安全性 (WPF)Security (WPF)

开发 Windows Presentation Foundation (WPF)独立应用程序和浏览器托管应用程序时,必须考虑安全模型。When developing Windows Presentation Foundation (WPF) standalone and browser-hosted applications, you must consider the security model. WPFWPF 独立的应用程序使用无限制权限(CAFullTrust权限集)执行,不管是使用 Windows Installer (.msi)、XCopy 还是 ClickOnce 部署的。standalone applications execute with unrestricted permissions ( CASFullTrust permission set), whether deployed using Windows Installer (.msi), XCopy, or ClickOnce. 不支持使用 ClickOnce 部署部分信任的独立 WPF 应用程序。Deploying partial-trust, standalone WPF applications with ClickOnce is unsupported. 不过,完全信任的主机应用程序可以使用 .NET Framework 外接程序模型创建部分信任 AppDomainHowever, a full-trust host application can create a partial-trust AppDomain using the .NET Framework Add-in model. 有关详细信息,请参阅WPF 外接程序概述For more information, see WPF Add-Ins Overview.

WPFWPF 浏览器承载的应用程序由 Windows Internet Explorer 或 Firefox 承载,可以是 XAML 浏览器应用程序(Xbap)或松散 可扩展应用程序标记语言 (XAML)Extensible Application Markup Language (XAML) 文档有关详细信息,请参阅WPF XAML 浏览器应用程序概述browser-hosted applications are hosted by Windows Internet Explorer or Firefox, and can be either XAML browser applications (XBAPs) or loose 可扩展应用程序标记语言 (XAML)Extensible Application Markup Language (XAML) documents For more information, see WPF XAML Browser Applications Overview.

默认情况下,WPFWPF 浏览器承载的应用程序在部分信任的安全沙箱中执行,该沙箱仅限默认的 CASInternet区域权限集。WPFWPF browser-hosted applications execute within a partial trust security sandbox, by default, which is limited to the default CASInternet zone permission set. 这会有效地将 WPFWPF 浏览器承载的应用程序与客户端计算机隔离,就像需要隔离典型 Web 应用程序一样。This effectively isolates WPFWPF browser-hosted applications from the client computer in the same way that you would expect typical Web applications to be isolated. XBAP 最高可以将权限提升到“完全信任”,具体取决于部署 URL 的安全区域和客户端的安全配置。An XBAP can elevate privileges, up to Full Trust, depending on the security zone of the deployment URL and the client's security configuration. 有关详细信息,请参阅 WPF 部分信任安全性For more information, see WPF Partial Trust Security.

本主题讨论 Windows Presentation Foundation (WPF)独立应用程序和浏览器承载的应用程序的安全模型。This topic discusses the security model for Windows Presentation Foundation (WPF) standalone and browser-hosted applications.

本主题包含以下各节:This topic contains the following sections:

安全导航Safe Navigation

对于 Xbap,WPFWPF 区分两种类型的导航:应用程序和浏览器。For XBAPs, WPFWPF distinguishes two types of navigation: application and browser.

应用程序导航是指在浏览器托管的应用程序内的内容项之间进行导航。Application navigation is navigation between items of content within an application that is hosted by a browser. 浏览器导航是指可更改浏览器自身的内容和位置 URL 的导航。Browser navigation is navigation that changes the content and location URL of a browser itself. 应用程序导航(通常为 XAML)与浏览器导航(通常为 HTML)之间的关系如下图所示:The relationship between application navigation (typically XAML) and browser navigation (typically HTML) is shown in the following illustration:

应用程序导航与浏览器导航之间的关系。

对于 XBAP 要导航到的内容的类型,主要取决于是否使用应用程序导航或浏览器导航。The type of content that is considered safe for an XBAP to navigate to is primarily determined by whether application navigation or browser navigation is used.

