FileIOPermission FileIOPermission FileIOPermission FileIOPermission Class

定義

控制存取檔案和資料夾的能力。Controls the ability to access files and folders. 這個類別無法被繼承。This class cannot be inherited.

public ref class FileIOPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class FileIOPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
繼承
屬性
實作

範例

下列範例說明使用的程式碼FileIOPermissionThe following examples illustrate code that uses FileIOPermission. 在下列兩行程式碼,該物件之後f代表電腦的本機磁碟讀取用戶端上的所有檔案的權限。After the following two lines of code, the object f represents permission to read all files on the client computer's local disks. 程式碼範例然後要求的權限,來判斷應用程式是否有讀取檔案的權限。The code example then demands the permission to determine whether the application has permission to read the files.

FileIOPermission^ f = gcnew FileIOPermission( PermissionState::None );
f->AllLocalFiles = FileIOPermissionAccess::Read;
try
{
 f->Demand();
}
catch (SecurityException^ s)
{
 Console::WriteLine(s->Message);
}
FileIOPermission f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
try
{
    f.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}

Dim f As New FileIOPermission(PermissionState.None)
f.AllLocalFiles = FileIOPermissionAccess.Read
Try
    f.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

在下列兩行程式碼,該物件之後f2代表讀取 C:\test_r 與讀取和寫入 C:\example\out.txt 的權限。After the following two lines of code, the object f2 represents permissions to read C:\test_r and read and write to C:\example\out.txt. ReadWrite代表檔案/資料夾權限,如先前所述。Read and Write represent the file/folder permissions as previously described. 建立權限之後, 程式碼會要求以判斷應用程式是否具有讀取和寫入檔案的權限的權限。After creating the permission, the code demands the permission to determine whether the application has the right to read and write to the file.

FileIOPermission^ f2 = gcnew FileIOPermission( FileIOPermissionAccess::Read,"C:\\test_r" );
f2->AddPathList( (FileIOPermissionAccess) (FileIOPermissionAccess::Write | FileIOPermissionAccess::Read), "C:\\example\\out.txt" );
try
{
 f2->Demand();
}
catch (SecurityException^ s)
{
 Console::WriteLine(s->Message);
}
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\test_r");
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, "C:\\example\\out.txt");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f2 As New FileIOPermission(FileIOPermissionAccess.Read, "C:\test_r")
f2.AddPathList(FileIOPermissionAccess.Write Or FileIOPermissionAccess.Read, "C:\example\out.txt")
Try
    f2.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

備註

此權限會區分下列四種類型的檔案所提供的 IO 存取FileIOPermissionAccess:This permission distinguishes between the following four types of file IO access provided by FileIOPermissionAccess:

  • Read:檔案或檔案,例如它的長度或上次修改時間的相關資訊的存取權的內容的讀取權限。Read: Read access to the contents of the file or access to information about the file, such as its length or last modification time.

  • Write:檔案或變更檔案,例如其名稱的相關資訊的存取權的內容寫入權限。Write: Write access to the contents of the file or access to change information about the file, such as its name. 也可讓刪除和覆寫。Also allows for deletion and overwriting.

  • Append:僅限檔案結尾寫入的能力。Append: Ability to write to the end of a file only. 無法讀取。No ability to read.

  • PathDiscovery:存取路徑本身的資訊。PathDiscovery: Access to the information in the path itself. 這有助於保護的路徑,例如使用者名稱中的機密資訊,以及顯示在路徑中的目錄結構的相關資訊。This helps protect sensitive information in the path, such as user names, as well as information about the directory structure that is revealed in the path. 這個值不能存取由路徑表示的檔案或資料夾。This value does not grant access to files or folders represented by the path.

注意

Write存取組件是類似於授與完全信任。Giving Write access to an assembly is similar to granting it full trust. 如果應用程式不應該寫入至檔案系統,它不應該有Write存取。If an application should not write to the file system, it should not have Write access.

