最近看书《编写高质量代码改善C#程序的157个建议》,知识点备忘:
System.Security.Principal.GenericIdentity==>表示一般用户
System.Security.Principal.GenericPrincipal==>表示一般主体
System.Security.Permissions.PrincipalPermission==>允许使用为声明和强制安全性操作定义的语言结构来检查活动用户
在某些情况下,我们可能会遇到需求=》在C#中提供基于角色的安全性控制区限制代码的执行权限
Demo1(用户必须以Administrator身份运行代码,才可访问Sample类):
class Program{ static void Main(){ AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal); Sample sample=new Sample(); Console.WriteLine("代码成功运行...."); } } [PrincipalPermission(SecurityAction.Demand, Role = @"Administrator")] //[PrincipalPermission(SecurityAction.Demand, Role = @"Users")]//(取消注释,则Users用户也可访问) class Sample{ }
非Administrator用户身份,运行此代码,会抛出异常System.Security.SecurityException:对主体权限的请求失败;可以使用多个PrincipalPermission属性标签,互相之间是OR关系;
同样,此标签也可用于控制方法:
Demo2:
class Program{ static void Main(string[] args){ System.Security.Principal.GenericIdentity examIdentity = new GenericIdentity("ExamUser"); string[] users = { "Student"}; //string[] users = { "Student","Teacher"}; GenericPrincipal myPrincipal = new GenericPrincipal(examIdentity, users); Thread.CurrentPrincipal = myPrincipal; ScoreProcessor sc = new ScoreProcessor(); sc.Update(); Console.ReadKey(); } } class ScoreProcessor { public void Update() { try { System.Security.Permissions.PrincipalPermission myPermission = new PrincipalPermission("ExamUser", "Teacher"); myPermission.Demand(); Console.WriteLine("修改成功"); } catch (SecurityException e) { Console.WriteLine(e.Message); } } }
通过此demo,可以控制权限,使分数的Update修改方法,只有Teacher身份的用户才能正常执行(注:PrincipalPermission类的Demand()函数只有被执行到时,才会进行校验);