連結要求Link Demands

警告

代碼啟用安全性 (CAS) 和部分信任的程式碼Code Access Security (CAS) and Partially Trusted Code

.NET Framework 提供一個稱為程式碼存取安全性 (CAS) 的機制,可對在同一個應用程式中執行的不同程式碼強制執行各種信任層級。The .NET Framework provides a mechanism for the enforcement of varying levels of trust on different code running in the same application called Code Access Security (CAS).

.NET Core、.NET 5 或更新版本中不支援 CAS。7.0 版以後的 c # 版本不支援 CAS。CAS is not supported in .NET Core, .NET 5, or later versions. CAS is not supported by versions of C# later than 7.0.

.NET Framework 中的 CAS 不應作為根據程式碼來源或其他身分識別層面來強制執行安全性界限的機制。CAS in .NET Framework should not be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects. CAS 和 Security-Transparent 程式碼不支援做為具有部分信任程式碼的安全性界限,特別是未知來源的程式碼。CAS and Security-Transparent Code are not supported as a security boundary with partially trusted code, especially code of unknown origin. 建議不要載入及執行未知來源的程式碼,如此便不需要使用替代的安全措施。We advise against loading and executing code of unknown origins without putting alternative security measures in place. .NET Framework 不會針對可能針對 CAS 沙箱探索的任何權限提高攻擊,發出安全性修補程式。.NET Framework will not issue security patches for any elevation-of-privilege exploits that might be discovered against the CAS sandbox.

這項原則適用於所有 .NET Framework 版本,但不適用於 Silverlight 隨附的 .NET Framework。This policy applies to all versions of .NET Framework, but does not apply to the .NET Framework included in Silverlight.

連結要求會在 Just-In-Time 編譯期間進行安全性檢查,並且只檢查程式碼組件的即時呼叫者。A link demand causes a security check during just-in-time compilation and checks only the immediate calling assembly of your code. 當您的程式碼繫結至類型參考,包括函式指標參考和方法呼叫時,連結就會發生。Linking occurs when your code is bound to a type reference, including function pointer references and method calls. 如果呼叫的組件並沒有足夠權限可連結到您的程式碼,則程式碼載入和執行時不會允許連結且會擲回執行階段例外狀況。If the calling assembly does not have sufficient permission to link to your code, the link is not allowed and a runtime exception is thrown when the code is loaded and run. 連結要求可以在繼承自您的程式碼的類別中被覆寫。Link demands can be overridden in classes that inherit from your code.

此類型的要求不會執行完整的堆疊逐步解說,而且您的程式碼仍然容易遭受引誘攻擊。A full stack walk is not performed with this type of demand and that your code is still susceptible to luring attacks. 例如,如果元件 A 中的方法受到連結要求的保護,則元件 B 中的直接呼叫端會根據元件 B 的許可權進行評估。 不過,如果連結要求使用元件 B 中的方法間接呼叫元件 A 中的方法,則不會評估元件 C 中的方法。連結要求只會指定立即呼叫元件中的直接呼叫端許可權,必須連結至您的程式碼。For example, if a method in assembly A is protected by a link demand, a direct caller in assembly B is evaluated based on the permissions of Assembly B. However, the link demand will not evaluate a method in assembly C if it indirectly calls the method in assembly A using the method in assembly B. The link demand specifies only the permissions direct callers in the immediate calling assembly must have to link to your code. 它並未指定所有呼叫端必須擁有以便執行程式碼的權限。It does not specify the permissions all callers must have to run your code.

AssertDenyPermitOnly 堆疊查核行程修飾詞不會影響連結要求的評估。The Assert, Deny, and PermitOnly stack walk modifiers do not affect the evaluation of link demands. 由於連結要求不會執行堆疊查核行程,堆疊查核行程修飾詞不會影響連結要求。Because link demands do not perform a stack walk, the stack walk modifiers have no effect on link demands.

如果受連結要求保護的方法是透過反映來存取,則連結要求會檢查透過反映存取之程式碼的立即呼叫端。If a method protected by a link demand is accessed through Reflection, then a link demand checks the immediate caller of the code accessed through reflection. 使用反映來執行的方法探索和方法引動過程都是如此。This is true both for method discovery and for method invocation performed using reflection. 例如,假設程式碼使用反映來 MethodInfo 傳回物件,代表受連結要求保護的方法,然後將該MethodInfo物件傳遞給使用物件來叫用原始方法的其他程式碼。For example, suppose code uses reflection to return a MethodInfo object representing a method protected by a link demand and then passes that MethodInfo object to some other code that uses the object to invoke the original method. 在此情況下,連結要求檢查會發生兩次:一次是針對傳回MethodInfo物件的程式碼,另一次是針對叫用它的程式碼。In this case, the link demand check occurs twice: once for the code that returns the MethodInfo object and once for the code that invokes it.

注意

在靜態類別建構函式上執行的連結要求不會保護建構函式,因為靜態建構函式由系統所呼叫,不在應用程式的程式碼執行路徑中。A link demand performed on a static class constructor does not protect the constructor because static constructors are called by the system, outside the application's code execution path. 如此一來,當連結需求套用至整個類別時,它無法保護對靜態建構函式的存取權,不過它確實會保護類別的其餘部分。As a result, when a link demand is applied to an entire class, it cannot protect access to a static constructor, although it does protect the rest of the class.

下列程式碼片段以宣告方式指定連結至 ReadData 方法的任何程式碼都必須具有 CustomPermission 權限。The following code fragment declaratively specifies that any code linking to the ReadData method must have the CustomPermission permission. 此權限是假設的自訂權限,並不存在於 .NET Framework 中。This permission is a hypothetical custom permission and does not exist in the .NET Framework. 要求是藉由將SecurityAction旗標傳遞至來進行 CustomPermissionAttributeThe demand is made by passing a SecurityAction.LinkDemand flag to the CustomPermissionAttribute.

<CustomPermissionAttribute(SecurityAction.LinkDemand)> _  
Public Shared Function ReadData() As String  
    ' Access a custom resource.  
End Function
[CustomPermissionAttribute(SecurityAction.LinkDemand)]  
public static string ReadData()  
{  
    // Access a custom resource.  
}  

另請參閱See also