100165420.htm
来自「C#高级编程(第三版),顶死你们。。 。up」· HTM 代码 · 共 217 行 · 第 1/3 页
HTM
217 行
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Security is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Execution checking is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Policy change prompt is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Level = Machine</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Full Trust Assemblies:</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">1. All</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Code: Code group grants no permissions and forms the root of the code group tree.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1. My</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Computer</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Zone: Code group grants full trust to all code originating on</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">the local computer</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1.1. Microsoft</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Strong</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Name: Code group grants full trust to code signed</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">with the Microsoft strong name.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1.2. ECMA</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Strong</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Name: Code group grants full trust to code signed with</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">the ECMA strong name.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2. LocalIntranet</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Zone: Code group grants the intranet permission set to code</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">from the intranet zone. This permission set grants intranet code the right to</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">use isolated storage, full UI access, some capability to do reflection, and limited</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">access to environment variables.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2.1. Intranet</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Same</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Site</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Access: All intranet code gets the right to connect</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">back to the site of its origin.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2.2. Intranet</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Same</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Directory</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Access: All intranet code gets the right to</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> read from its install directory.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.3. Internet</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Zone: Code group grants code from the Internet zone the Internet</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">permission set. This permission set grants Internet code the right to use isolated</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">storage and limited UI access.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.3.1. Internet</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Same</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Site</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Access: All Internet code gets the right to connect</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">back to the site of its origin.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.4. Restricted</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Zone: Code coming from a restricted zone does not receive any</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> permissions.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.5. Trusted</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Zone: Code from a trusted zone is granted the Internet permission</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">set. This permission set grants the right to use isolated storage and limited</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">UI access.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.5.1. Trusted</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Same</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Site</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'">_</span><span lang="EN-US">Access: All Trusted Code gets the right to connect back to the site of its origin.</span></p>
<p class="a6" style="MARGIN-TOP: 0cm; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">Success</span></p>
<p class="MsoNormal"><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">安全子系统确保每一个代码组中的代码只能做某些事情。例如,</span><span lang="EN-US">Internet </span><span style="FONT-FAMILY: 宋体">区域中的代码在默认状态下比本地驱动器中的代码有更严格的限制;本地驱动器中的代码通常有访问本地磁盘上数据的权限,但是</span><span lang="EN-US">Internet</span><span style="FONT-FAMILY: 宋体">中的程序集在默认状态下就没有这个权限。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">使用</span><span lang="EN-US">caspol.exe</span><span style="FONT-FAMILY: 宋体">和它在</span><span lang="EN-US">Microsoft Management Console</span><span style="FONT-FAMILY: 宋体">中的等价物,可以为每一个代码访问组指定信任级别,还可以按照更小的粒度方式管理代码组和权限。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">再看看代码访问组,但是,这次的信息比上次要少一些。确保以本地管理员身份登录后,打开命令提示窗口,输入下面的命令:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><strong><span lang="EN-US" style="COLOR: black">caspol.exe –listgroups</span></strong></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">得到如下信息:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">Microsoft (R) .NET Framework CasPol 1.1.4322.535</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Security is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Execution checking is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Policy change prompt is ON</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Level = Machine</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span><span lang="EN-US">Code Groups:</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">1. All code: Nothing</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1. Zone - MyComputer: FullTrust</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1.1. StrongName - 00240000048000009400000006020000002400005253413100040</span></p>