应用程序导航安全性Application Navigation Security

如果应用程序导航可以使用 pack URI 来标识,并且它支持四种类型的内容,则将其视为安全:Application navigation is considered safe if it can be identified with a pack URI, which supports four types of content:

内容类型Content Type 描述Description URI 示例URI Example
资源Resource 添加到具有资源生成类型的项目中的文件。Files that are added to a project with a build type of Resource. pack://application:,,,/MyResourceFile.xaml
ContentContent 使用 "内容" 生成类型添加到项目中的文件。Files that are added to a project with a build type of Content. pack://application:,,,/MyContentFile.xaml
源站点Site of origin 添加到生成类型为None的项目中的文件。Files that are added to a project with a build type of None. pack://siteoforigin:,,,/MySiteOfOriginFile.xaml
应用程序代码Application code 具有已编译代码隐藏的 XAML 资源。XAML resources that have a compiled code-behind.

-or-

添加到具有的生成类型的项目中的 XAML 文件。XAML files that are added to a project with a build type of Page.
pack://application:,,,/MyResourceFile .xamlpack://application:,,,/MyResourceFile .xaml

备注

有关应用程序数据文件和包 Uri 的详细信息,请参阅WPF 应用程序资源、内容和数据文件For more information about application data files and pack URIs, see WPF Application Resource, Content, and Data Files.

可以由用户导航到这些内容类型的文件,也可以通过编程方式导航到这些内容类型的文件:Files of these content types can be navigated to by either the user or programmatically:

  • 用户导航User Navigation. 用户通过单击 Hyperlink 元素导航。The user navigates by clicking a Hyperlink element.

  • 编程导航Programmatic Navigation. 应用程序将导航到不涉及用户的情况,例如,通过设置 "NavigationWindow.Source" 属性。The application navigates without involving the user, for example, by setting the NavigationWindow.Source property.

浏览器导航安全性Browser Navigation Security

浏览器导航仅在以下条件下被视为安全:Browser navigation is considered safe only under the following conditions:

  • 用户导航User Navigation. 用户通过单击主 NavigationWindow内的 Hyperlink 元素导航,而不是在嵌套 Frame中导航。The user navigates by clicking a Hyperlink element that is within the main NavigationWindow, not in a nested Frame.

  • 区域Zone. 要导航到的内容位于 Internet 或本地 Intranet 上。The content being navigated to is located on the Internet or the local intranet.

  • 协议Protocol. 使用的协议是httphttps文件mailtoThe protocol being used is either http, https, file, or mailto.

如果 XBAP 尝试以不符合这些条件的方式导航到内容,则会引发 SecurityExceptionIf an XBAP attempts to navigate to content in a manner that does not comply with these conditions, a SecurityException is thrown.

Web 浏览软件安全设置Web Browsing Software Security Settings

计算机上的安全设置决定了任何 Web 浏览软件被授予的访问权限。The security settings on your computer determine the access that any Web browsing software is granted. Web 浏览软件包含任何应用程序或组件,这些应用程序或组件使用WinINeturlmon.dll Api,包括 Internet Explorer 和 presentationhost.exe。Web browsing software includes any application or component that uses the WinINet or UrlMon APIs, including Internet Explorer and PresentationHost.exe.

Internet Explorer 提供一种机制,通过该机制可以配置允许通过 Internet Explorer 执行的功能,包括以下内容:Internet Explorer provides a mechanism by which you can configure the functionality that is allowed to be executed by or from Internet Explorer, including the following:

  • .NET Framework 相关组件.NET Framework-reliant components

  • ActiveX 控件和插件ActiveX controls and plug-ins

  • 下载Downloads

  • 脚本功能Scripting

  • 用户身份验证User Authentication

对于InternetIntranet受信任的站点受限制的站点区域,可通过这种方式进行保护的功能集合以每个区域为基础进行配置。The collection of functionality that can be secured in this way is configured on a per-zone basis for the Internet, Intranet, Trusted Sites, and Restricted Sites zones. 以下步骤描述如何配置安全设置:The following steps describe how to configure your security settings:

  1. 打开“控制面板”。Open Control Panel.

