As two important branches of. NET security, role-based security and code access security cannot be separated from an important concept-permission (permissions ). In role-based security, the PrincipalPermission class is used to check the identity of the calling thread. In code access security, classes derived from CodeAccessPermission are used to check the permissions of all threads that execute the current method.
The permission object uses an existing security policy to indicate whether the operation is allowed or denied. For secure code access permissions (but this does not apply to user permissions),. net clr provides a stack traversal mechanism to determine whether all call stack frames have the appropriate permissions. Note that if the permission object is null, we can regard it as equivalent to PermissionState. None, indicating that no permission is provided. Permissions are often used in the following scenarios:
1. Define the permissions required for code execution.
2. The system's security policy can recognize or reject code requests.
3. The code uses the Demand method to ensure that the code it calls has the required permissions.
4. The code can also use the Assert, Deny, or PermitOnly method to skip the security stack check mechanism.
In addition, we can also use group permissions. In the PermissionSet class, we can use different permission groups.
Next let's take a look at the most common PrincipalPermission class. As for another common CodeAccessPermission class, we will introduce it in detail in the content of code access security.
As one of the three interfaces implemented by the PrincipalPermission class, the IPermission interface plays an important role in the PrincipalPermission class. The IPermission interface provides the following methods:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.