如何在.Net中实现安全性?

问题描述 投票:1回答:1

我有一个对象的安全描述符。我想使用该安全描述符让用户和组对该对象具有权限。如何知道使用该安全描述符的用户具有哪些权限?是否可以使用ObjectSecurity或CommonObjectSecurity抽象类?如果是这样,如何定义访问规则?是否有任何工作示例?

c# .net security
1个回答
3
投票

要访问具有权限的用户和组,在.Net中,我们有一个简单的机制。实现作为抽象类的CommonObjectSecurity类,并覆盖方法AccessRuleFactoryAuditRuleFactory,还覆盖属性AccessRuleTypeAuditRuleType。在以下示例中,SampleSecurity类是从CommonObjectSecurity派生的。我们还从SampleAccessRule定义了类AccessRule。我们可以选择实现AddAccessRuleRemoveAccessRule来修改安全性。

public class SampleSecurity : CommonObjectSecurity
{
    public SampleSecurity(bool isContainer)
        : base(isContainer)
    {
    }

    public override AccessRule AccessRuleFactory(IdentityReference identityReference, 
        int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, 
        PropagationFlags propagationFlags, AccessControlType type)
    {
        return new SampleAccessRule(identityReference, accessMask, type);
    }

    public void AddAccessRule(IdentityReference identityReference, 
        int accessMask, AccessControlType type)
    {
        base.AddAccessRule(new SampleAccessRule(identityReference, accessMask, type));
    }

    public void RemoveAccessRule(SampleAccessRule rule)
    {
        base.RemoveAccessRule(rule);
    }

    public override Type AccessRuleType
    {
        get { return typeof(SampleAccessRule); }
    }

    public override AuditRule AuditRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
    {
        throw new NotImplementedException();
    }

    public override Type AuditRuleType
    {
        get { throw new NotImplementedException(); }
    }

    public override Type AccessRightType
    {
        get { return typeof(SampleRightsEnum); }
    }
}

public class SampleAccessRule : AccessRule
{
    public SampleAccessRule(IdentityReference identity, int accessMask, AccessControlType accessType)
        : base(identity, accessMask, false, InheritanceFlags.None, PropagationFlags.None, accessType)
    {
    }

    public int AccessRights { get { return AccessMask; } }
}

public enum SampleRightsEnum
{
    sampleRead = 0x001,
    sampleWrite = 0x002,
    sampleExecute = 0x004
}

一旦定义,我们就可以创建SampleSecurity对象并为其分配安全描述符,从中我们可以读取下面列出的不同用户的权限。

SampleSecurity security = new SampleSecurity(false);
security.SetSecurityDescriptorBinaryForm((byte[])securityDescriptor, AccessControlSections.All);
AuthorizationRuleCollection coll = dataSecurity.GetAccessRules(true, false, typeof(NTAccount));
foreach (AuthorizationRule rule in coll)
{
    SampleAccessRule accRule = rule as SampleAccessRule;
    SampleRightsEnum rights = (SampleRightsEnum)accRule.AccessRights;
    Console.Writeline("User or Group {0} having the permissions {1} with access type {2}", rule.IdentityReference.Value, rights.ToString(), accRule.AccessControlType.ToString());
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.