  2. 单击 "网络和 internet ",然后单击 " internet 选项"。Click Network and Internet and then click Internet Options.

    将显示“Internet 选项”对话框。The Internet Options dialog box appears.

  3. 在 "安全" 选项卡上,选择要为其配置安全设置的区域。On the Security tab, select the zone to configure the security settings for.

  4. 单击 "自定义级别" 按钮。Click the Custom Level button.

    此时将显示 "安全设置" 对话框,你可以为所选区域配置安全设置。The Security Settings dialog box appears and you can configure the security settings for the selected zone.

    显示 "安全设置" 对话框的屏幕截图。

备注

也可以从 Internet Explorer 中进入“Internet 选项”对话框。You can also get to the Internet Options dialog box from Internet Explorer. 单击 "工具",然后单击 " Internet 选项"。Click Tools and then click Internet Options.

从 Windows Internet Explorer 7 开始,包含了专门针对 .NET Framework 的以下安全设置:Starting with Windows Internet Explorer 7, the following security settings specifically for .NET Framework are included:

  • 宽松 XAMLLoose XAML. 控制 Internet Explorer 是否可以导航到和松散的 XAMLXAML 文件。Controls whether Internet Explorer can navigate to and loose XAMLXAML files. (“启用”、“禁用”和“提示”选项)。(Enable, Disable, and Prompt options).

  • XAML 浏览器应用程序XAML browser applications. 控制 Internet Explorer 是否可以导航到并运行 Xbap。Controls whether Internet Explorer can navigate to and run XBAPs. (“启用”、“禁用”和“提示”选项)。(Enable, Disable, and Prompt options).

默认情况下,将为 " Internet"、"本地 intranet" 和 "受信任站点" 区域启用所有这些设置,并为 "受限制的站点" 区域禁用这些设置。By default, these settings are all enabled for the Internet, Local intranet, and Trusted sites zones, and disabled for the Restricted sites zone.

除了可通过“Internet 选项”设置的安全设置之外,还可以通过设置以下注册表值有选择地阻止许多安全敏感 WPF 功能。In addition to the security settings available through the Internet Options, the following registry values are available for selectively blocking a number of security-sensitive WPF features. 这些值在以下注册表项下定义:The values are defined under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Windows Presentation Foundation\Features

下表列出了可以设置的值。The following table lists the values that can be set.

值名称Value Name 值类型Value Type 值数据Value Data
XBAPDisallowXBAPDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
LooseXamlDisallowLooseXamlDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
WebBrowserDisallowWebBrowserDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
MediaAudioDisallowMediaAudioDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
MediaImageDisallowMediaImageDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
MediaVideoDisallowMediaVideoDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.
ScriptInteropDisallowScriptInteropDisallow REG_DWORDREG_DWORD 1 为禁止;0 为允许。1 to disallow; 0 to allow.

WebBrowser 控件和功能控件WebBrowser Control and Feature Controls

WPF WebBrowser 控件可用于承载 Web 内容。The WPF WebBrowser control can be used to host Web content. WPF WebBrowser 控件包装基础 WebBrowser ActiveX 控件。The WPF WebBrowser control wraps the underlying WebBrowser ActiveX control. 当你使用 WPF WebBrowser 控件来承载不受信任的 Web 内容时,WPF 提供了一些对保护应用程序的支持。WPF provides some support for securing your application when you use the WPF WebBrowser control to host untrusted Web content. 但是,某些安全功能必须使用 WebBrowser 控件直接应用于应用程序。However, some security features must be applied directly by the applications using the WebBrowser control. 有关 WebBrowser ActiveX 控件的详细信息,请参阅Webbrowser 控件概述和教程For more information about the WebBrowser ActiveX control, see WebBrowser Control Overviews and Tutorials.

