最近看書《編寫高質量代碼改善C#程序的157個建議》,知識點備忘:
System.Security.Principal.GenericIdentity==>表示一般用戶
System.Security.Principal.GenericPrincipal==>表示一般主體
System.Security.Permissions.PrincipalPermission==>允許使用為聲明和強制安全性操作定義的語言結構來檢查活動用戶
在某些情況下,我們可能會遇到需求=》在C#中提供基於角色的安全性控制區限制代碼的執行權限
Demo1(用戶必須以Administrator身份運行代碼,才可訪問Sample類):
class Program{ static void Main(){ AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal); Sample sample=new Sample(); Console.WriteLine("代碼成功運行...."); } } [PrincipalPermission(SecurityAction.Demand, Role = @"Administrator")] //[PrincipalPermission(SecurityAction.Demand, Role = @"Users")]//(取消注釋,則Users用戶也可訪問) class Sample{ }
非Administrator用戶身份,運行此代碼,會拋出異常System.Security.SecurityException:對主體權限的請求失敗;可以使用多個PrincipalPermission屬性標簽,互相之間是OR關系;
同樣,此標簽也可用於控制方法:
Demo2:
class Program{ static void Main(string[] args){ System.Security.Principal.GenericIdentity examIdentity = new GenericIdentity("ExamUser"); string[] users = { "Student"}; //string[] users = { "Student","Teacher"}; GenericPrincipal myPrincipal = new GenericPrincipal(examIdentity, users); Thread.CurrentPrincipal = myPrincipal; ScoreProcessor sc = new ScoreProcessor(); sc.Update(); Console.ReadKey(); } } class ScoreProcessor { public void Update() { try { System.Security.Permissions.PrincipalPermission myPermission = new PrincipalPermission("ExamUser", "Teacher"); myPermission.Demand(); Console.WriteLine("修改成功"); } catch (SecurityException e) { Console.WriteLine(e.Message); } } }
通過此demo,可以控制權限,使分數的Update修改方法,只有Teacher身份的用戶才能正常執行(注:PrincipalPermission類的Demand()函數只有被執行到時,才會進行校驗);