链接需求Link Demands

注意

代码访问安全性和部分受信任的代码Code Access Security and Partially Trusted Code

.NET Framework 提供一种机制,对在相同应用程序中运行的不同代码强制实施不同的信任级别,该机制称为代码访问安全性 (CAS)。The .NET Framework provides a mechanism for the enforcement of varying levels of trust on different code running in the same application called Code Access Security (CAS). .NET Framework 中的代码访问安全性不应用作基于代码来源或其他标识方面强制实施安全边界的一种机制。Code Access Security in .NET Framework should not be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects. 我们正在更新相应指南以反映代码访问安全性,并且将不支持把安全透明代码用作部分受信任的代码(尤其是未知来源的代码)的安全边界。We are updating our guidance to reflect that Code Access Security and Security-Transparent Code will not be supported as a security boundary with partially trusted code, especially code of unknown origin. 建议在未实施其他安全措施的情况下,不要加载和执行未知来源的代码。We advise against loading and executing code of unknown origins without putting alternative security measures in place.

此策略适用于 .NET Framework 的所有版本,但不适用于 Silverlight 中所含的 .NET Framework。This policy applies to all versions of .NET Framework, but does not apply to the .NET Framework included in Silverlight.

链接要求导致在实时编译过程中进行安全检查,并且只检查代码的直接调用程序集。A link demand causes a security check during just-in-time compilation and checks only the immediate calling assembly of your code. 当代码绑定到类型引用(包括函数指针引用和方法调用)时发生链接。Linking occurs when your code is bound to a type reference, including function pointer references and method calls. 如果调用程序集的权限不足以链接到代码,则加载并运行代码时将不允许该链接且将引发运行时异常。If the calling assembly does not have sufficient permission to link to your code, the link is not allowed and a runtime exception is thrown when the code is loaded and run. 可在继承自代码的类中重写链接要求。Link demands can be overridden in classes that inherit from your code.

请注意,不使用此类型的要求执行完整的堆栈审核,并且代码仍容易遭受引诱攻击。Note that a full stack walk is not performed with this type of demand and that your code is still susceptible to luring attacks. 例如, 如果程序集 A 中的方法受链接要求保护, 则将根据程序集 B 的权限计算程序集 B 中的直接调用方。 但是, 如果链接要求使用程序集 B 中的方法间接调用程序集 A 中的方法, 则链接要求将不会计算程序集 C 中的方法。链接要求仅指定直接调用程序集中的直接调用方必须有权链接到您的代码。For example, if a method in assembly A is protected by a link demand, a direct caller in assembly B is evaluated based on the permissions of Assembly B. However, the link demand will not evaluate a method in assembly C if it indirectly calls the method in assembly A using the method in assembly B. The link demand specifies only the permissions direct callers in the immediate calling assembly must have to link to your code. 而不指定所有调用方为了运行你的代码所必须拥有的权限。It does not specify the permissions all callers must have to run your code.

AssertDenyPermitOnly 堆栈审核修饰符不影响链接要求计算。The Assert, Deny, and PermitOnly stack walk modifiers do not affect the evaluation of link demands. 由于链接要求不执行堆栈审核,所以堆栈审核修饰符对链接要求并无影响。Because link demands do not perform a stack walk, the stack walk modifiers have no effect on link demands.

如果通过反射访问受链接要求保护的方法, 则链接要求会检查通过反射访问的代码的直接调用方。If a method protected by a link demand is accessed through Reflection, then a link demand checks the immediate caller of the code accessed through reflection. 对于使用反射执行的方法发现和方法调用都是如此。This is true both for method discovery and for method invocation performed using reflection. 例如, 假设代码使用反射来返回一个MethodInfo对象, 该对象表示受链接要求保护的方法, 然后将该MethodInfo对象传递到其他使用该对象调用原始方法的代码。For example, suppose code uses reflection to return a MethodInfo object representing a method protected by a link demand and then passes that MethodInfo object to some other code that uses the object to invoke the original method. 在这种情况下, 链接请求检查发生两次: 一次针对返回MethodInfo对象的代码, 一次针对调用它的代码。In this case the link demand check occurs twice: once for the code that returns the MethodInfo object and once for the code that invokes it.

备注

在静态类构造函数上执行的链接要求不保护构造函数,因为静态构造函数是在应用程序的代码执行路径外部由系统调用的。A link demand performed on a static class constructor does not protect the constructor because static constructors are called by the system, outside the application's code execution path. 因此,当链接要求应用于整个类时,它不能保护对静态构造函数的访问,尽管它确实保护类的其余部分。As a result, when a link demand is applied to an entire class, it cannot protect access to a static constructor, although it does protect the rest of the class.

下面的代码片段以声明方式指定链接到 ReadData 方法的任何代码必须具有 CustomPermission 权限。The following code fragment declaratively specifies that any code linking to the ReadData method must have the CustomPermission permission. 此权限是假设的自定义权限,在 .NET Framework 中并不存在。This permission is a hypothetical custom permission and does not exist in the .NET Framework. 请求是通过将SecurityAction标志传递到来CustomPermissionAttribute实现的。The demand is made by passing a SecurityAction.LinkDemand flag to the CustomPermissionAttribute.

<CustomPermissionAttribute(SecurityAction.LinkDemand)> _  
Public Shared Function ReadData() As String  
    ' Access a custom resource.  
End Function    
[CustomPermissionAttribute(SecurityAction.LinkDemand)]  
public static string ReadData()  
{  
    // Access a custom resource.  
}  

请参阅See also