备注

本节还适用于 Frame 控件,因为它使用 WebBrowser 导航到 HTML 内容。This section also applies to the Frame control since it uses the WebBrowser to navigate to HTML content.

如果 WPF WebBrowser 控件用于承载不受信任的 Web 内容,你的应用程序应使用部分信任的 AppDomain 来帮助防止应用程序代码与可能的恶意 HTML 脚本代码隔离。If the WPF WebBrowser control is used to host untrusted Web content, your application should use a partial-trust AppDomain to help insulate your application code from potentially malicious HTML script code. 如果你的应用程序通过使用 InvokeScript 方法和 ObjectForScripting 属性与托管脚本进行交互,则更是如此。This is especially true if your application is interacting with the hosted script by using the InvokeScript method and the ObjectForScripting property. 有关详细信息,请参阅WPF 外接程序概述For more information, see WPF Add-Ins Overview.

如果你的应用程序使用 WPF WebBrowser 控件,提高安全性并缓解攻击的另一种方法是启用 Internet Explorer 功能控件。If your application uses the WPF WebBrowser control, another way to increase security and mitigate attacks is to enable Internet Explorer feature controls. 功能控件是 Internet Explorer 的新增功能,允许管理员和开发人员配置 Internet Explorer 的功能,以及 WPF WebBrowser 控件包装的 web 浏览器 ActiveX 控件的应用程序。Feature controls are additions to Internet Explorer that allow administrators and developers to configure features of Internet Explorer and applications that host the WebBrowser ActiveX control, which the WPF WebBrowser control wraps. 功能控件可以通过使用CoInternetSetFeatureEnabled函数来配置,也可以通过更改注册表中的值来配置。Feature controls can be configured by using the CoInternetSetFeatureEnabled function or by changing values in the registry. 有关功能控件的详细信息,请参阅功能控件简介Internet 功能控件For more information about feature controls, see Introduction to Feature Controls and Internet Feature Controls.

如果要开发使用 WPF WebBrowser 控件的独立 WPF 应用程序,WPF 会自动为应用程序启用以下功能控件。If you are developing a standalone WPF application that uses the WPF WebBrowser control, WPF automatically enables the following feature controls for your application.

功能控件Feature Control
FEATURE_MIME_HANDLINGFEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFINGFEATURE_MIME_SNIFFING
FEATURE_OBJECT_CACHINGFEATURE_OBJECT_CACHING
FEATURE_SAFE_BINDTOOBJECTFEATURE_SAFE_BINDTOOBJECT
FEATURE_WINDOW_RESTRICTIONSFEATURE_WINDOW_RESTRICTIONS
FEATURE_ZONE_ELEVATIONFEATURE_ZONE_ELEVATION
FEATURE_RESTRICT_FILEDOWNLOADFEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_RESTRICT_ACTIVEXINSTALLFEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_ADDON_MANAGEMENTFEATURE_ADDON_MANAGEMENT
FEATURE_HTTP_USERNAME_PASSWORD_DISABLEFEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SECURITYBANDFEATURE_SECURITYBAND
FEATURE_UNC_SAVEDFILECHECKFEATURE_UNC_SAVEDFILECHECK
FEATURE_VALIDATE_NAVIGATE_URLFEATURE_VALIDATE_NAVIGATE_URL
FEATURE_DISABLE_TELNET_PROTOCOLFEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_WEBOC_POPUPMANAGEMENTFEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_DISABLE_LEGACY_COMPRESSIONFEATURE_DISABLE_LEGACY_COMPRESSION
FEATURE_SSLUXFEATURE_SSLUX

由于这些功能控件是无条件启用的,因此它们可能会对完全信任的应用程序造成损害。Since these feature controls are enabled unconditionally, a full-trust application might be impaired by them. 在这种情况下,如果特定应用程序及其承载的内容没有安全风险,则可以禁用相应的功能控件。In this case, if there is no security risk for the specific application and the content it is hosting, the corresponding feature control can be disabled.

