FileIOPermission 類別

定義

控制存取檔案和資料夾的能力。Controls the ability to access files and folders. 這個類別無法被繼承。This class cannot be inherited.

public ref class FileIOPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class FileIOPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
繼承
FileIOPermission
屬性
實作

範例

下列範例說明使用FileIOPermission的程式碼。The following examples illustrate code that uses FileIOPermission. 在下列兩行程式碼之後,物件f代表讀取用戶端電腦本機磁片上所有檔案的許可權。After the following two lines of code, the object f represents permission to read all files on the client computer's local disks. 然後,此程式碼範例會要求許可權來判斷應用程式是否有讀取檔案的許可權。The code example then demands the permission to determine whether the application has permission to read the files.

FileIOPermission^ f = gcnew FileIOPermission( PermissionState::None );
f->AllLocalFiles = FileIOPermissionAccess::Read;
try
{
    f->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
try
{
    f.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}

Dim f As New FileIOPermission(PermissionState.None)
f.AllLocalFiles = FileIOPermissionAccess.Read
Try
    f.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

在下列兩行程式碼後面,物件f2代表讀取 C:\test_r 以及讀取和寫入 C:\example\out.txt. 的許可權。After the following two lines of code, the object f2 represents permissions to read C:\test_r and read and write to C:\example\out.txt. ReadWrite代表先前所述的檔案/資料夾許可權。Read and Write represent the file/folder permissions as previously described. 建立許可權之後,程式碼會要求許可權,以判斷應用程式是否有讀取和寫入檔案的許可權。After creating the permission, the code demands the permission to determine whether the application has the right to read and write to the file.

FileIOPermission^ f2 = gcnew FileIOPermission( FileIOPermissionAccess::Read,"C:\\test_r" );
f2->AddPathList( (FileIOPermissionAccess) (FileIOPermissionAccess::Write | FileIOPermissionAccess::Read), "C:\\example\\out.txt" );
try
{
    f2->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\test_r");
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, "C:\\example\\out.txt");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f2 As New FileIOPermission(FileIOPermissionAccess.Read, "C:\test_r")
f2.AddPathList(FileIOPermissionAccess.Write Or FileIOPermissionAccess.Read, "C:\example\out.txt")
Try
    f2.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

備註

此許可權可區分下列四種類型的檔 IO 存取FileIOPermissionAccessThis permission distinguishes between the following four types of file IO access provided by FileIOPermissionAccess:

  • Read:檔案內容的讀取存取權,或存取檔案的相關資訊,例如其長度或上次修改時間。Read: Read access to the contents of the file or access to information about the file, such as its length or last modification time.

  • Write:檔案內容的寫入權限,或存取以變更檔案的相關資訊,例如其名稱。Write: Write access to the contents of the file or access to change information about the file, such as its name. 也允許刪除和覆寫。Also allows for deletion and overwriting.

  • Append:只能寫入檔案結尾的功能。Append: Ability to write to the end of a file only. 沒有讀取的能力。No ability to read.

  • PathDiscovery:存取路徑本身的資訊。PathDiscovery: Access to the information in the path itself. 這有助於保護路徑中的機密資訊(例如使用者名稱),以及路徑中所顯示目錄結構的相關資訊。This helps protect sensitive information in the path, such as user names, as well as information about the directory structure that is revealed in the path. 這個值不能存取由路徑表示的檔案或資料夾。This value does not grant access to files or folders represented by the path.

注意

提供Write元件的存取權,類似于授與它完全信任。Giving Write access to an assembly is similar to granting it full trust. 如果應用程式不應該寫入檔案系統,它就不能有Write存取權。If an application should not write to the file system, it should not have Write access.

所有這些許可權都是獨立的,也就是說,其中一項的許可權並不代表對另一個的許可權。All these permissions are independent, meaning that rights to one do not imply rights to another. 例如, Write許可權並不代表ReadAppend的許可權。For example, Write permission does not imply permission to Read or Append. 如果需要一個以上的許可權,可以使用位 OR 結合,如下列程式碼範例所示。If more than one permission is desired, they can be combined using a bitwise OR as shown in the code example that follows. 檔案許可權是以標準絕對路徑來定義;應該一律使用標準檔案路徑來進行呼叫。File permission is defined in terms of canonical absolute paths; calls should always be made with canonical file paths.

FileIOPermission描述檔案和資料夾上受保護的作業。FileIOPermission describes protected operations on files and folders. 類別File可協助提供檔案和資料夾的安全存取。The File class helps provide secure access to files and folders. 建立檔案的控制碼時,會執行安全性存取檢查。The security access check is performed when the handle to the file is created. 藉由在建立時執行檢查,會將安全性檢查的效能影響降到最低。By doing the check at creation time, the performance impact of the security check is minimized. 開啟檔案只會發生一次,而讀取和寫入可能會多次發生。Opening a file happens once, while reading and writing can happen multiple times. 開啟檔案之後,就不會再進行進一步的檢查。Once the file is opened, no further checks are done. 如果物件傳遞至不受信任的呼叫端,可能會被誤用。If the object is passed to an untrusted caller, it can be misused. 例如,檔案控制代碼不應儲存在公用全域靜態中,而具有較少許可權的程式碼可以存取它們。For example, file handles should not be stored in public global statics where code with less permission can access them.

FileIOPermissionAccess指定可在檔案或資料夾上執行的動作。FileIOPermissionAccess specifies actions that can be performed on the file or folder. 此外,您可以使用位 OR 結合這些動作,以形成複雜的實例。In addition, these actions can be combined using a bitwise OR to form complex instances.

