在各种Permission中个人认为最有意思的还是StrongNameIdentityPermission,对每个方法调用都强制检查程序集符合不符合公钥,么有比这个还注重安全了吧,一开始以为这样检测耗费资源所以写了写代码,测测时间,结果发现一样!后来才想到这个是应该是在程序集加载的时候做一次就可以了的,所以调用的时候时间是一样的。安全性的付出肯定是值得的嘿嘿。
代码如下:
static void Main(string[] args)
{
long preTime = System.DateTime.Now.Ticks;
Chapter9.Permission.DoIt();
long proTime = System.DateTime.Now.Ticks;
System.Console.WriteLine("Total ticks after function call :{0}",proTime - preTime);
}
/// <summary>
/// 使用公钥标记无效必须使用公钥
/// 该公钥为本身程序集的公钥
/// </summary>
[System.Security.Permissions.StrongNameIdentityPermission(System.Security.Permissions.SecurityAction.LinkDemand,PublicKey="00240000048000009400000006020000002400005253413100040000010001005df03e0e0dba9cbe080eaf1322ef915772864bf6018ffde73ad64723cb356a3fe53d0c42801b543feff78663d0ea886ba84014c0d4f3f43fcc857c8936c7691f38cc44a4e25ea337dd3ddfc22501ec0da7f83cb37e8f9efbe5ec703a0d1289811647b521c6e73b63b2d354e94d5d570ad4bbb8f3bb225a565a90d9e305c1c2ba")]
public static void DoIt()
{
//permission flag本身是和Permission分开的
System.Security.Permissions.SecurityPermissionFlag f1 = System.Security.Permissions.SecurityPermissionFlag.Execution;
// 赋予代码跳过验证的权限
System.Security.Permissions.SecurityPermissionFlag f2 = System.Security.Permissions.SecurityPermissionFlag.SkipVerification;
System.Security.IPermission p1 = new System.Security.Permissions.SecurityPermission(f1);
System.Security.IPermission p2 = new System.Security.Permissions.SecurityPermission(f2);
System.Security.IPermission p3 = p1.Union(p2);
System.Security.IPermission p4 = p3.Intersect(p1);
System.Security.Permissions.FileIOPermissionAccess all = System.Security.Permissions.FileIOPermissionAccess.AllAccess;
//如果不显式的给出IO权限的话,对于程序集中未授权的文件将不加载或者打开
System.Security.IPermission p5 = new System.Security.Permissions.FileIOPermission(all,@"D:/DOM");
System.Security.IPermission p6 = new System.Security.Permissions.FileIOPermission(all,@"D:/DOM/Essential.Net");
System.Security.IPermission p7 = p5.Union(p5);
System.Security.IPermission p8 = p5.Intersect(p6);
System.Diagnostics.Debug.Assert(p4.IsSubsetOf(p3));
System.Diagnostics.Debug.Assert(p1.IsSubsetOf(p3));
System.Diagnostics.Debug.Assert(p6.IsSubsetOf(p5));
System.Diagnostics.Debug.Assert(p5.IsSubsetOf(p6) == false);
System.Security.PermissionSet ps = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
ps.AddPermission(new System.Security.Permissions.SecurityPermission(f1));
ps.AddPermission(new System.Security.Permissions.SecurityPermission(f2));
ps.AddPermission(new System.Security.Permissions.FileIOPermission(all,@"D:/DOM"));
///如System.Net.Dns的类型因为本身访问了资源所以内嵌了权限集
///
ps.AddPermission(new System.Net.DnsPermission(System.Security.Permissions.PermissionState.None));
System.Console.WriteLine(ps);
//System.Console.WriteLine(p3.ToXml().Text);
}