功能控件由实例化 WebBrowser ActiveX 对象的过程应用。Feature controls are applied by the process instantiating the WebBrowser ActiveX object. 因此,如果要创建可导航到不受信任的内容的独立应用程序,则应该认真考虑启用附加功能控件。Therefore, if you are creating a stand-alone application that can navigate to untrusted content, you should seriously consider enabling additional feature controls.

备注

此建议是根据 MSHTML 和 SHDOCVW 主机安全性的一般性建议提出的。This recommendation is based on general recommendations for MSHTML and SHDOCVW host security. 有关详细信息,请参阅MSHTML 主机安全性常见问题:第 I 部分MSHTML 主机安全性常见问题:第 ii 部分(共 ii 部分)。For more information, see The MSHTML Host Security FAQ: Part I of II and The MSHTML Host Security FAQ: Part II of II.

对于可执行文件,请考虑通过将注册表值设置为 1 来启用以下功能控件。For your executable, consider enabling the following feature controls by setting the registry value to 1.

功能控件Feature Control
FEATURE_ACTIVEX_REPURPOSEDETECTIONFEATURE_ACTIVEX_REPURPOSEDETECTION
FEATURE_BLOCK_LMZ_IMGFEATURE_BLOCK_LMZ_IMG
FEATURE_BLOCK_LMZ_OBJECTFEATURE_BLOCK_LMZ_OBJECT
FEATURE_BLOCK_LMZ_SCRIPTFEATURE_BLOCK_LMZ_SCRIPT
FEATURE_RESTRICT_RES_TO_LMZFEATURE_RESTRICT_RES_TO_LMZ
FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7
FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOGFEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG
FEATURE_LOCALMACHINE_LOCKDOWNFEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_FORCE_ADDR_AND_STATUSFEATURE_FORCE_ADDR_AND_STATUS
FEATURE_RESTRICTED_ZONE_WHEN_FILE_NOT_FOUNDFEATURE_RESTRICTED_ZONE_WHEN_FILE_NOT_FOUND

对于可执行文件,请考虑通过将注册表值设置为 0 来禁用以下功能控件。For your executable, consider disabling the following feature control by setting the registry value to 0.

功能控件Feature Control
FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPTFEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT

如果在 Windows Internet Explorer 中运行包含 WPF WebBrowser 控件的部分信任 XAML 浏览器应用程序(XBAP),则 WPF 会在 Internet Explorer 进程的地址空间中承载 WebBrowser ActiveX 控件。If you run a partial-trust XAML browser application (XBAP) that includes a WPF WebBrowser control in Windows Internet Explorer, WPF hosts the WebBrowser ActiveX control in the address space of the Internet Explorer process. 由于 WebBrowser ActiveX 控件承载于 Internet Explorer 进程中,因此还为 WebBrowser ActiveX 控件启用了 Internet Explorer 的所有功能控件。Since the WebBrowser ActiveX control is hosted in the Internet Explorer process, all of the feature controls for Internet Explorer are also enabled for the WebBrowser ActiveX control.

与普通的独立应用程序相比,运行于 Internet Explorer 中的 XBAP 还将另外获得一层安全保护。XBAPs running in Internet Explorer also get an additional level of security compared to normal standalone applications. 这种附加安全性是因为 Internet Explorer 和 WebBrowser ActiveX 控件默认在 Windows Vista 和 Windows 7 上以受保护模式运行。This additional security is because Internet Explorer, and therefore the WebBrowser ActiveX control, runs in protected mode by default on Windows Vista and Windows 7. 有关保护模式的详细信息,请参阅了解和使用受保护模式的 Internet ExplorerFor more information about protected mode, see Understanding and Working in Protected Mode Internet Explorer.

