내보내기(0) 인쇄
모두 확장

HostSecurityManager 클래스

업데이트: 2007년 11월

응용 프로그램 도메인에 대한 보안 동작을 제어하고 사용자 지정할 수 있습니다.

네임스페이스:  System.Security
어셈블리:  mscorlib(mscorlib.dll)

[SerializableAttribute]
[ComVisibleAttribute(true)]
[SecurityPermissionAttribute(SecurityAction.InheritanceDemand, Flags = SecurityPermissionFlag.Infrastructure)]
[SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure)]
public class HostSecurityManager
/** @attribute SerializableAttribute */ 
/** @attribute ComVisibleAttribute(true) */
/** @attribute SecurityPermissionAttribute(SecurityAction.InheritanceDemand, Flags = SecurityPermissionFlag.Infrastructure) */
/** @attribute SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure) */
public class HostSecurityManager
public class HostSecurityManager

AppDomain을 만들면 공용 언어 런타임에서 AppDomainManager에게 AppDomain에 대한 보안 결정에 참여하는 HostSecurityManager가 있는지 쿼리합니다. 호스트 공급자는 HostSecurityManager 클래스에서 상속되는 호스트 보안 관리자를 구현해야 합니다.

상속자 참고 사항:

HostSecurityManager의 일부 멤버는 어셈블리가 로드될 때마다 암시적 또는 명시적으로 호출됩니다. DomainPolicy 속성과 ProvideAssemblyEvidenceProvideAppDomainEvidence 메서드에 대한 get 접근자에서 임의의 어셈블리를 로드하게 되면 HostSecurityManager의 멤버가 재귀적으로 호출되므로 임의의 어셈블리가 로드되지 않도록 해야 합니다. 순환 참조를 피하려면 HostSecurityManager에서 파생되는 클래스의 생성자에서 어셈블리를 암시적 또는 명시적으로 로드할 수 있는 클래스의 새 인스턴스를 만들어야 합니다.

다음 코드 예제에서는 매우 단순한 HostSecurityManager 구현을 보여 줍니다.

// To replace the default security manager with MySecurityManager, add the 
// assembly to the GAC and call MySecurityManager in the
// custom implementation of the AppDomainManager.

using System;
using System.Collections;
using System.Net;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Security.Principal;
using System.Threading;
using System.Runtime.InteropServices;
using System.Runtime.Hosting;

[assembly: System.Security.AllowPartiallyTrustedCallersAttribute()]
namespace MyNamespace
{
	[Serializable()]
       [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.Infrastructure)]
	public class MySecurityManager : HostSecurityManager
	{
		public MySecurityManager()
		{
			Console.WriteLine(" Creating MySecurityManager.");
		}

		private PolicyLevel myDomainPolicy = null;
		public override PolicyLevel DomainPolicy
		{
			get
			{
				if (AppDomain.CurrentDomain.FriendlyName == "DefaultDomain" ||
					AppDomain.CurrentDomain.FriendlyName == "Compilation Domain")
					return null;

				if (myDomainPolicy == null)
					myDomainPolicy = CreateAppDomainPolicy();
				return myDomainPolicy;
			}
		}

		private HostSecurityManagerOptions hostFlags = HostSecurityManagerOptions.HostDetermineApplicationTrust |
												   HostSecurityManagerOptions.HostAssemblyEvidence;
		public override HostSecurityManagerOptions Flags
		{
			get
			{
				return hostFlags;
			}
		}

		public override Evidence ProvideAssemblyEvidence(Assembly loadedAssembly, Evidence evidence)
		{
			Console.WriteLine("Provide assembly evidence for: " + (loadedAssembly == null ? "Unknown" : loadedAssembly.ToString()) + ".");
			if (evidence == null)
				return null;

			evidence.AddAssembly(new CustomEvidenceType());
			return evidence;
		}
		public override Evidence ProvideAppDomainEvidence(Evidence evidence)
		{
			Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain." );
			if (evidence == null)
				return null;

			evidence.AddHost(new CustomEvidenceType());
			return evidence;
		}

        [SecurityPermissionAttribute(SecurityAction.Demand, Execution = true)]
		[SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted = true)]
		public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
		{
			if (applicationEvidence == null)
				throw new ArgumentNullException("applicationEvidence");

			// Get the activation context from the application evidence.
			// This HostSecurityManager does not examine the activator evidence
			// nor is it concerned with the TrustManagerContext;
			// it simply grants the requested grant in the application manifest.

