SecurityAction 列舉
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
警告
Code Access Security is not supported or honored by the runtime.
警告
CAS support is not available with Silverlight applications.
指定可以使用宣告式安全性執行的安全性動作。
public enum class SecurityAction
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public enum SecurityAction
public enum SecurityAction
[System.Serializable]
public enum SecurityAction
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public enum SecurityAction
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
[System.Obsolete("CAS support is not available with Silverlight applications.")]
public enum SecurityAction
[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type SecurityAction =
type SecurityAction =
[<System.Serializable>]
type SecurityAction =
[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type SecurityAction =
[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
[<System.Obsolete("CAS support is not available with Silverlight applications.")>]
type SecurityAction =
Public Enum SecurityAction
- 繼承
- 屬性
欄位
Assert | 3 | 即使堆疊中較高層的呼叫端未獲得資源存取權限,呼叫程式碼仍可以存取目前權限物件所識別的資源 (請參閱使用 Assert 方法)。 |
Demand | 2 | 呼叫堆疊中較高層的所有呼叫端,必須已獲得目前權限物件所指定的權限。 |
Deny | 4 | 拒絕呼叫端存取目前權限物件所指定的資源,即使呼叫端獲得資源存取權限亦然 (請參閱使用 Deny 方法)。 |
InheritanceDemand | 7 | 繼承類別或覆寫方法的衍生類別 (Derived Class) 必須已經授與指定的使用權限。 |
LinkDemand | 6 | 直接呼叫端必須已獲得指定權限。 請勿在 .NET Framework 4 中使用。 如需完全信任,請使用 SecurityCriticalAttribute,部分信任則使用 Demand。 |
PermitOnly | 5 | 只可存取這個權限物件所指定的資源,即使程式碼已獲得其他資源存取權限亦然。 |
RequestMinimum | 8 | 要求執行程式碼所需的最低權限。 這個動作只能在組件的範圍內使用。 |
RequestOptional | 9 | 要求選擇性 (非執行所需) 的其他權限。 這項要求會隱含拒絕未特別要求的所有其他權限。 這個動作只能在組件的範圍內使用。 |
RequestRefuse | 10 | 要求不將可能遭到誤用的權限授權給呼叫程式碼。 這個動作只能在組件的範圍內使用。 |
範例
此範例示範如何通知 CLR,呼叫方法中的程式碼只有 IsolatedStoragePermission ,也會示範如何撰寫和讀取隔離儲存區。
using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::IO::IsolatedStorage;
using namespace System::IO;
static void WriteIsolatedStorage()
{
try
{
// Attempt to create a storage file that is isolated by
// user and assembly. IsolatedStorageFilePermission
// granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this
// statement.
Stream^ fileCreateStream = gcnew
IsolatedStorageFileStream(
"AssemblyData",
FileMode::Create,
IsolatedStorageFile::GetUserStoreForAssembly());
StreamWriter^ streamWriter = gcnew StreamWriter(
fileCreateStream);
try
{
// Write some data out to the isolated file.
streamWriter->Write("This is some test data.");
streamWriter->Close();
}
finally
{
delete fileCreateStream;
delete streamWriter;
}
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
try
{
Stream^ fileOpenStream =
gcnew IsolatedStorageFileStream(
"AssemblyData",
FileMode::Open,
IsolatedStorageFile::GetUserStoreForAssembly());
// Attempt to open the file that was previously created.
StreamReader^ streamReader = gcnew StreamReader(
fileOpenStream);
try
{
// Read the data from the file and display it.
Console::WriteLine(streamReader->ReadLine());
streamReader->Close();
}
finally
{
delete fileOpenStream;
delete streamReader;
}
}
catch (FileNotFoundException^ ex)
{
Console::WriteLine(ex->Message);
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
}
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction::PermitOnly, UsageAllowed = IsolatedStorageContainment::AssemblyIsolationByUser)]
int main()
{
WriteIsolatedStorage();
}
// This code produces the following output.
//
// This is some test data.
using System;
using System.Security.Permissions;
using System.IO.IsolatedStorage;
using System.IO;
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser)]
public sealed class App
{
static void Main()
{
WriteIsolatedStorage();
}
private static void WriteIsolatedStorage()
{
// Attempt to create a storage file that is isolated by user and assembly.
// IsolatedStorageFilePermission granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this statement.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Write some data out to the isolated file.
using (StreamWriter sw = new StreamWriter(s))
{
sw.Write("This is some test data.");
}
}
// Attempt to open the file that was previously created.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Read the data from the file and display it.
using (StreamReader sr = new StreamReader(s))
{
Console.WriteLine(sr.ReadLine());
}
}
}
}
// This code produces the following output.
//
// Some test data.
Option Strict On
Imports System.Security.Permissions
Imports System.IO.IsolatedStorage
Imports System.IO
' Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
' This restricts the called methods to working only with storage files that are isolated
' by user and assembly.
<IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed:=IsolatedStorageContainment.AssemblyIsolationByUser)> _
Public NotInheritable Class App
Shared Sub Main()
WriteIsolatedStorage()
End Sub
Shared Sub WriteIsolatedStorage()
' Attempt to create a storage file that is isolated by user and assembly.
' IsolatedStorageFilePermission granted to the attribute at the top of this file
' allows CLR to load this assembly and execution of this statement.
Dim s As New IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Write some data out to the isolated file.
Dim sw As New StreamWriter(s)
Try
sw.Write("This is some test data.")
Finally
sw.Dispose()
End Try
Finally
s.Dispose()
End Try
' Attempt to open the file that was previously created.
Dim t As New IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Read the data from the file and display it.
Dim sr As New StreamReader(t)
Try
Console.WriteLine(sr.ReadLine())
Finally
sr.Dispose()
End Try
Finally
t.Dispose()
End Try
End Sub
End Class
' This code produces the following output.
'
' Some test data.
備註
警告
程式碼啟用安全性 (CAS) 在所有版本的 .NET Framework 和 .NET 中已被取代。 最新版本的 .NET 不接受 CAS 批註,並在使用 CAS 相關 API 時產生錯誤。 開發人員應該尋求替代方式來完成安全性工作。
下表描述每個安全性動作發生的時間及其支援的目標。
重要
在 .NET Framework 4 中,已移除執行時間支援,以強制執行 Deny、RequestMinimum、RequestOptional 和 RequestRefuse 許可權要求。 這些要求不應該用在以 .NET Framework 4 或更新版本為基礎的程式碼中。 如需此變更和其他變更的詳細資訊,請參閱 安全性變更。
您不應該在 .NET Framework 4 中使用 LinkDemand
。 請改用 SecurityCriticalAttribute 來限制完全信任應用程式的使用方式,或使用 Demand
來限制部分信任的呼叫端。
安全性動作的宣告 | 動作時間 | 支援的目標 |
---|---|---|
LinkDemand (不會在 .NET Framework 4) 中使用 |
Just-In-Time 編譯 | 類別、方法 |
InheritanceDemand |
載入時間 | 類別、方法 |
Demand |
執行階段 | 類別、方法 |
Assert |
執行階段 | 類別、方法 |
Deny (在 .NET Framework 4) 中過時 |
執行階段 | 類別、方法 |
PermitOnly |
執行階段 | 類別、方法 |
RequestMinimum (在 .NET Framework 4) 中過時 |
授與時間 | 組件 |
RequestOptional (在 .NET Framework 4) 中過時 |
授與時間 | 組件 |
RequestRefuse (在 .NET Framework 4) 中過時 |
授與時間 | 組件 |
如需屬性目標的其他資訊,請參閱 Attribute 。
適用於
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應