备注

如果尝试在 Firefox 中运行包含 WPF WebBrowser 控件的 XBAP,则在 Internet 区域中,将会引发 SecurityExceptionIf you try to run an XBAP that includes a WPF WebBrowser control in Firefox, while in the Internet zone, a SecurityException will be thrown. 这是由于 WPF 安全策略造成的。This is due to WPF security policy.

对部分受信任的客户端应用程序禁用 APTCA 程序集Disabling APTCA Assemblies for Partially Trusted Client Applications

将托管程序集安装到全局程序集缓存(GAC)中时,它们将成为完全受信任的程序集,因为用户必须提供显式权限才能安装这些程序集。When managed assemblies are installed into the global assembly cache (GAC), they become fully trusted because the user must provide explicit permission to install them. 因为这些程序集是完全受信任的,所以只有完全受信任的托管客户端应用程序才可以使用它们。Because they are fully trusted, only fully trusted managed client applications can use them. 若要允许部分受信任的应用程序使用它们,必须使用 AllowPartiallyTrustedCallersAttribute (APTCA)进行标记。To allow partially trusted applications to use them, they must be marked with the AllowPartiallyTrustedCallersAttribute (APTCA). 仅当程序集经过测试,可在部分信任的情况下安全执行时,才应该为其标记此特性。Only assemblies that have been tested to be safe for execution in partial trust should be marked with this attribute.

但是,APTCA 程序集在安装到 GAC 后可能会出现安全漏洞。However, it is possible for an APTCA assembly to exhibit a security flaw after being installed into the GAC . 一旦发现安全漏洞,程序集发布者可以生成安全更新来修复现有安装上的问题,还可以阻止问题发现后进行的安装操作。Once a security flaw is discovered, assembly publishers can produce a security update to fix the problem on existing installations, and to protect against installations that may occur after the problem is discovered. 其中一个更新选项是卸载程序集,即使这可能中断使用该程序集的其他完全受信任的客户端应用程序。One option for the update is to uninstall the assembly, although that may break other fully trusted client applications that use the assembly.

WPFWPF 提供了一种机制,可在不卸载 APTCA 程序集的情况下为部分受信任的 Xbap 禁用 APTCA 程序集。provides a mechanism by which an APTCA assembly can be disabled for partially trusted XBAPs without uninstalling the APTCA assembly.

若要禁用 APTCA 程序集,必须创建一个特殊的注册表项:To disable an APTCA assembly, you have to create a special registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\APTCA\<AssemblyFullName>, FileVersion=<AssemblyFileVersion>

示例如下:The following shows an example:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\APTCA\aptcagac, Version=1.0.0.0, Culture=neutral, PublicKeyToken=215e3ac809a0fea7, FileVersion=1.0.0.0

此项建立 APTCA 程序集的条目。This key establishes an entry for the APTCA assembly. 还必须在此项中创建值来启用或禁用程序集。You also have to create a value in this key that enables or disables the assembly. 下面是该值的详细信息:The following are the details of the value:

  • 值名称: APTCA_FLAGValue Name: APTCA_FLAG.

  • 值类型: REG_DWORDValue Type: REG_DWORD.

  • 值数据: 1到禁用;0 ,则启用。Value Data: 1 to disable; 0 to enable.

如果必须为部分受信任的客户端应用程序禁用某程序集,可以编写一个用于创建注册表项和值的更新。If an assembly has to be disabled for partially trusted client applications, you can write an update that creates the registry key and value.

备注

核心 .NET Framework 程序集不受以这种方式的影响,因为运行托管应用程序时需要这些程序集。Core .NET Framework assemblies are not affected by disabling them in this way because they are required for managed applications to run. 对禁用 APTCA 程序集的支持主要面向第三方应用程序。Support for disabling APTCA assemblies is primarily targeted to third-party applications.

