为什么在VS2010中创建C++/CLR项目时,AssemblyInfo中默认添加一个SecurityAction.RequestMinimum?
如果我理解正确,SecurityAction.RequestMinimum 已在 .NET Framework 4.0 中过时 这里。现在,当我创建一个面向 .NET Framework 4.0 的 C++/CLR 项目时,此行会自动添加到自动生成的 AssemblyInfo.cpp 中:
[assembly:SecurityPermission(SecurityAction::RequestMinimum, UnmanagedCode = true)];
This projectcompilefects and all, but I should write the C# equals in a C# .NETFX 4.0项目,无法编译。你知道我在哪里可以找到这方面的信息吗?
If I understand correctly, SecurityAction.RequestMinimum has been made obsolete for .NET Framework 4.0 here. Now, when I create a C++/CLR project that targets .NET Framework 4.0, this line gets added automatically in the auto-generated AssemblyInfo.cpp:
[assembly:SecurityPermission(SecurityAction::RequestMinimum, UnmanagedCode = true)];
This project compiles perfectly and all, but should I write the C# equivalent in a C# .NETFX 4.0 project, it won't compile. Do you know where can I find information about this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这并不是什么新鲜事,在早期版本的 Visual Studio 中添加了相同的属性。他们只是没有更改项目模板。它是一个 CAS 属性,基本上表示“我至少需要最低权限才能运行非托管代码”。
这是适当的,C++/CLI 应用程序始终需要该权限。即使您编写纯代码,仍然需要非托管代码权限来初始化 CRT。该权限仅与代码未以完全信任方式运行的沙箱场景相关,例如在 Web 浏览器或安全插件设置中。 CAS 确实已被弃用,但并未被删除。不太确定这些天 .NET 4.0 中发生了什么。这就是 CAS 被淘汰的原因,它的效率很低,因为像我这样的普通人很难理解它。
Shawn Farkas 的博客是有关此信息的最佳来源。他是 Microsoft 的 .NET 安全专家。
它的 C# 版本大致相同:
不确定为什么需要它,请求它的 C++/CLI 程序集就足够了。
This isn't new, the same attribute was added in previous versions of Visual Studio. They just didn't change the item template. It is a CAS attribute that basically says "I need at least the minimum permissions to run unmanaged code".
Which is appropriate, that permission is always needed for a C++/CLI app. Even if you write pure code, unmanaged code permission is still required to initialize the CRT. The permission is only relevant in sandboxing scenarios where code doesn't run with full trust, like inside a web browser or a secure plug-in setup. CAS has indeed been deprecated but it wasn't removed. Not quite sure what happens in .NET 4.0 these days. Which was kind of the point with CAS getting obsoleted, it was ineffective because it was so hard to understand by an average Joe like me.
Shawn Farkas' blog is the best source for info about this. He's the .NET security guru at Microsoft.
The C# version of it is much the same:
Not sure why you would need it, the C++/CLI assembly requesting it is enough.
我怀疑这是因为 IDE 做出了“最佳猜测”,即 C++/CLI 代码通常需要调用本机 C++ 代码。
我在(非常小的)C++/CLI VS2010 Express 项目上将此设置更改为“false”,并且我的全托管应用程序仍然运行正常。
I suspect this is because the IDE makes a 'best guess' that C++/CLI code will often need to call through to native C++ code.
I changed this setting on a (very small) C++/CLI VS2010 Express project to 'false', and my all-managed app still runs OK.