上述所有使用權限是獨立的這表示其中一個權限不一定代表另一個權限。All these permissions are independent, meaning that rights to one do not imply rights to another. 例如,Write權限並不表示的權限ReadAppendFor example, Write permission does not imply permission to Read or Append. 如果想要使用一個以上的權限,他們可以結合使用位元 OR 運算,接下來的程式碼範例所示。If more than one permission is desired, they can be combined using a bitwise OR as shown in the code example that follows. 檔案權限的定義是根據標準的絕對路徑;使用標準的檔案路徑時,應該一律進行呼叫。File permission is defined in terms of canonical absolute paths; calls should always be made with canonical file paths.

FileIOPermission 說明檔案和資料夾上的受保護的作業。FileIOPermission describes protected operations on files and folders. File類別可協助提供安全存取檔案和資料夾。The File class helps provide secure access to files and folders. 檔案的控制代碼建立時執行的安全性存取檢查。The security access check is performed when the handle to the file is created. 藉由在建立時的檢查,安全性檢查的效能影響降到最低。By doing the check at creation time, the performance impact of the security check is minimized. 開啟檔案時發生一次,讀取和寫入可能會發生多次。Opening a file happens once, while reading and writing can happen multiple times. 一旦開啟檔案時,沒有進一步檢查完成。Once the file is opened, no further checks are done. 如果物件傳遞至不受信任的呼叫端時,它可能會誤用。If the object is passed to an untrusted caller, it can be misused. 例如,檔案控制代碼不應儲存在公用與較低權限的程式碼可以存取的全域靜態變數。For example, file handles should not be stored in public global statics where code with less permission can access them.

FileIOPermissionAccess 指定可以在檔案或資料夾執行的動作。FileIOPermissionAccess specifies actions that can be performed on the file or folder. 此外,您可以使用位元 OR 運算,以形成複雜的執行個體加以結合這些動作。In addition, these actions can be combined using a bitwise OR to form complex instances.

資料夾的存取權會表示它包含,並且可存取所有檔案和資料夾及其子資料夾中的所有檔案的存取權。Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. 例如, Read C:\folder1\ 存取意味著ReadC:\folder1\file1.txt,C:\folder1\folder2 存取\,C:\folder1\folder2\file2.txt,依此類推。For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

注意

在之前的.NET Framework 的版本中.NET Framework 4.NET Framework 4,您可以使用CodeAccessPermission.Deny方法,以防止意外存取系統資源受信任的程式碼。In versions of the .NET Framework before the .NET Framework 4.NET Framework 4, you could use the CodeAccessPermission.Deny method to prevent inadvertent access to system resources by trusted code. Deny 現已淘汰,並存取資源現在僅取決於授與的權限集合組件。Deny is now obsolete, and access to resources is now determined solely by the granted permission set for an assembly. 若要限制檔案的存取權,您必須在沙箱中執行部分信任程式碼,並將指派給它的權限的程式碼可以存取的資源。To limit access to files, you must run partially trusted code in a sandbox and assign it permissions only to resources that the code is allowed to access. 如需在沙箱中執行的應用程式的資訊,請參閱How to:在沙箱中執行部分信任的程式碼中所述。For information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

建構函式

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String)

以針對指定檔案或目錄的指定存取權限和檔案控制資訊的指定存取權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[]) FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[])

以針對指定檔案和目錄的指定存取權限和檔案控制資訊的指定存取權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String) FileIOPermission(FileIOPermissionAccess, String)

初始化具有指定檔案或目錄之指定存取權的 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory.

FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[]) FileIOPermission(FileIOPermissionAccess, String[])

初始化具有指定檔案及目錄之指定存取權的 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories.

FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState) FileIOPermission(PermissionState)

依照指定使用完全限制或無限制的權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with fully restricted or unrestricted permission as specified.

屬性

AllFiles AllFiles AllFiles AllFiles

取得或設定允許的所有檔案存取。Gets or sets the permitted access to all files.

AllLocalFiles AllLocalFiles AllLocalFiles AllLocalFiles

取得或設定允許的所有本機檔案存取。Gets or sets the permitted access to all local files.

方法

AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String) AddPathList(FileIOPermissionAccess, String)

將指定的檔案或目錄存取加入權限的現有狀態。Adds access for the specified file or directory to the existing state of the permission.

AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[]) AddPathList(FileIOPermissionAccess, String[])

將指定的檔案和目錄存取加入權限的現有狀態。Adds access for the specified files and directories to the existing state of the permission.

Assert() Assert() Assert() Assert()

宣告即使堆疊中較高層的呼叫端未獲得資源存取權限,呼叫程式碼仍可透過呼叫這個方法的程式碼要求權限,來存取受保護的資源。Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. 使用 Assert() 可能會造成安全性問題。Using Assert() can create security issues.

(Inherited from CodeAccessPermission)
Copy() Copy() Copy() Copy()

建立並傳回目前權限的相同複本。Creates and returns an identical copy of the current permission.

Demand() Demand() Demand() Demand()

如果呼叫堆疊中所有較高層的呼叫端尚未授與目前執行個體 (Instance) 所指定的使用權限,請於執行階段強制執行 SecurityExceptionForces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(Inherited from CodeAccessPermission)
Deny() Deny() Deny() Deny()

防止呼叫堆疊中較高層的呼叫端,使用呼叫這個方法的程式碼來存取目前執行個體所指定的資源。Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(Inherited from CodeAccessPermission)
Equals(Object) Equals(Object) Equals(Object) Equals(Object)

判斷指定的 FileIOPermission 物件是否等於目前的 FileIOPermissionDetermines whether the specified FileIOPermission object is equal to the current FileIOPermission.

FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement) FromXml(SecurityElement)

透過 XML 編碼,重新建構具有指定狀態的權限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

取得 FileIOPermission 物件的雜湊碼,其適合用於雜湊表這類的雜湊演算法和資料結構。Gets a hash code for the FileIOPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess) GetPathList(FileIOPermissionAccess)

取得具有指定之 FileIOPermissionAccess 的所有檔案和目錄。Gets all files and directories with the specified FileIOPermissionAccess.

GetType() GetType() GetType() GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission) Intersect(IPermission) Intersect(IPermission) Intersect(IPermission)

建立並傳回目前權限與指定權限交集的權限。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission) IsSubsetOf(IPermission)

判斷目前權限是否為指定權限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted() IsUnrestricted() IsUnrestricted() IsUnrestricted()

傳回值,指出目前的權限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

建立目前 Object 的淺層複本 (Shallow Copy)。Creates a shallow copy of the current Object.

(Inherited from Object)
PermitOnly() PermitOnly() PermitOnly() PermitOnly()

防止呼叫堆疊中較高層的呼叫端,使用呼叫這個方法的程式碼來存取除了目前執行個體所指定資源之外的所有資源。Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(Inherited from CodeAccessPermission)
SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String) SetPathList(FileIOPermissionAccess, String)

設定指定檔案或目錄的指定存取權,取代使用權限的現有狀態。Sets the specified access to the specified file or directory, replacing the existing state of the permission.

SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[]) SetPathList(FileIOPermissionAccess, String[])

設定對指定檔案和目錄的指定存取,方法是以一組新的路徑取代指定存取的目前狀態。Sets the specified access to the specified files and directories, replacing the current state for the specified access with the new set of paths.

ToString() ToString() ToString() ToString()

建立並傳回目前使用權限物件的字串表示。Creates and returns a string representation of the current permission object.

(Inherited from CodeAccessPermission)
ToXml() ToXml() ToXml() ToXml()

建立權限和其目前狀態的 XML 編碼方式。Creates an XML encoding of the permission and its current state.

Union(IPermission) Union(IPermission) Union(IPermission) Union(IPermission)

建立目前權限與指定權限聯集的權限。Creates a permission that is the union of the current permission and the specified permission.

明確介面實作

IPermission.Demand() IPermission.Demand() IPermission.Demand() IPermission.Demand() Inherited from CodeAccessPermission
IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() IStackWalk.Assert() Inherited from CodeAccessPermission
IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() IStackWalk.Demand() Inherited from CodeAccessPermission
IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() IStackWalk.Deny() Inherited from CodeAccessPermission
IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() IStackWalk.PermitOnly() Inherited from CodeAccessPermission

適用於

另請參閱