使用.NET Framework安全系统 [英] Using the .NET Framework security system
问题描述
我想知道-你们中的任何人实际上使用System.Security.Permissions命名空间中的各种类吗?我主要开发台式机/服务器端组件(即没有Web),并且一般的假设是FullTrust始终可用,并且在并非如此的环境中不执行测试.除了MS源代码(EnterpriseLibrary等)之外,我还没有看到使用上述结构的实际使用中源代码.
I was wondering - do any of you actually use the various classes in the System.Security.Permissions namespace? I mainly develop desktop/server-side components (i.e., no web) and the general assumption is that FullTrust is always available and no testing is performed on environments for which this is not the case. Apart from MS source code (EnterpriseLibrary and such), I have yet to see actual, in-use source code that makes use of said constructs.
这是普遍现象,还是我们例外?我当然知道,不进行这种测试是我们这方面的问题...
Is this prevalent, or are we the exception? I know, of course, that not doing this kind of testing is a problem on our side...
推荐答案
我大量使用PrincipalPermissionAttribute来要求用户从Thread的Principal中具有必要的访问权限(使用角色)-在我的业务中节省了大量手动检查代码(显然,UI也应该检查并禁用按钮等-这只是后端的双重检查).
I make lots of use of PrincipalPermissionAttribute to demand the user has necessary access rights (using roles) from the Thread's Principal - saves a lot of manual checking in my business code (obviously the UI should check too and disable buttons etc - this is just the double-check at the back-end).
我发现基于主体的安全性非常全面,尤其是使用自定义主体时.但是我不使用CAS的东西.
I find Principal-based security to be very versatily, especially with a custom Principal. But I don't use the CAS stuff.
这篇关于使用.NET Framework安全系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
