共用方式為

SecurityManager.GetStandardSandbox(Evidence) 方法

  • 參考

定義

命名空間:
System.Security
組件:
System.Security.Permissions.dll
組件:
mscorlib.dll
套件:
System.Security.Permissions v8.0.0
套件:
System.Security.Permissions v9.0.0-preview.4.24266.19
來源:
SecurityManager.cs
來源:
SecurityManager.cs
來源:
SecurityManager.cs
來源:
SecurityManager.cs

取得可安全授與具提供之辨識項的應用程式的權限集合。

public:
 static System::Security::PermissionSet ^ GetStandardSandbox(System::Security::Policy::Evidence ^ evidence);
public static System.Security.PermissionSet GetStandardSandbox (System.Security.Policy.Evidence evidence);
static member GetStandardSandbox : System.Security.Policy.Evidence -> System.Security.PermissionSet
Public Shared Function GetStandardSandbox (evidence As Evidence) As PermissionSet

參數

evidence
Evidence

要與權限集合比對的主辨識項。

傳回

PermissionSet

權限集合,可用來當做具提供之辨識項的應用程式的授權集。

例外狀況

ArgumentNullException

evidencenull

範例

下列範例示範如何使用 GetStandardSandbox 方法來取得沙盒化應用程式的許可權集合。 如需在沙盒中執行應用程式的詳細資訊,請參閱 如何:在沙盒中執行部分信任的程序代碼

using System;
using System.Collections;
using System.Diagnostics;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Reflection;
using System.IO;

namespace SimpleSandboxing
{
    class Program
    {
        static void Main(string[] args)
        {
            // Create the permission set to grant to other assemblies.
            // In this case we are granting the permissions found in the LocalIntranet zone.
            Evidence e = new Evidence();
            e.AddHostEvidence(new Zone(SecurityZone.Intranet));
            PermissionSet pset = SecurityManager.GetStandardSandbox(e);

            AppDomainSetup ads = new AppDomainSetup();
            // Identify the folder to use for the sandbox.
            ads.ApplicationBase = "C:\\Sandbox";
            // Copy the application to be executed to the sandbox.
            Directory.CreateDirectory("C:\\Sandbox");
            File.Copy("..\\..\\..\\HelloWorld\\bin\\debug\\HelloWorld.exe", "C:\\sandbox\\HelloWorld.exe", true);

            // Create the sandboxed domain.
            AppDomain sandbox = AppDomain.CreateDomain(
               "Sandboxed Domain",
               e,
               ads,
               pset,
               null);
            sandbox.ExecuteAssemblyByName("HelloWorld");
        }
    }
}

Imports System.Collections
Imports System.Diagnostics
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Reflection
Imports System.IO



Class Program
    
    Shared Sub Main(ByVal args() As String) 
        ' Create the permission set to grant to other assemblies.
        ' In this case we are granting the permissions found in the LocalIntranet zone.
        Dim e As New Evidence()
        e.AddHostEvidence(New Zone(SecurityZone.Intranet))
        Dim pset As PermissionSet = SecurityManager.GetStandardSandbox(e)
        
        Dim ads As New AppDomainSetup()
        ' Identify the folder to use for the sandbox.
        ads.ApplicationBase = "C:\Sandbox"
        ' Copy the application to be executed to the sandbox.
        Directory.CreateDirectory("C:\Sandbox")
        File.Copy("..\..\..\HelloWorld\bin\debug\HelloWorld.exe", "C:\sandbox\HelloWorld.exe", True)
        
        ' Create the sandboxed domain.
        Dim sandbox As AppDomain = AppDomain.CreateDomain("Sandboxed Domain", e, ads, pset, Nothing)
        sandbox.ExecuteAssemblyByName("HelloWorld")
    
    End Sub
End Class

備註

注意

在 .NET Framework 4 中,中的evidence主機辨識項必須包含System.Security.Policy.Zone辨識項。

下表顯示針對每個區域傳回的許可權集合。

區域 權限集合
MyComputer FullTrust
Intranet LocalIntranet
Trusted Internet
Internet Internet
Untrusted
NoZone

可能會考慮其他辨識項,例如 UrlSite

沙箱可以使用傳回的許可權集合來執行應用程式。 請注意,這個方法不會指定原則,但可協助主機判斷應用程式所要求的許可權集合是否合理。 這個方法可用來將區域對應至沙盒。

適用於