每个视图ASP.NET MVC的基础上code访问安全性 [英] Code Access Security on a per-view ASP.NET MVC basis
问题描述
我的ASP.NET MVC应用程序包括许多由最终用户可编辑(它们存储在数据库中,并加载通过的VirtualPathProvider)。
My ASP.NET MVC application includes a number of View files that are editable by the end-user (they're stored in a database and loaded via a VirtualPathProvider).
我想我的允许用户编辑自己的视图文件,但是我很警惕的安全隐患。
I'd like to allow my users to edit their view files, however I'm wary of the security implications.
有没有什么办法可以强制执行某种code-访问的安全性,确保在视图中的任何code不能执行任何危险的任务(即最小的信任,它只能通过访问数据库传入的库对象和表现自己。没有文件系统访问,无需调试它的主机进程,等等)。
Is there any way I can enforce some kind of code-access-security that ensures that any code in the view cannot perform any dangerous tasks (i.e. minimum trust, it can only access the database via a passed-in repository object and render itself. No filesystem access, no debugging its host process, etc).
我可以限制该视图派生自(由有我的VirtualPathProvider提供头超<%@页
指令,而只有渲染功能主体由返回数据库),所以我可以强制执行CAS应用属性此超,或者是它的东西更多地参与,这是不容易的任务?
I can restrict the superclass that the view derives from (by having my VirtualPathProvider provide the header <%@ Page
directive, while only the render function body is returned from the database), so can I enforce CAS by applying attributes to this superclass, or is it something more involved and this is no easy task?
推荐答案
在MVC运行的齐的AppDomain ,这意味着在框架中的所有code具有相同的权限集运行。因此,没有办法来降低给定视图的CAS权限。 (你不会真的想无论如何要做到这一点,因为这将prevent正常工作的MVC框架。)
MVC runs in a homogeneous AppDomain, which means that all code in the framework runs with the same permission set. As such, there is no way to lower the CAS permissions of a given view. (You wouldn't really want to do this anyway, as it would prevent the MVC framework from working properly.)
唯一可行的解决方案 - 但不幸这是工作的一个很大 - 是定义一个根本不能用来做什么危险你自己的视图格式,然后有一个知道如何成为意见的自定义视图引擎该类型。这使您能够界定危险的,但是你想,阻塞服务器端code的执行,甚至试图阻止JavaScript执行(这是它自己的仪式相当艰巨的任务)的能力。
The only feasible solution - though unfortunately this is a great deal of work - is to define your own view format that simply can't be used to do anything dangerous, then have a custom view engine that knows how to serve views of that type. This gives you the ability to define "dangerous" however you want, from blocking server-side code execution to even attempting to block Javascript execution (which is quite a difficult task in its own rite).
这篇关于每个视图ASP.NET MVC的基础上code访问安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!