在 ASP.NET incode 中设置 FileIOPermissions

发布于 2024-07-27 18:33:01 字数 868 浏览 3 评论 0原文

我有这个小应用程序，可以加载其他用户可以自由上传到服务器的插件类型组件。但我不希望用户能够访问其他用户的文件。我需要将每个插件组件的访问权限设置为受限访问权限。

我尝试在插件类基类内部设置访问权限，但即使这样，加载的插件类似乎也具有完整的文件访问权限。

我无法使用属性设置权限，因为路径会根据加载页面的人而变化。

这是代码片段：

public abstract class PluginBase<T>
{
public PluginBase
{
PermissionSet ps = new PermissionSet(System.Security.Permissions.PermissionState.None);
            ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.PathDiscovery | System.Security.Permissions.FileIOPermissionAccess.Read, HttpContext.Current.Server.MapPath("/app_data/www_somesite_com")));
            ps.PermitOnly();
}
}
public class SomePlugin : PluginBase<SomePlugin>
{
public SomePlugin
{
File.WriteAllText("c:\test.txt", "This should not be possible, but it is.. why?");
}
}

提前非常感谢！

原文

I have this small app that loads plugin type components that other users can freely upload to the server. But I don't want the users to be able to access other users files. I need to set the access of each plugin component to a restricted access.

I tried to set the access inside the plugin classes base class but even then the loaded plugin classes seem to have full file access.

I can't set the permission with a attribute because the path changes depending on who loads the page.

Here is a code snippest:

public abstract class PluginBase<T>
{
public PluginBase
{
PermissionSet ps = new PermissionSet(System.Security.Permissions.PermissionState.None);
            ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.PathDiscovery | System.Security.Permissions.FileIOPermissionAccess.Read, HttpContext.Current.Server.MapPath("/app_data/www_somesite_com")));
            ps.PermitOnly();
}
}
public class SomePlugin : PluginBase<SomePlugin>
{
public SomePlugin
{
File.WriteAllText("c:\test.txt", "This should not be possible, but it is.. why?");
}
}

Many thanks in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

燃情 2024-08-03 18:33:01

解决方案实际上非常简单，因为您可以实现自己的属性（这允许您以编程方式解析允许的路径，而不必使用装饰器属性的常量）。

using System.Security;
using System.Security.Permissions;

public sealed class CustomFileIOPermission : CodeAccessSecurityAttribute
{
    public CustomFileIOPermission(SecurityAction action)
        : base(action)
    {
    }

    public override IPermission CreatePermission()
    {
        // You can use your `HttpContext` or similar at this point to resolve the path
        string allowedPath = @"D:\test";

        return new FileIOPermission(FileIOPermissionAccess.Write, allowedPath);
    }
}

上面的类将启用[CustomFileIOPermission(SecurityAction.PermitOnly)]的使用，并将有效地保护其他地方的文件。

The solution is actually quite simple, as you can implement your own attribute (which allows you to resolve the allowed path programmatically instead of having to use a constant for the decorator attribute).

using System.Security;
using System.Security.Permissions;

public sealed class CustomFileIOPermission : CodeAccessSecurityAttribute
{
    public CustomFileIOPermission(SecurityAction action)
        : base(action)
    {
    }

    public override IPermission CreatePermission()
    {
        // You can use your `HttpContext` or similar at this point to resolve the path
        string allowedPath = @"D:\test";

        return new FileIOPermission(FileIOPermissionAccess.Write, allowedPath);
    }
}

The class above will enable use of [CustomFileIOPermission(SecurityAction.PermitOnly)] and will effectively protect files elsewhere.

回复收藏 0 原文

~没有更多了~