关于代码访问安全(CAS)工作范式的问题
我编写了以下代码来测试 CAS:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
static void Main(string[] args)
{
Console.WriteLine("hello, world!");
}
在 .NET 2.0 配置中,我使用上述程序集的强名称来创建一个代码组,并为该组授予 Nothing 权限集。因此大会未能按预期开始。
但我注意到,如果我删除以下属性:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
程序仍然无法启动。那么这个所谓的带有属性的声明式安全有什么意义呢?
我读了几个关于 CAS 的教程,他们使用命令式/声明式安全性来使用 CAS。但从上面的例子来看,似乎没有必要。
如果我故意编写没有命令式/声明式安全性的代码,并且没有为我的程序集提供任何证据,那么 CAS 会盲目地执行任何安全策略吗?
或者我是否误解了 CAS 的预期用途?
谢谢。
I wrote the following code to test the CAS:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
static void Main(string[] args)
{
Console.WriteLine("hello, world!");
}
In the .NET 2.0 Configuration, I use the strong name of the above assembly to create a code group and give the group Nothing permission set. So the assembly failed to start as expected.
But I noticed that if I remove the following attribute:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
The program still failed to start. So what's the point of this so-called declarative security with attribute?
I read several tutorials on CAS, they use Imperative/Declarative Security to use the CAS. But from the above sample, it doesn't seem necessary.
If I deliberately write code without Imperative/Declarative Security and don't provide any evidence for my assembly, would CAS be blind to enforce any security policy?
Or do I misunderstand how CAS is expected to be used?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CAS 权限请求会导致对提出请求的方法上方的每个调用堆栈帧进行验证。由于您的程序集没有运行任何代码来调用 Main 方法,因此不会根据您的任何代码评估需求。
正是通过策略拒绝执行权限才导致程序集被阻止执行。当 CLR 运行您的汇编代码时,该权限将由 CLR 本身进行评估。无需添加您自己的权限需求。
退后一步,看看如何使用 CAS 要求(声明式或命令式),请考虑权限保护对资源的访问。任何允许访问托管代码无法访问的资源(例如:文件系统)的代码都应该提供可用于控制对该资源的访问的权限(例如:FileIOPermission)。允许访问资源的代码还负责在允许访问资源之前提出该权限的要求。
大多数编写托管代码的开发人员永远不需要编写 CAS 权限或明确要求 CAS 权限,因为他们通常会访问由 .NET 基类库或其他 Microsoft 或第三方公开(和保护)的资源。党图书馆。
A CAS permission demand results in verification of each call stack frame above the method making the demand. Since your assembly runs no code to invoke the Main method, the demand is not being evaluated against any of your code.
It is the denial of execution permissions via policy that is causing your assembly to be prevented from being executed. The permission is being evaluated by the CLR itself when it runs your assembly code. There is no need to add your own demand for the permission.
To step back a bit and look at how CAS demands (declarative or imperative) are meant to be used, consider that permissions protect access to resources. Any code allowing access to a resource (e.g.: the file system) that would not otherwise be accessible to managed code should supply a permission (e.g.: FileIOPermission) that can be used to control access to that resource. The code allowing access to the resource is also responsible for making demands for that permission before allowing access to the resource.
Most developers writing managed code will never need to either author a CAS permission or make an explicit demand for a CAS permission since they will typically be accessing resources exposed (and protected) by either the .NET base class library or by other Microsoft or third-party libraries.