100165428.htm
来自「C#高级编程(第三版),顶死你们。。 。up」· HTM 代码 · 共 116 行
HTM
116 行
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
14.2.5 断言权限
</title></head>
<body>
<div class="area">
<div class="col1">
<div class="lineBlue">
</div>
<!-- title -->
<div class="arcTitle">
<h1>
<a href="../16">
C#高级编程(第3版)【全文连载】
</a>
</h1>
<div style="text-align: center; font-size: 15px">
<a href="100165428.htm">
14.2.5 断言权限
</a>
</div>
<div style="text-align: center; font-size: 15px">
<a class="url" href="../../default.htm">http://book.csdn.net/</a>
2006-10-13 14:41:00
</div>
<div style="margin: 0px auto; width: 700px; border: solid 1px #0b5f98;">
<div style="float: left; width: 16px; background-color: #0b5f98; color: White; padding: 1px;">
图书导读
</div>
<div style="float: right; width: 670px; text-align: left; line-height: 16pt; padding-left: 2px">
<!--导读-->
<h1 id="divCurrentNode" style="color: #b83507; width: 100%; text-align: left; font-size: 12px; padding-left: 2px">当前章节:<a href='100165428.htm'><font color='red'>14.2.5 断言权限</font></a></h1>
<div id="divRelateNode" style="padding-left: 2px">
<div style='float:left;width:49%'>·<a href='100165425.htm'>14.2.2 请求权限</a></div><div style='float:right;width:49%'>·<a href='100165426.htm'>14.2.3 隐式的权限</a></div><div style='float:left;width:49%'>·<a href='100165427.htm'>14.2.4 拒绝权限</a></div><div style='float:right;width:49%'>·<a href='100165429.htm'>14.2.6 创建代码访问权限</a></div><div style='float:left;width:49%'>·<a href='100165430.htm'>14.2.7 声明的安全性</a></div><div style='float:right;width:49%'>·<a href='100165431.htm'>14.3 基于角色的安全性</a></div></div>
</div>
</div>
</div>
<!-- main -->
<div id="main">
<div id="text"> <link href="css.css" rel="stylesheet" type="text/css" /><h3 style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 0cm; MARGIN-RIGHT: 0cm; FTEL: 8.15pt"><a ftel="_Toc507815608"><span lang="EN-US">14.2.5 </span></a><span style="FONT-FAMILY: 黑体">断言权限</span></h3>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">假定有一个完全可信的程序集安装在用户的系统上。在程序集中,有一个方法用于把审计信息保存到本地磁盘上的文本文件中。如果以后安装一个要利用审计特性的应用程序,则那个应用程序必须拥有相关的</span><span lang="EN-US">FileIOPermission</span><span style="FONT-FAMILY: 宋体">权限,才能把数据保存到磁盘上。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">这似乎很过分,但我们的目的是对本地磁盘的操作进行严格限制。如果具有有限权限的程序集调用更加可信的程序集,则可以暂时增大堆栈上权限的范围,这样,更加可信的程序集就可以代表本身没有权限的调用程序执行一些操作。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">为此,更加可信的程序集可以断言它们需要的权限。如果程序集具有它需要的权限以断言额外的权限,则调用程序在堆栈中就不需要拥有更大范围的权限。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">下面的代码包含了一个</span><span lang="EN-US" style="COLOR: black">AuditClass</span><span style="COLOR: black; FONT-FAMILY: 宋体">类,这个类执行</span><span lang="EN-US" style="COLOR: black">Save()</span><span style="COLOR: black; FONT-FAMILY: 宋体">方法,</span><span lang="EN-US" style="COLOR: black">Save()</span><span style="COLOR: black; FONT-FAMILY: 宋体">方法接收一个字符串,并且把审计数据保存到</span><span lang="EN-US" style="COLOR: black">C:\audit.txt</span><span style="COLOR: black; FONT-FAMILY: 宋体">文件中。</span><span lang="EN-US" style="COLOR: black">AuditClass</span><span style="COLOR: black; FONT-FAMILY: 宋体">方法断言它需要的权限,以便把审计行添加到文件中。为了进行测试,应用程序的</span><span lang="EN-US" style="COLOR: black">Main()</span><span style="COLOR: black; FONT-FAMILY: 宋体">方法显式地拒绝了</span><span lang="EN-US" style="COLOR: black">Audit</span><span style="COLOR: black; FONT-FAMILY: 宋体">方法需要的权限:</span></p>
<p class="2" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">using System;</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">using System.IO;</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">using System.Security;</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">using System.Security.Permissions;</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">namespace Wrox.ProCSharp.Security</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">{</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> class SecurityApp5</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> static void Main(string[] args)</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> CodeAccessPermission permission = </span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> new FileIOPermission(FileIOPermissionAccess.Append, </span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> @"C:\audit.txt");</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> permission.Deny();</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> AuditClass.Save("some