C# 为什么带有deny securityaction的PrincipalPermission仍然允许访问?
当我注意到我添加的方法时,我一直在玩弄身份和原则C# 为什么带有deny securityaction的PrincipalPermission仍然允许访问?,c#,authentication,authorization,identity,principal,C#,Authentication,Authorization,Identity,Principal,当我注意到我添加的方法时,我一直在玩弄身份和原则 [PrincipalPermission(SecurityAction.Deny, Role = "Admin")] 身份 GenericIdentity identity = new GenericIdentity("JC", "Type1"); GenericPrincipal principal = new GenericPrincipal(identity, new string[] { "Admin", "User" }); Thr
[PrincipalPermission(SecurityAction.Deny, Role = "Admin")]
身份
GenericIdentity identity = new GenericIdentity("JC", "Type1");
GenericPrincipal principal = new GenericPrincipal(identity, new string[] { "Admin", "User" });
Thread.CurrentPrincipal = principal;
仍然在不引发SecurityException的情况下被调用,就像它有一个请求安全操作一样
事实上,即使我把这个角色拼错了
[PrincipalPermission(SecurityAction.Deny, Role = "asad")]
它仍然允许我调用该方法,而不会引发太多问题
问题是,为什么
我的全部代码:
static void Main(string[] args)
{
GenericIdentity identity = new GenericIdentity("JC", "Type1");
GenericPrincipal principal = new GenericPrincipal(identity, new string[] { "Admin", "User" });
Thread.CurrentPrincipal = principal;
UsePrincipal();
}
static void UsePrincipal()
{
Console.WriteLine(Thread.CurrentPrincipal.Identity);
try
{
DevWork();
}
catch
{
Console.WriteLine("You Bad!");
}
Console.ReadKey();
}
[PrincipalPermission(SecurityAction.Deny, Role = "Admin")]
static void DevWork() // Will be executed no matter what the role is
{
Console.WriteLine("You Good!");
Console.ReadKey();
}
您可以在文档中看到,
Deny
已过时,并且:
在.NET Framework 4中,已为删除运行时支持
强制执行拒绝、请求最小值、请求可选和请求拒绝
权限请求。这些请求不应用于
基于.NET Framework 4或更高版本
由于您使用的是.NET 4.5.2-您的
拒绝请求将被忽略。您使用的是.NET的哪个版本?.NET framework 4.5.2