每个视图ASP.NET MVC的基础上code访问安全性 [英] Code Access Security on a per-view ASP.NET MVC basis

查看:108
本文介绍了每个视图ASP.NET MVC的基础上code访问安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的ASP.NET MVC应用程序包括许多由最终用户可编辑(它们存储在数据库中,并加载通过的VirtualPathProvider)。

My ASP.NET MVC application includes a number of View files that are editable by the end-user (they're stored in a database and loaded via a VirtualPathProvider).

我想我的允许用户编辑自己的视图文件,但是我很警惕的安全隐患。

I'd like to allow my users to edit their view files, however I'm wary of the security implications.

有没有什么办法可以强制执行某种code-访问的安全性,确保在视图中的任何code不能执行任何危险的任务(即最小的信任,它只能通过访问数据库传入的​​库对象和表现自己。没有文件系统访问,无需调试它的主机进程,等等)。

Is there any way I can enforce some kind of code-access-security that ensures that any code in the view cannot perform any dangerous tasks (i.e. minimum trust, it can only access the database via a passed-in repository object and render itself. No filesystem access, no debugging its host process, etc).

我可以限制该视图派生自(由有我的VirtualPathProvider提供头超<%@页指令,而只有渲染功能主体由返回数据库),所以我可以强制执行CAS应用属性此超,或者是它的东西更多地参与,这是不容易的任务?

I can restrict the superclass that the view derives from (by having my VirtualPathProvider provide the header <%@ Page directive, while only the render function body is returned from the database), so can I enforce CAS by applying attributes to this superclass, or is it something more involved and this is no easy task?

推荐答案

在MVC运行的齐的AppDomain ,这意味着在框架中的所有code具有相同的权限集运行。因此,没有办法来降低给定视图的CAS权限。 (你不会真的想无论如何要做到这一点,因为这将prevent正常工作的MVC框架。)

MVC runs in a homogeneous AppDomain, which means that all code in the framework runs with the same permission set. As such, there is no way to lower the CAS permissions of a given view. (You wouldn't really want to do this anyway, as it would prevent the MVC framework from working properly.)

唯一可行的解​​决方案 - 但不幸这是工作的一个很大 - 是定义一个根本不能用来做什么危险你自己的视图格式,然后有一个知道如何成为意见的自定义视图引擎该类型。这使您能够界定危险的,但是你想,阻塞服务器端code的执行,甚至试图阻止JavaScript执行(这是它自己的仪式相当艰巨的任务)的能力。

The only feasible solution - though unfortunately this is a great deal of work - is to define your own view format that simply can't be used to do anything dangerous, then have a custom view engine that knows how to serve views of that type. This gives you the ability to define "dangerous" however you want, from blocking server-side code execution to even attempting to block Javascript execution (which is quite a difficult task in its own rite).

这篇关于每个视图ASP.NET MVC的基础上code访问安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