Learn about secure content in the. NET Framework

Safety

It is easy to take some time to learn something in the heavy development task. Found that there are several examples of system.security content in the machine, this namespace is really never used before, just take to learn. Because it is not a systematic study, bad organization, think about it, as an example to illustrate it.

First, set permissions

1[fileiopermission (SecurityAction.Demand, write= "C:\\temp.txt")]
2public class App:System.Windows.Forms.Form
3{
4//Slightly
5}
FileIOPermissionAttribute is defined in the System.Security.Permissions. It inherits from SecurityAttribute, in this case, the need to use the APP class must have write permissions on the C:\temp.txt file.

The security requirements in documentation for the. NET Framework are as follows: "To ensure that only calls that have been granted a specified permission can call your code, you can declaratively or forcefully require that callers of your code have specific permissions or permission sets. Requires that the runtime perform security checks to enforce restrictions on the calling code. During the security check process, the runtime traverses the call stack, examines the permissions of each caller in the stack, and then determines whether the required permissions have been granted to each caller. If a caller does not find a required permission, the security check fails and a SecurityException is raised. ”

In the example, the permission appears declaratively. SecurityAction.Demand can be used as a class or method, where it acts on a class. Write is one of the attributes of FileIOPermission, and other common properties are Read, Append, all, and so on.

There are also some values in the SecurityAction enumeration that act on the Assembly. For example, the following examples:

[Assembly:securitypermission (SecurityAction.RequestMinimum, Unmanagedcode=true)]
SecurityAction.RequestMinimum is the minimum permission that is requested to run. This line requires that the assembly allow calls to unmanaged code.

In addition to declaring the way, you can use coercion. Like the following code:

1FileIOPermission fileperm = new FileIOPermission (fileiopermissionaccess.allaccess, "C:\\temp.txt");
2try
3{
4 Fileperm.demand ();
5
6//Code to access file goes
7}
8catch (SecurityException excep)
9{
Ten MessageBox.Show (excep. message);
one return;
12}
13
Second, User role management

The management of users and their roles is to be used in many programs. Now that the ASP.net 2.0 has been greatly enhanced, developers do not need to know the technology to make a good application. But for Windows Form applications, programmers need to set themselves up in many places.

Assuming that we know the userName and the roles it belongs to, then you can set the Principal of the current thread:

1GenericIdentity genident = new GenericIdentity (userName);
2GenericPrincipal Genprin = new GenericPrincipal (genident, roles);
3thread.currentprincipal = Genprin;
4
Then we have three ways to authenticate user roles.

The first approach is to use the Genericprincipal.isinrole method:

1GenericPrincipal Currentprin = Thread.CurrentPrincipal as GenericPrincipal;
2
3IF (Currentprin!= null && currentprin.isinrole ("Manager"))
4{
5//Slightly
6}
7
The second approach is to use the PrincipalPermission class, similar to the coercion in permission settings:

1PrincipalPermission prinperm = new PrincipalPermission (null, "Manager");
2
3try
4{
5 Prinperm.demand ();
6
7//do Something
8}
9catch
10{
One//error handling
12}
The third way is similar to the declarative way in permission setting:

1private void Decpermbutton_click (object sender, System.EventArgs e)
2{
3 Try
4 {
5 performmanageraction ();
6//Do something
7}
8 catch
9 {
Ten//Error handling
11}
12}
13
14[principalpermission (SecurityAction.Demand, role= "Manager")]
15void performmanageraction ()
16{
17}
Another important aspect of security is encryption. I have no time to write today.