<p class="a6" style="TEXT-JUSTIFY: inter-ideograph; MARGIN-LEFT: 21.45pt; TEXT-ALIGN: justify; FTEL: 0cm"><span lang="EN-US" style="LETTER-SPACING: 0.1pt">0000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A</span><span lang="EN-US">12436518206DC093344D5AD293: FullTrust</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.1.2. StrongName - 00000000000000000400000000000000: FullTrust</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2. Zone - Intranet: LocalIntranet</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2.1. All code: Same site Web.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.2.2. All code: Same directory FileIO - Read, PathDiscovery</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.3. Zone - Internet: Internet</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.3.1. All code: Same site Web.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.4. Zone - Untrusted: Nothing</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.5. Zone - Trusted: Internet</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> 1.5.1. All code: Same site Web.</span></p>
<p class="a6" style="MARGIN-TOP: 0cm; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">Success</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">在输出结果的开头,是</span><span lang="EN-US">Security is ON</span><span style="FONT-FAMILY: 宋体">。在本章后面的内容中,我们将会看到</span><span lang="EN-US">Security</span><span style="FONT-FAMILY: 宋体">可以先关闭,然后再打开。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">在默认状态下,</span><span lang="EN-US">Execution Checking</span><span style="FONT-FAMILY: 宋体">设置的值是</span><span lang="EN-US">on</span><span style="FONT-FAMILY: 宋体">,这意味着所有的程序集在运行之前,必须赋予它们执行的权限。如果使用</span><span lang="EN-US">caspol (caspol.exe</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'; LETTER-SPACING: 0.2pt"> </span><span lang="EN-US">–execution</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'; LETTER-SPACING: 0.2pt"> </span><span lang="EN-US">on|off)</span><span style="FONT-FAMILY: 宋体">关闭执行检查,则程序集没有执行权限也可以运行。在这种情况下,如果程序集在运行过程中有违背安全性策略的行为,就会产生安全异常。</span></p>
<p class="MsoNormal"><span lang="EN-US">Policy change prompt</span><span style="FONT-FAMILY: 宋体">选项指定在更改安全性策略时,是否可以看到</span><span lang="EN-US">"Are</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'; LETTER-SPACING: 0.2pt"> </span><span lang="EN-US">you</span><span lang="EN-US" style="FONT-FAMILY: 'Baskerville BE Regular'; LETTER-SPACING: 0.2pt"> </span><span lang="EN-US">sure"</span><span style="FONT-FAMILY: 宋体">警告信息。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">把代码划分为这些组之后,就可以更细的粒度地管理安全性,还可以实现对更少代码的完全信任。注意,每一个组都有一个标记</span><span lang="EN-US">(</span><span style="FONT-FAMILY: 宋体">例如“</span><span lang="EN-US">1.2</span><span style="FONT-FAMILY: 宋体">”</span><span lang="EN-US">)</span><span style="FONT-FAMILY: 宋体">,这些标记是</span><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">自动生成的,可以区分不同的机器。通常不是按照每一个程序集来管理安全性的,而是使用代码组来管理的。</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">如果一台机器上同时存在几个</span><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">的安装版本,则</span><span lang="EN-US">caspol.exe</span><span style="FONT-FAMILY: 宋体">只更改与它相关的</span><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">安装版本的安全性策略。为了简化安全性策略的管理,在安装更高版本的</span><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">时,最好把以前的版本删掉。</span></p>
<p class="MsoNormal"><span lang="EN-US">(1) </span><span style="FONT-FAMILY: 宋体">查看程序集的代码组</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">如果程序集符合代码组的成员条件,它们就属于代码组。如果回到代码组的示例中,<span style="LETTER-SPACING: -0.1pt">从</span></span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">http://intranet/</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">站点载入程序集,则它匹配的代码组如图</span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">14-2</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">所示。</span><span style="COLOR: black; FONT-FAMILY: 宋体">这个程序集也是根代码组</span><span lang="EN-US" style="COLOR: black">(All Code)</span><span style="COLOR: black; FONT-FAMILY: 宋体">的成员。如果程序集来自本地的网络,则它还是</span><span lang="EN-US" style="COLOR: black">Intranet</span><span style="COLOR: black; FONT-FAMILY: 宋体">代码组的成员;但是,当从某一指定站点</span><span lang="EN-US" style="COLOR: black">(</span><span style="COLOR: black; FONT-FAMILY: 宋体">如</span><span lang="EN-US" style="COLOR: black">http://intranet)</span><span style="COLOR: black; FONT-FAMILY: 宋体">载入程序集时,它也被赋予</span><span lang="EN-US" style="COLOR: black">FullTrust</span><span style="COLOR: black; FONT-FAMILY: 宋体">权限,这意味着程序集运行时没有限制条件。</span></p>
<p align="center"><span lang="EN-US" style="COLOR: black"><img height="236" src="14/image002.gif" width="401" alt="" /></span></p>
<p style="FTEL: 8.15pt" align="center"><span style="COLOR: black; FONT-FAMILY: 宋体">图</span><span lang="EN-US" style="COLOR: black"> 14-2</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">使用如下命令,很容易查看程序集所属的代码组:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><strong><span lang="EN-US" style="COLOR: black">caspol.exe –resolvegroup assembly.dll</span></strong></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">对本地磁盘上的程序集运行这个命令,可以得到如下结果:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><span lang="EN-US">Microsoft (R) .NET Framework CasPol 1.1.4322.535</span></p>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?