有人可以向我解释ASP.NET信任级别吗? [英] Can someone explain ASP.NET trust levels to me?

问题描述

我已经听到很多有关信任级别的信息，有人试图向我解释它，但是仍然无法给出我将一个信任级别应用于另一个信任级别的情况.

I've heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.

我已经阅读了 MSDN的文章，但没有为我做很多事.

I've read through MSDN's article but it didn't do much for me.

有人可以提供一个现实世界的示例，说明您何时希望使用各种级别(满"，高"，中"，低"和最小")，并说明如果使用该级别我会暴露给自己什么样的安全风险错误的人?

Can someone provide a real world example of when you would want to use the various levels (Full, High, Medium, Low, and Minimal) and explain what kind of security risk I would be exposing myself to if I were to use the wrong one?

推荐答案

此文章可能比您正在阅读的技术文章更好地解释了它.

This article might explain it a lot better than the technical one you were reading.

这是最好的部分:

中等信任摘要

对媒体的主要限制信任Web应用程序是:

The main constraints placed on medium trust Web applications are:

• OleDbPermission不可用.这意味着您不能使用ADO.NET管理的OLE DB数据提供程序访问数据库.然而，您可以使用托管的SQL Server提供程序访问SQL Server数据库.

• OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.

EventLogPermission不可用.这意味着你不能访问Windows事件日志.

EventLogPermission is not available. This means you cannot access the Windows event log.

ReflectionPermission不可用.这意味着您不能使用反思.

ReflectionPermission is not available. This means you cannot use reflection.

RegistryPermission不可用.这意味着你不能访问注册表.

RegistryPermission is not available. This means you cannot access the registry.

WebPermission受限制.这意味着您的应用程序只能与地址或范围通讯您在元素.

WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the element.

FileIOPermission受限制.这意味着您只能访问文件在您应用程序的虚拟环境中目录层次结构.你的申请被授予读取，写入，附加和您的PathDiscovery权限应用程序的虚拟目录

FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

您也无法拨打电话非托管代码或使用企业服务.

You are also prevented from calling unmanaged code or from using Enterprise Services.

一个容易想到的现实情况是，如果您是提供人托管服务的ISP，那么您需要在哪里.允许任何人编写可访问文件系统的代码意味着任何人都可以在您的服务器上做任何他们想做的事情，而该服务器可能托管多个客户端.

An easy real-world situation to imagine where you need this is if you are an ISP offering hosting to people. Allowing anyone to write code that can access the filesystem means that anyone could do anything they want on your server, which might be hosting multiple clients.

这篇关于有人可以向我解释ASP.NET信任级别吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！