<legacyImpersonationPolicy > 元素<legacyImpersonationPolicy> Element

指定 Windows 标识不流经异步点,而不考虑当前线程上执行上下文的流设置。Specifies that the Windows identity does not flow across asynchronous points, regardless of the flow settings for the execution context on the current thread.

<configuration> <configuration>
    <runtime >   <runtime>
     <legacyImpersonationPolicy >    <legacyImpersonationPolicy>

语法Syntax

<legacyImpersonationPolicy    
   enabled="true|false"/>  

特性和元素Attributes and Elements

下列各节描述了特性、子元素和父元素。The following sections describe attributes, child elements, and parent elements.

特性Attributes

特性Attribute 描述Description
enabled 必需的特性。Required attribute.

指定 WindowsIdentity 不流经异步点,无论当前线程上的 ExecutionContext 流设置如何。Specifies that the WindowsIdentity does not flow across asynchronous points, regardless of the ExecutionContext flow settings on the current thread.

enabled 特性enabled Attribute

“值”Value 描述Description
false 根据当前线程的 ExecutionContext 流设置,WindowsIdentity 跨异步点流动。WindowsIdentity flows across asynchronous points depending upon the ExecutionContext flow settings for the current thread. 这是默认设置。This is the default.
true WindowsIdentity 不流经异步点,无论当前线程上的 ExecutionContext 流设置如何。WindowsIdentity does not flow across asynchronous points, regardless of the ExecutionContext flow settings on the current thread.

子元素Child Elements

无。None.

父元素Parent Elements

元素Element 描述Description
configuration 公共语言运行时和 .NET Framework 应用程序所使用的每个配置文件中的根元素。The root element in every configuration file used by the common language runtime and .NET Framework applications.
runtime 包含有关程序集绑定和垃圾回收的信息。Contains information about assembly binding and garbage collection.

备注Remarks

在 .NET Framework 版本1.0 和1.1 中,WindowsIdentity 不会流经任何用户定义的异步点。In the .NET Framework versions 1.0 and 1.1, the WindowsIdentity does not flow across any user-defined asynchronous points. 从 .NET Framework 版本2.0 开始,有一个 ExecutionContext 对象,其中包含当前正在执行的线程的相关信息,并在应用程序域中的异步点之间流动。Starting with the .NET Framework version 2.0, there is an ExecutionContext object that contains information about the currently executing thread, and it flows across asynchronous points within an application domain. WindowsIdentity 包含在此执行上下文中,因此也会流经异步点,这意味着,如果存在模拟上下文,则也会流动。The WindowsIdentity is included in this execution context and therefore also flows across the asynchronous points, which means that if an impersonation context exists, it will flow as well.

从 .NET Framework 2.0 开始,可以使用 <legacyImpersonationPolicy> 元素来指定 WindowsIdentity 不流经异步点。Starting with the .NET Framework 2.0, you can use the <legacyImpersonationPolicy> element to specify that WindowsIdentity does not flow across asynchronous points.

备注

公共语言运行时(CLR)知道仅使用托管代码执行的模拟操作,而不是在托管代码之外执行的模拟,例如通过平台调用到非托管代码或通过直接调用 Win32 函数。The common language runtime (CLR) is aware of impersonation operations performed using only managed code, not of impersonation performed outside of managed code, such as through platform invoke to unmanaged code or through direct calls to Win32 functions. 只有托管 WindowsIdentity 对象才能流经异步点,除非 alwaysFlowImpersonationPolicy 元素设置为 true (<alwaysFlowImpersonationPolicy enabled="true"/>)。Only managed WindowsIdentity objects can flow across asynchronous points, unless the alwaysFlowImpersonationPolicy element has been set to true (<alwaysFlowImpersonationPolicy enabled="true"/>). alwaysFlowImpersonationPolicy 元素设置为 true 可指定无论模拟的执行方式如何,Windows 标识总是跨异步点流动。Setting the alwaysFlowImpersonationPolicy element to true specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed. 有关跨异步点流动非托管模拟的详细信息,请参阅<alwaysFlowImpersonationPolicy > 元素For more information on flowing unmanaged impersonation across asynchronous points, see <alwaysFlowImpersonationPolicy> Element.

可以通过两种其他方式更改此默认行为:You can alter this default behavior in two other ways:

  1. 在托管代码中,在每个线程的基础上。In managed code on a per-thread basis.

    您可以通过使用 ExecutionContext.SuppressFlowSecurityContext.SuppressFlowWindowsIdentitySecurityContext.SuppressFlow 方法修改 ExecutionContextSecurityContext 设置来禁用每个线程的流。You can suppress the flow on a per-thread basis by modifying the ExecutionContext and SecurityContext settings by using the ExecutionContext.SuppressFlow, SecurityContext.SuppressFlowWindowsIdentity or SecurityContext.SuppressFlow method.

  2. 在调用非托管承载接口以加载公共语言运行时(CLR)。In the call to the unmanaged hosting interface to load the common language runtime (CLR).

    如果使用非托管宿主接口(而不是简单的托管可执行文件)加载 CLR,则可以在调用CorBindToRuntimeEx 函数函数时指定特殊标志。If an unmanaged hosting interface (instead of a simple managed executable) is used to load the CLR, you can specify a special flag in the call to the CorBindToRuntimeEx Function function. 若要为整个进程启用兼容模式,请将CorBindToRuntimeEx 函数flags 参数设置为 STARTUP_LEGACY_IMPERSONATION。To enable the compatibility mode for the entire process, set the flags parameter for CorBindToRuntimeEx Function to STARTUP_LEGACY_IMPERSONATION.

有关详细信息,请参阅<alwaysFlowImpersonationPolicy > 元素For more information, see the <alwaysFlowImpersonationPolicy> Element.

配置文件Configuration File

在 .NET Framework 应用程序中,此元素只能在应用程序配置文件中使用。In a .NET Framework application, this element can be used only in the application configuration file.

对于 ASP.NET 应用程序,可以在 <Windows 文件夹 > \Microsoft.NET\Framework\vx.x.xxxx 目录中找到的 aspnet .config 文件中配置模拟流。For an ASP.NET application, the impersonation flow can be configured in the aspnet.config file found in the <Windows Folder>\Microsoft.NET\Framework\vx.x.xxxx directory.

默认情况下,ASP.NET 使用以下配置设置禁用 aspnet 文件中的模拟流:ASP.NET by default disables the impersonation flow in the aspnet.config file by using the following configuration settings:

<configuration>  
   <runtime>  
      <legacyImpersonationPolicy enabled="true"/>  
      <alwaysFlowImpersonationPolicy enabled="false"/>  
   </runtime>  
</configuration>  

在 ASP.NET 中,如果要改为允许模拟流,则必须显式使用以下配置设置:In ASP.NET, if you want to allow the flow of impersonation instead, you must explicitly use the following configuration settings:

<configuration>  
   <runtime>  
      <legacyImpersonationPolicy enabled="false"/>  
      <alwaysFlowImpersonationPolicy enabled="true"/>  
   </runtime>  
</configuration>  

示例Example

下面的示例演示如何指定不跨异步点流式传输 Windows 标识的旧行为。The following example shows how to specify the legacy behavior that does not flow the Windows identity across asynchronous points.

<configuration>  
   <runtime>  
      <legacyImpersonationPolicy enabled="true"/>  
   </runtime>  
</configuration>  

请参阅See also