資料夾的存取權意指其所包含之所有檔案的存取權,以及其子資料夾中所有檔案和資料夾的存取權。Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. 例如, Read存取 C:\folder1\ 意指Read C:\folder1\file1.txt、C:\folder1\folder2\、C:\folder1\folder2\file2.txt 等等的存取權。For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

注意

在之前.NET Framework 4.NET Framework 4的 .NET Framework 版本中,您可以CodeAccessPermission.Deny使用方法來防止受信任的程式碼意外存取系統資源。In versions of the .NET Framework before the .NET Framework 4.NET Framework 4, you could use the CodeAccessPermission.Deny method to prevent inadvertent access to system resources by trusted code. Deny現在已過時,而且資源的存取權現在只由元件的授與許可權集合所決定。Deny is now obsolete, and access to resources is now determined solely by the granted permission set for an assembly. 若要限制檔案的存取權,您必須在沙箱中執行部分信任的程式碼,並只將其許可權指派給允許程式碼存取的資源。To limit access to files, you must run partially trusted code in a sandbox and assign it permissions only to resources that the code is allowed to access. 如需在沙箱中執行應用程式的詳細資訊,請參閱如何:在沙箱中執行部分信任的程式碼中所述。For information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

建構函式

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String)

以針對指定檔案或目錄的指定存取權限和檔案控制資訊的指定存取權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[])

以針對指定檔案和目錄的指定存取權限和檔案控制資訊的指定存取權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, String)

初始化具有指定檔案或目錄之指定存取權的 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory.

FileIOPermission(FileIOPermissionAccess, String[])

初始化具有指定檔案及目錄之指定存取權的 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories.

FileIOPermission(PermissionState)

依照指定使用完全限制或無限制的權限,初始化 FileIOPermission 類別的新執行個體。Initializes a new instance of the FileIOPermission class with fully restricted or unrestricted permission as specified.

屬性

AllFiles

取得或設定允許的所有檔案存取。Gets or sets the permitted access to all files.

AllLocalFiles

取得或設定允許的所有本機檔案存取。Gets or sets the permitted access to all local files.

方法

AddPathList(FileIOPermissionAccess, String)

將指定的檔案或目錄存取加入權限的現有狀態。Adds access for the specified file or directory to the existing state of the permission.

AddPathList(FileIOPermissionAccess, String[])

將指定的檔案和目錄存取加入權限的現有狀態。Adds access for the specified files and directories to the existing state of the permission.

Assert()

宣告即使堆疊中較高層的呼叫端未獲得資源存取權限,呼叫程式碼仍可透過呼叫這個方法的程式碼要求權限,來存取受保護的資源。Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. 使用 Assert() 會造成安全性問題。Using Assert() can create security issues.

(繼承來源 CodeAccessPermission)
Copy()

建立並傳回目前權限的相同複本。Creates and returns an identical copy of the current permission.

Demand()

如果在呼叫堆疊中較高的所有呼叫端都尚未被授與由目前執行個體所指定之權限,則會在執行階段強制執行 SecurityExceptionForces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(繼承來源 CodeAccessPermission)
Deny()

防止呼叫堆疊中較高的呼叫端,使用程式碼呼叫此方法來存取目前執行個體所指定的資源。Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(繼承來源 CodeAccessPermission)
Equals(Object)

判斷指定的 FileIOPermission 物件是否等於目前的 FileIOPermissionDetermines whether the specified FileIOPermission object is equal to the current FileIOPermission.

FromXml(SecurityElement)

透過 XML 編碼,重新建構具有指定狀態的權限。Reconstructs a permission with a specified state from an XML encoding.

GetHashCode()

取得 FileIOPermission 物件的雜湊碼,其適合用於雜湊表這類的雜湊演算法和資料結構。Gets a hash code for the FileIOPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetPathList(FileIOPermissionAccess)

取得具有指定之 FileIOPermissionAccess 的所有檔案和目錄。Gets all files and directories with the specified FileIOPermissionAccess.

GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(繼承來源 Object)
Intersect(IPermission)

建立並傳回目前權限與指定權限交集的權限。Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission)

判斷目前權限是否為指定權限的子集。Determines whether the current permission is a subset of the specified permission.

IsUnrestricted()

傳回值,指出目前的權限是否不受限制。Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone()

建立目前 Object 的淺層複本 (Shallow Copy)。Creates a shallow copy of the current Object.

(繼承來源 Object)
PermitOnly()

防止呼叫堆疊中較高的呼叫端,使用程式碼呼叫此方法來存取目前執行個體所指定之資源以外的所有資源。Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(繼承來源 CodeAccessPermission)
SetPathList(FileIOPermissionAccess, String)

設定指定檔案或目錄的指定存取權,取代使用權限的現有狀態。Sets the specified access to the specified file or directory, replacing the existing state of the permission.

SetPathList(FileIOPermissionAccess, String[])

設定對指定檔案和目錄的指定存取,方法是以一組新的路徑取代指定存取的目前狀態。Sets the specified access to the specified files and directories, replacing the current state for the specified access with the new set of paths.

ToString()

建立並傳回目前使用權限物件的字串表示。Creates and returns a string representation of the current permission object.

(繼承來源 CodeAccessPermission)
ToXml()

建立權限和其目前狀態的 XML 編碼方式。Creates an XML encoding of the permission and its current state.

Union(IPermission)

建立目前權限與指定權限聯集的權限。Creates a permission that is the union of the current permission and the specified permission.

明確介面實作

IPermission.Demand() (繼承來源 CodeAccessPermission)
IStackWalk.Assert() (繼承來源 CodeAccessPermission)
IStackWalk.Demand() (繼承來源 CodeAccessPermission)
IStackWalk.Deny() (繼承來源 CodeAccessPermission)
IStackWalk.PermitOnly() (繼承來源 CodeAccessPermission)

適用於

另請參閱