如何在.Net中实现安全性?

时间:2009-11-02 12:54:16

标签: c# .net security

我有一个对象的安全描述符。我想让用户和组使用该安全描述符获得该对象的权限。如何知道哪些用户使用该安全描述符拥有哪些权限?是否可以使用ObjectSecurity或CommonObjectSecurity抽象类?如果是这样,如何定义访问规则?这有什么工作样本吗?

1 个答案:

答案 0 :(得分:2)

要使用权限访问用户和组,在.Net中我们有一个简单的机制。实现CommonObjectSecurity类,它是一个抽象类,并覆盖AccessRuleFactory和AuditRuleFactory方法,并覆盖AccessRuleType和AuditRuleType属性。在以下示例中,SampleSecurity类派生自CommonObjectSecurity。我们还从AccessRule定义了类SampleAccessRule。我们可以选择实现AddAccessRule和RemoveAccessRule来修改安全性。

public class SampleSecurity : CommonObjectSecurity
{
    public SampleSecurity(bool isContainer)
        : base(isContainer)
    {
    }

    public override AccessRule AccessRuleFactory(IdentityReference identityReference, 
        int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, 
        PropagationFlags propagationFlags, AccessControlType type)
    {
        return new SampleAccessRule(identityReference, accessMask, type);
    }

    public void AddAccessRule(IdentityReference identityReference, 
        int accessMask, AccessControlType type)
    {
        base.AddAccessRule(new ProxyAccessRule(identityReference, accessMask, type));
    }

    public void RemoveAccessRule(ProxyAccessRule rule)
    {
        base.RemoveAccessRule(rule);
    }

    public override Type AccessRuleType
    {
        get { return typeof(ProxyAccessRule); }
    }

    public override AuditRule AuditRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
    {
        throw new NotImplementedException();
    }

    public override Type AuditRuleType
    {
        get { throw new NotImplementedException(); }
    }

            public override Type AccessRightType
    {
        get { return typeof(SampleRightsEnum); }
    }
}

public class SampleAccessRule : AccessRule
{
    public ProxyAccessRule(IdentityReference identity, int accessMask, AccessControlType accessType)
        : base(identity, accessMask, false, InheritanceFlags.None, PropagationFlags.None, accessType)
    {
    }

    public int AccessRights { get { return AccessMask; } }
}

    public enum SampleRightsEnum
{
    sampleRead = 0x001,
    sampleWrite = 0x002,
    sampleExecute = 0x004
}

一旦定义了这个,我们就可以创建一个SampleSecurity对象并为其分配安全描述符,我们可以从中读取下面列出的不同用户的权限。

SampleSecurity security = new SampleSecurity(false);
             security.SetSecurityDescriptorBinaryForm((byte[])securityDescriptor, AccessControlSections.All);
             AuthorizationRuleCollection coll = dataSecurity.GetAccessRules(true, false, typeof(NTAccount));
             foreach (AuthorizationRule rule in coll)
             {
                 SampleAccessRule accRule = rule as SampleAccessRule;
                 SampleRightsEnum rights = (SampleRightsEnum)accRule.AccessRights;
                 Console.Writeline("User or Group {0} having the permissions {1} with access type {2}", rule.IdentityReference.Value, rights.ToString(), accRule.AccessControlType.ToString());
             }
相关问题
最新问题