			IEnumerator enumerator = applicationEvidence.GetHostEnumerator();
			ActivationArguments activationArgs = null;
			while (enumerator.MoveNext())
			{
				activationArgs = enumerator.Current as ActivationArguments;
				if (activationArgs != null)
					break;
			}

			if (activationArgs == null)
				return null;

			ActivationContext activationContext = activationArgs.ActivationContext;
			if (activationContext == null)
				return null;

			ApplicationTrust trust = new ApplicationTrust(activationContext.Identity);
			ApplicationSecurityInfo asi = new ApplicationSecurityInfo(activationContext);
			trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
			trust.IsApplicationTrustedToRun = true;
			return trust;
		}

		private static NamedPermissionSet localIntranet;
		private static PolicyLevel CreateAppDomainPolicy()
		{
			Console.WriteLine("CreateAppDomainPolicy called.");
			PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
			// The root code group of the policy level combines all
			// permissions of its children.
			UnionCodeGroup rootCodeGroup;
			PermissionSet ps = new PermissionSet(PermissionState.None);
			ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
			rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(),
				new PolicyStatement(ps, PolicyStatementAttribute.Nothing));

			// The following code limits all code on this machine to local intranet permissions
			// when running in this application domain.
			FindNamedPermissionSet("LocalIntranet");
			UnionCodeGroup virtualIntranet = new UnionCodeGroup(
				new ZoneMembershipCondition(SecurityZone.MyComputer),
				new PolicyStatement(localIntranet,
				PolicyStatementAttribute.Nothing));
			virtualIntranet.Name = "Virtual Intranet";
			// Add the code groups to the policy level.
			rootCodeGroup.AddChild(virtualIntranet);
			pLevel.RootCodeGroup = rootCodeGroup;
			return pLevel;
		}

		private static void FindNamedPermissionSet(string name)
		{
			IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();

			while (policyEnumerator.MoveNext())
			{
				PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;

				if (currentLevel.Label == "Machine")
				{
					IList namedPermissions = currentLevel.NamedPermissionSets;
					IEnumerator namedPermission = namedPermissions.GetEnumerator();

					while (namedPermission.MoveNext())
					{
						if (((NamedPermissionSet)namedPermission.Current).Name == name)
						{
							Console.WriteLine("Named permission set " +
								((NamedPermissionSet)namedPermission.Current).Name + " found.");
							// Save the LocalIntranet permissions set for later use.
							localIntranet = ((NamedPermissionSet)namedPermission.Current);
						}
					}
				}
			}
		}
	}
    [Serializable()]
    public class CustomEvidenceType
    {
        public CustomEvidenceType() { }

        public override string ToString()
        {
            return "CustomEvidenceType";
        }
    }
}


System.Object
  System.Security.HostSecurityManager

이 형식의 모든 공용 static(Visual Basic의 경우 Shared) 멤버는 스레드로부터 안전합니다. 인터페이스 멤버는 스레드로부터 안전하지 않습니다.

Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

.NET Framework 및 .NET Compact Framework에서 모든 플랫폼의 전체 버전을 지원하지는 않습니다. 지원되는 버전의 목록을 보려면 .NET Framework 시스템 요구 사항을 참조하십시오.

.NET Framework

3.5, 3.0, 2.0에서 지원

커뮤니티 추가 항목

추가
표시:
© 2014 Microsoft