a derived class, returns a value that indicates whether this instance equals a specified object.

(Inherited from Attribute)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

返回表示当前对象的字符串。Returns a string that represents the current object.

(Inherited from Object)


_Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr) _Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr) _Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr) _Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr)

将一组名称映射为对应的一组调度标识符。Maps a set of names to a corresponding set of dispatch identifiers.

(Inherited from Attribute)
_Attribute.GetTypeInfo(UInt32, UInt32, IntPtr) _Attribute.GetTypeInfo(UInt32, UInt32, IntPtr) _Attribute.GetTypeInfo(UInt32, UInt32, IntPtr) _Attribute.GetTypeInfo(UInt32, UInt32, IntPtr)

检索对象的类型信息,然后可以使用该信息获取接口的类型信息。Retrieves the type information for an object, which can be used to get the type information for an interface.

(Inherited from Attribute)
_Attribute.GetTypeInfoCount(UInt32) _Attribute.GetTypeInfoCount(UInt32) _Attribute.GetTypeInfoCount(UInt32) _Attribute.GetTypeInfoCount(UInt32)

检索对象提供的类型信息接口的数量(0 或 1)。Retrieves the number of type information interfaces that an object provides (either 0 or 1).

(Inherited from Attribute)
_Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr) _Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr) _Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr) _Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr)

提供对某一对象公开的属性和方法的访问。Provides access to properties and methods exposed by an object.

(Inherited from Attribute)