C# 如何在.Net中实现安全性?
我有一个对象的安全描述符。我希望使用该安全描述符获取对该对象具有权限的用户和组。如何知道哪些用户使用该安全描述符拥有哪些权限?可以使用ObjectSecurity或CommonObjectSecurity抽象类吗?如果是,如何定义访问规则?是否有关于此的工作示例?要使用用户和组的权限访问用户和组,在.Net中我们有一个简单的机制。实现作为抽象类的C# 如何在.Net中实现安全性?,c#,.net,security,C#,.net,Security,我有一个对象的安全描述符。我希望使用该安全描述符获取对该对象具有权限的用户和组。如何知道哪些用户使用该安全描述符拥有哪些权限?可以使用ObjectSecurity或CommonObjectSecurity抽象类吗?如果是,如何定义访问规则?是否有关于此的工作示例?要使用用户和组的权限访问用户和组,在.Net中我们有一个简单的机制。实现作为抽象类的CommonObjectSecurity类,并重写方法AccessRuleFactory和AuditRuleFactory,还重写属性AccessRul
CommonObjectSecurity
类,并重写方法AccessRuleFactory
和AuditRuleFactory
,还重写属性AccessRuleType
和AuditRuleType
。在下面的示例中,SampleSecurity
类派生自CommonObjectSecurity
。我们还从AccessRule
定义类SampleAccessRule
。我们可以选择实现AddAccessRule
和RemoveAccessRule
来修改安全性
public class SampleSecurity : CommonObjectSecurity
{
public SampleSecurity(bool isContainer)
: base(isContainer)
{
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference,
int accessMask, bool isInherited, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
{
return new SampleAccessRule(identityReference, accessMask, type);
}
public void AddAccessRule(IdentityReference identityReference,
int accessMask, AccessControlType type)
{
base.AddAccessRule(new SampleAccessRule(identityReference, accessMask, type));
}
public void RemoveAccessRule(SampleAccessRule rule)
{
base.RemoveAccessRule(rule);
}
public override Type AccessRuleType
{
get { return typeof(SampleAccessRule); }
}
public override AuditRule AuditRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
{
throw new NotImplementedException();
}
public override Type AuditRuleType
{
get { throw new NotImplementedException(); }
}
public override Type AccessRightType
{
get { return typeof(SampleRightsEnum); }
}
}
public class SampleAccessRule : AccessRule
{
public SampleAccessRule(IdentityReference identity, int accessMask, AccessControlType accessType)
: base(identity, accessMask, false, InheritanceFlags.None, PropagationFlags.None, accessType)
{
}
public int AccessRights { get { return AccessMask; } }
}
public enum SampleRightsEnum
{
sampleRead = 0x001,
sampleWrite = 0x002,
sampleExecute = 0x004
}
定义好后,我们可以创建SampleSecurity对象并为其分配安全描述符,从中可以读取不同用户的权限,如下所示
SampleSecurity security = new SampleSecurity(false);
security.SetSecurityDescriptorBinaryForm((byte[])securityDescriptor, AccessControlSections.All);
AuthorizationRuleCollection coll = dataSecurity.GetAccessRules(true, false, typeof(NTAccount));
foreach (AuthorizationRule rule in coll)
{
SampleAccessRule accRule = rule as SampleAccessRule;
SampleRightsEnum rights = (SampleRightsEnum)accRule.AccessRights;
Console.Writeline("User or Group {0} having the permissions {1} with access type {2}", rule.IdentityReference.Value, rights.ToString(), accRule.AccessControlType.ToString());
}
现在我试图理解变量
securityDescriptor
是什么。有什么提示吗?