<alwaysFlowImpersonationPolicy > 元素<alwaysFlowImpersonationPolicy> Element

指定 Windows 标识始终流经异步点,而不考虑执行模拟的方式。Specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

<configuration> <configuration>
    <runtime >   <runtime>
     <alwaysFlowImpersonationPolicy >     <alwaysFlowImpersonationPolicy>\

语法Syntax

<alwaysFlowImpersonationPolicy    
  enabled="true|false"/>  

特性和元素Attributes and Elements

下列各节描述了特性、子元素和父元素。The following sections describe attributes, child elements, and parent elements.

特性Attributes

特性Attribute 描述Description
enabled 必需的特性。Required attribute.

指示 Windows 标识是否流经异步点。Indicates whether the Windows identity flows across asynchronous points.

enabled 特性enabled Attribute

“值”Value 描述Description
false Windows 标识不流经异步点,除非模拟是通过托管方法(如 Impersonate)执行的。The Windows identity does not flow across asynchronous points, unless the impersonation is performed through managed methods such as Impersonate. 这是默认设置。This is the default.
true 无论模拟的执行方式如何,Windows 标识始终流经异步点。The Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

子元素Child Elements

无。None.

父元素Parent Elements

元素Element 描述Description
configuration 公共语言运行时和 .NET Framework 应用程序所使用的每个配置文件中的根元素。The root element in every configuration file used by the common language runtime and .NET Framework applications.
runtime 包含有关程序集绑定和垃圾回收的信息。Contains information about assembly binding and garbage collection.

备注Remarks

在 .NET Framework 版本1.0 和1.1 中,Windows 标识不流经异步点。In the .NET Framework versions 1.0 and 1.1, the Windows identity does not flow across asynchronous points. 在 .NET Framework 版本2.0 中,有一个 ExecutionContext 对象,其中包含当前正在执行的线程的相关信息,并在应用程序域中的异步点之间流动。In the .NET Framework version 2.0, there is an ExecutionContext object that contains information about the currently executing thread, and flows it across asynchronous points within an application domain. WindowsIdentity 还将作为流过异步点的信息的一部分进行传递,前提是通过使用托管方法(如 Impersonate)实现模拟,而不是通过其他方式(例如,平台调用到本机方法)实现的。The WindowsIdentity also flows as part of the information that flows across the asynchronous points, provided the impersonation was achieved using managed methods such as Impersonate and not through other means such as platform invoke to native methods. 此元素用于指定无论如何实现模拟,Windows 标识都将流经异步点。This element is used to specify that the Windows identity does flow across asynchronous points, regardless of how the impersonation was achieved.

可以通过两种其他方式更改此默认行为:You can alter this default behavior in two other ways:

  1. 在托管代码中,在每个线程的基础上。In managed code on a per-thread basis.

    您可以通过使用 ExecutionContext.SuppressFlowSecurityContext.SuppressFlowWindowsIdentitySecurityContext.SuppressFlow 方法修改 ExecutionContextSecurityContext 设置来禁用每个线程的流。You can suppress the flow on a per-thread basis by modifying the ExecutionContext and SecurityContext settings by using the ExecutionContext.SuppressFlow, SecurityContext.SuppressFlowWindowsIdentity, or SecurityContext.SuppressFlow method.

  2. 在调用非托管承载接口以加载公共语言运行时(CLR)。In the call to the unmanaged hosting interface to load the common language runtime (CLR).

    如果使用非托管宿主接口(而不是简单的托管可执行文件)加载 CLR,则可以在调用CorBindToRuntimeEx 函数函数时指定特殊标志。If an unmanaged hosting interface (instead of a simple managed executable) is used to load the CLR, you can specify a special flag in the call to the CorBindToRuntimeEx Function function. 若要为整个进程启用兼容模式,请将CorBindToRuntimeEx 函数flags 参数设置为 STARTUP_ALWAYSFLOW_IMPERSONATIONTo enable the compatibility mode for the entire process, set the flags parameter for CorBindToRuntimeEx Function to STARTUP_ALWAYSFLOW_IMPERSONATION.

配置文件Configuration File

在 .NET Framework 应用程序中,此元素只能在应用程序配置文件中使用。In a .NET Framework application, this element can be used only in the application configuration file.

对于 ASP.NET 应用程序,可以在 <Windows 文件夹 > \Microsoft.NET\Framework\vx.x.xxxx 目录中找到的 aspnet .config 文件中配置模拟流。For an ASP.NET application, the impersonation flow can be configured in the aspnet.config file found in the <Windows Folder>\Microsoft.NET\Framework\vx.x.xxxx directory.

默认情况下,ASP.NET 使用以下配置设置禁用 aspnet 文件中的模拟流:ASP.NET by default disables the impersonation flow in the aspnet.config file by using the following configuration settings:

<configuration>  
   <runtime>  
      <legacyImpersonationPolicy enabled="true"/>  
      <alwaysFlowImpersonationPolicy enabled="false"/>  
   </runtime>  
</configuration>  

在 ASP.NET 中,如果要改为允许模拟流,则必须显式使用以下配置设置:In ASP.NET, if you want to allow the flow of impersonation instead, you must explicitly use the following configuration settings:

<configuration>  
   <runtime>  
      <legacyImpersonationPolicy enabled="false"/>  
      <alwaysFlowImpersonationPolicy enabled="true"/>  
   </runtime>  
</configuration>  

示例Example

下面的示例演示如何指定 Windows 标识流经异步点,即使通过非托管方法实现模拟也是如此。The following example shows how to specify that the Windows identity flows across asynchronous points, even when the impersonation is achieved through means other than managed methods.

<configuration>  
  <runtime>  
    <alwaysFlowImpersonationPolicy enabled="true"/>  
  </runtime>  
</configuration>  

请参阅See also