宽松 XAML 文件的沙盒行为Sandbox Behavior for Loose XAML Files

松散 XAMLXAML 文件是仅标记的 XAML 文件,不依赖于任何代码隐藏、事件处理程序或应用程序特定的程序集。Loose XAMLXAML files are markup-only XAML files that do not depend on any code-behind, event handler, or application-specific assembly. 当直接从浏览器导航到松散 XAMLXAML 文件时,这些文件将基于默认 Internet 区域权限集加载到安全沙箱中。When loose XAMLXAML files are navigated to directly from the browser, they are loaded in a security sandbox based on the default Internet zone permission set.

但是,当从独立应用程序中的 NavigationWindowFrame 导航到松散 XAMLXAML 文件时,安全行为会有所不同。However, the security behavior is different when loose XAMLXAML files are navigated to from either a NavigationWindow or Frame in a standalone application.

在这两种情况下,导航到的松散 XAMLXAML 文件继承其主机应用程序的权限。In both cases, the loose XAMLXAML file that is navigated to inherits the permissions of its host application. 但是,这种行为可能会从安全角度来看,特别是当不受信任或未知的实体生成了松散 XAMLXAML 文件时。However, this behavior may be undesirable from a security perspective, particularly if a loose XAMLXAML file was produced by an entity that is either not trusted or unknown. 这种类型的内容称为外部内容FrameNavigationWindow 均可配置为在导航到时将其隔离。This type of content is known as external content, and both Frame and NavigationWindow can be configured to isolate it when navigated to. 可以通过将SandboxExternalContent属性设置为 true 来实现隔离,如下面 FrameNavigationWindow的示例所示:Isolation is achieved by setting the SandboxExternalContent property to true, as shown in the following examples for Frame and NavigationWindow:

<Frame 
  Source="ExternalContentPage.xaml" 
  SandboxExternalContent="True">
</Frame>
<!-- Sandboxing external content using NavigationWindow-->
<NavigationWindow 
  xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" 
  Source="ExternalContentPage.xaml" 
  SandboxExternalContent="True">
</NavigationWindow>

使用此设置,外部内容将加载到不同于承载应用程序的进程的进程中。With this setting, external content will be loaded into a process that is separate from the process that is hosting the application. 此进程被限制在默认 Internet 区域权限集中,从而有效地将其与承载应用程序和客户端计算机隔离。This process is restricted to the default Internet zone permission set, effectively isolating it from the hosting application and the client computer.

备注

尽管从独立应用程序中的 NavigationWindowFrame 导航到松散 XAMLXAML 文件的操作是基于 WPF 浏览器宿主基础结构(涉及 Presentationhost.exe 进程)实现的,但在 Windows Vista 和 Windows 7 上的 Internet Explorer 中直接加载内容时,安全级别会略微小于 Presentationhost.exe。Even though navigation to loose XAMLXAML files from either a NavigationWindow or Frame in a standalone application is implemented based on the WPF browser hosting infrastructure, involving the PresentationHost process, the security level is slightly less than when the content is loaded directly in Internet Explorer on Windows Vista and Windows 7 (which would still be through PresentationHost). 这是因为使用 Web 浏览器的独立 WPF 应用程序不提供 Internet Explorer 的额外“保护模式”安全功能。This is because a standalone WPF application using a Web browser does not provide the additional Protected Mode security feature of Internet Explorer.

用于开发可提高安全性的 WPF 应用程序的资源Resources for Developing WPF Applications that Promote Security

下面是一些其他资源,可帮助开发 WPFWPF 提高安全性的应用程序:The following are some additional resources to help develop WPFWPF applications that promote security:

区域Area 资源Resource
托管代码Managed code 应用程序的模式和实践安全指南Patterns and Practices Security Guidance for Applications
CASCAS 代码访问安全性Code Access Security
ClickOnceClickOnce ClickOnce 安全和部署ClickOnce Security and Deployment
WPFWPF WPF 部分信任安全WPF Partial Trust Security

另请参阅See also