data to audit");</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> CodeAccessPermission.RevertDeny();</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> class AuditClass</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> public static void Save(string value)</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> try</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> FileIOPermission permission = </span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> new FileIOPermission(FileIOPermissionAccess.Append,</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> @"C:\audit.txt");</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> permission.Assert();</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> FileStream stream = new FileStream(@"C:\audit.txt", </span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> FileMode.Append, FileAccess.Write);</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> // code to write to audit file here...</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> CodeAccessPermission.RevertAssert();</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> Console.WriteLine("Data written to audit file");</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> catch</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> {</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> Console.WriteLine("Failed to write data to audit file");</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> }</span></p>
<p class="2" style="MARGIN-TOP: 0cm; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">}</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">在执行上面的代码时,对</span><span lang="EN-US">AuditClass</span><span style="FONT-FAMILY: 宋体">方法的调用并不会抛出安全异常,即使在调用</span><span lang="EN-US">AuditClass</span><span style="FONT-FAMILY: 宋体">方法时,它没有访问本地磁盘的权限,情况还是如此。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体; LETTER-SPACING: -1pt">与</span><span lang="EN-US" style="LETTER-SPACING: -1pt">R</span><span lang="EN-US">evertDeny()</span><span style="FONT-FAMILY: 宋体">一样,</span><span lang="EN-US">RevertAssert()</span><span style="FONT-FAMILY: 宋体">也是静态的方法。在目前的架构中,</span><span lang="EN-US">RevertAssert()</span><span style="FONT-FAMILY: 宋体">方法也要回复所有的断言。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">使用断言时必须非常小心。我们显式地把权限赋予一个方法,这个方法被其他没有那些权限的代码所调用,可能会产生一个安全漏洞。例如,在关于审计的示例中,即使安全性策略指出已安装的应用程序不能把数据写到本地磁盘上,如果审计程序集为写入数据断言了</span><span lang="EN-US">FileIOPermissions</span><span style="FONT-FAMILY: 宋体">,应用程序仍能够把数据写到本地磁盘上。为了进行断言,审计程序集在安装时必须带有</span><span lang="EN-US">FileIOAccess</span><span style="FONT-FAMILY: 宋体">和</span><span lang="EN-US">SecurityPermission</span><span style="FONT-FAMILY: 宋体">。</span><span lang="EN-US">SecurityPermission</span><span style="FONT-FAMILY: 宋体">允许程序集进行断言,程序集需要</span><span lang="EN-US">SecurityPermission</span><span style="FONT-FAMILY: 宋体">和要断言的权限才能成功完成。</span></p></div>
<!-- page -->
<div class="page" style="text-align: center">
<a href="100165427.htm">上一页</a> <a href="index.html">首页</a> <a href="100165429.htm">下一页</a>
</div>
<div style="margin: 0px auto; width: 700px; border: solid 1px #0b5f98;">
<div style="float: left; width: 16px; background-color: #0b5f98; color: White; padding: 1px;">
图书导读
</div>
<div style="float: right; width: 670px; text-align: left; line-height: 16pt; padding-left: 2px">
<!--导读-->
<h1 id="divCurrentNode2" style="color: #b83507; width: 100%; text-align: left; font-size: 12px; padding-left: 2px">当前章节:<a href='100165428.htm'><font color='red'>14.2.5 断言权限</font></a></h1>
<div id="divRealteNod2" style="padding-left: 2px">
<div style='float:left;width:49%'>·<a href='100165425.htm'>14.2.2 请求权限</a></div><div style='float:right;width:49%'>·<a href='100165426.htm'>14.2.3 隐式的权限</a></div><div style='float:left;width:49%'>·<a href='100165427.htm'>14.2.4 拒绝权限</a></div><div style='float:right;width:49%'>·<a href='100165429.htm'>14.2.6 创建代码访问权限</a></div><div style='float:left;width:49%'>·<a href='100165430.htm'>14.2.7 声明的安全性</a></div><div style='float:right;width:49%'>·<a href='100165431.htm'>14.3 基于角色的安全性</a></div></div>
</div>
</div>
</div>
</div>
</body>
</html>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?