Silverlight 中使用安全关键构造函数子类化透明类型的安全规则 [英] Security rules for subclassing transparent type with safe-critical constructor in Silverlight

问题描述

在 Silverlight (v4.0) 安全模型中，Shawn Farkas 说从类型派生:

In the Silverlight (v4.0) security model, Shawn Farkas says of deriving from types:

[...] 我们看到应用程序类型只能从其他应用程序类型或透明平台类型.(*)

[...] we see that application types may only derive from other application types or transparent platform types. (*)

* 部分是:

(*) 这在 99.9% 的情况下是正确的.关于类的默认构造函数的可见性还有另一条规则(我们将在下周深入研究安全模型时讨论)，它还要求基类的默认构造函数(如果有的话)，也必须是透明的.实际上，您通常不会在平台中找到有趣的透明类型，它们也没有透明的默认构造函数，因此此规则通常不会起作用.

(*) This true in 99.9% case. There is another rule about the visibility of the default constructor of a class (which we'll get into next week when we dig deeper into the security model), which also requires that the base class' default constructor (if it has one), must be transparent as well. Practically speaking, you're not generally going to find interesting transparent types in the platform which do not also have transparent default constructors, so this rule doesn't normally come into play.

然而，有一种有趣的透明类型没有透明的默认构造函数——WebClient 类.还有一个很好的理由想要继承它 - 覆盖 GetWebRequest 以提供对 cookie 的支持.

There is, however, one such interesting transparent type which does not have a transparent default constructor - the WebClient class. There's also a good reason to want to subclass it - to override GetWebRequest to provide support for cookies.

作为测试，我尝试了以下有和没有构造函数属性...

As a test, I've tried the following both with and without the constructor attribute...

public class MyWebClient : WebClient
{
    [SecuritySafeCritical] // matches the attribute on the base class ctor
    public MyWebClient() { }
}

...但无论哪种方式都会出现以下错误:

...but get the following error either way:

重写成员时违反了继承安全规则:'MyWebClient..ctor()'.覆盖方法的安全可访问性必须与被覆盖方法的安全可访问性相匹配.

Inheritance security rules violated while overriding member: 'MyWebClient..ctor()'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

在我看来，这就是他提到的 0.1% 的情况.不幸的是，据我所知，下一篇文章从未扩展过这里的规则.因此我有两个问题:

It looks to me like this is the 0.1% case that he mentions. Unfortunately, as far as I can tell, the next posts never did expand on what the rule would be here. Thus I have two questions:

1. 有人知道这个 0.1% 规则是什么吗?
2. 假设 1，是否可以从 Silverlight 4 中的 WebClient 派生?

推荐答案

我对 这个问题涵盖了您的第 1 部分.

My answer to this question covers part 1 of yours.

对 2 的答案是否定的，但在 WebClient 的情况下，如果您有某种理由，您可以创建自己的.

The answer to 2 is simply no, but in the case of WebClient, you can create your own if you have some reason to do so.

这篇关于Silverlight 中使用安全关键构造函数子类化透明类型的安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！