1.匿名用户无权限访问
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Permissions;
using System.Security.Principal;
using System.Threading;
namespace SafeDemo
{
class Program
{
static void Main(string[] args)
{
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
try
{
OutHello();
}
catch ( Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
}
//define the role of administrators have permission
[PrincipalPermission(SecurityAction.Demand,Role="Administrators")]
static void OutHello()
{
Console.WriteLine("Hello world");
}
}
}
2. 有权限访问的用户
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Permissions;
using System.Security.Principal;
using System.Threading;
namespace SafeDemo
{
class Program
{
static void Main(string[] args)
{
// Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
try
{
OutHello();
}
catch ( Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
}
//define the role of administrators have permission
[PrincipalPermission(SecurityAction.Demand,Role="Users")]
static void OutHello()
{
Console.WriteLine("Hello world");
}
}
}
3.主体和标识
1)主体对象表示代码运行时所在的安全上下文,实现基于角色的安全性的应用程序将基于与主体对象关联的角色来授权
.NET 提供 GenericPrincipal对象和 WindowsPrincipal对象。还可以定义自己的自定义主体类
static void Main(string[] args)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = new WindowsPrincipal(id);
if (wp.IsInRole(0x220))
{
Console.WriteLine("当前用户是管理员账号");
}
Console.ReadLine();
}
自定义主体
static void Main(string[] args)
{
GenericIdentity identity = new GenericIdentity("test");
string[] roles = new string[] { "Administrators" };
GenericPrincipal principal = new GenericPrincipal(identity, roles);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);
OutHello();
Console.ReadLine();
}
2)标识对象--封装有关正在验证的用户或实体信息
4.安全检查
安全实施要依靠安全检查,.NET对它提供的所有安全权限都提供了命令式和声明式两种检查方式。也可直接访问主体对象进行if--else的判断