連結要求Link Demands

警告

程式碼存取安全性和部分信任的程式碼Code Access Security and Partially Trusted Code

.NET Framework 提供一個稱為程式碼存取安全性 (CAS) 的機制,可對在同一個應用程式中執行的不同程式碼強制執行各種信任層級。The .NET Framework provides a mechanism for the enforcement of varying levels of trust on different code running in the same application called Code Access Security (CAS). .NET Framework 中的程式碼存取安全性不應該用作一種機制,以根據程式碼來源或其他身分識別層面的來強制安全性界限。Code Access Security in .NET Framework should not be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects. 我們正在更新指南,以反映程式碼存取安全性與安全性透明的程式碼,將不會如同部分程式碼受信任的安全性界限般受到支援,特別是來源不明的程式碼。We are updating our guidance to reflect that Code Access Security and Security-Transparent Code will not be supported as a security boundary with partially trusted code, especially code of unknown origin. 建議不要載入及執行未知來源的程式碼,如此便不需要使用替代的安全措施。We advise against loading and executing code of unknown origins without putting alternative security measures in place.

這項原則適用於所有 .NET Framework 版本,但不適用於 Silverlight 隨附的 .NET Framework。This policy applies to all versions of .NET Framework, but does not apply to the .NET Framework included in Silverlight.

連結要求會在 Just-In-Time 編譯期間進行安全性檢查,並且只檢查程式碼組件的即時呼叫者。A link demand causes a security check during just-in-time compilation and checks only the immediate calling assembly of your code. 當您的程式碼繫結至類型參考,包括函式指標參考和方法呼叫時,連結就會發生。Linking occurs when your code is bound to a type reference, including function pointer references and method calls. 如果呼叫的組件並沒有足夠權限可連結到您的程式碼,則程式碼載入和執行時不會允許連結且會擲回執行階段例外狀況。If the calling assembly does not have sufficient permission to link to your code, the link is not allowed and a runtime exception is thrown when the code is loaded and run. 連結要求可以在繼承自您的程式碼的類別中被覆寫。Link demands can be overridden in classes that inherit from your code.

請注意,對這種類型的需求不會執行完整堆疊查核行程,而且您的程式碼仍會受到引誘攻擊。Note that a full stack walk is not performed with this type of demand and that your code is still susceptible to luring attacks. 例如,如果程式集 A 中的方法受鏈路請求保護,則根據程式集 B 的許可權計算程式集 B 中的直接調用方。 但是,如果鏈路要求在裝配體 B 中使用方法間接調用程式集 A 中的方法,則不會計算程式集 C 中的方法。連結請求僅指定直接調用程式集中必須連結到代碼的許可權。For example, if a method in assembly A is protected by a link demand, a direct caller in assembly B is evaluated based on the permissions of Assembly B. However, the link demand will not evaluate a method in assembly C if it indirectly calls the method in assembly A using the method in assembly B. The link demand specifies only the permissions direct callers in the immediate calling assembly must have to link to your code. 它並未指定所有呼叫端必須擁有以便執行程式碼的權限。It does not specify the permissions all callers must have to run your code.

AssertDenyPermitOnly 堆疊查核行程修飾詞不會影響連結要求的評估。The Assert, Deny, and PermitOnly stack walk modifiers do not affect the evaluation of link demands. 由於連結要求不會執行堆疊查核行程,堆疊查核行程修飾詞不會影響連結要求。Because link demands do not perform a stack walk, the stack walk modifiers have no effect on link demands.

如果通過反射訪問受連結請求保護的方法,則連結請求將檢查通過反射訪問的代碼的直接調用方。If a method protected by a link demand is accessed through Reflection, then a link demand checks the immediate caller of the code accessed through reflection. 使用反映來執行的方法探索和方法引動過程都是如此。This is true both for method discovery and for method invocation performed using reflection. 例如,假設代碼使用反射返回表示受連結MethodInfo請求保護的方法的物件,然後將該方法資訊物件傳遞給使用該物件調用原始方法的其他代碼。For example, suppose code uses reflection to return a MethodInfo object representing a method protected by a link demand and then passes that MethodInfo object to some other code that uses the object to invoke the original method. 在這種情況下,連結需求檢查發生兩次:一次用於返回MethodInfo物件的代碼,一次用於調用它的代碼。In this case the link demand check occurs twice: once for the code that returns the MethodInfo object and once for the code that invokes it.

注意

在靜態類別建構函式上執行的連結要求不會保護建構函式,因為靜態建構函式由系統所呼叫,不在應用程式的程式碼執行路徑中。A link demand performed on a static class constructor does not protect the constructor because static constructors are called by the system, outside the application's code execution path. 如此一來,當連結需求套用至整個類別時,它無法保護對靜態建構函式的存取權,不過它確實會保護類別的其餘部分。As a result, when a link demand is applied to an entire class, it cannot protect access to a static constructor, although it does protect the rest of the class.

下列程式碼片段以宣告方式指定連結至 ReadData 方法的任何程式碼都必須具有 CustomPermission 權限。The following code fragment declaratively specifies that any code linking to the ReadData method must have the CustomPermission permission. 此權限是假設的自訂權限,並不存在於 .NET Framework 中。This permission is a hypothetical custom permission and does not exist in the .NET Framework. 通過將安全操作.LinkDemand標誌傳遞給 。 CustomPermissionAttributeThe demand is made by passing a SecurityAction.LinkDemand flag to the CustomPermissionAttribute.

<CustomPermissionAttribute(SecurityAction.LinkDemand)> _  
Public Shared Function ReadData() As String  
    ' Access a custom resource.  
End Function
[CustomPermissionAttribute(SecurityAction.LinkDemand)]  
public static string ReadData()  
{  
    // Access a custom resource.  
}  

另請參閱See also