Share via

SecurityManager.GetStandardSandbox(Evidence) 方法

  • 参考

定义

命名空间:
System.Security
程序集:
System.Security.Permissions.dll
程序集:
mscorlib.dll
包:
System.Security.Permissions v8.0.0
包:
System.Security.Permissions v9.0.0-preview.3.24172.9
Source:
SecurityManager.cs
Source:
SecurityManager.cs
Source:
SecurityManager.cs
Source:
SecurityManager.cs

获取一个权限集,对具有提供的证据的应用程序授予此权限集是安全的。

public:
 static System::Security::PermissionSet ^ GetStandardSandbox(System::Security::Policy::Evidence ^ evidence);
public static System.Security.PermissionSet GetStandardSandbox (System.Security.Policy.Evidence evidence);
static member GetStandardSandbox : System.Security.Policy.Evidence -> System.Security.PermissionSet
Public Shared Function GetStandardSandbox (evidence As Evidence) As PermissionSet

参数

evidence
Evidence

要与某个权限集匹配的主机证据。

返回

PermissionSet

一个权限集,它可用作具有提供的证据的应用程序的权限集。

例外

ArgumentNullException

evidencenull

示例

以下示例演示如何使用 GetStandardSandbox 方法获取沙盒应用程序的权限集。 有关在沙盒中运行应用程序的详细信息,请参阅 如何:在沙盒中运行部分受信任的代码

using System;
using System.Collections;
using System.Diagnostics;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Reflection;
using System.IO;

namespace SimpleSandboxing
{
    class Program
    {
        static void Main(string[] args)
        {
            // Create the permission set to grant to other assemblies.
            // In this case we are granting the permissions found in the LocalIntranet zone.
            Evidence e = new Evidence();
            e.AddHostEvidence(new Zone(SecurityZone.Intranet));
            PermissionSet pset = SecurityManager.GetStandardSandbox(e);

            AppDomainSetup ads = new AppDomainSetup();
            // Identify the folder to use for the sandbox.
            ads.ApplicationBase = "C:\\Sandbox";
            // Copy the application to be executed to the sandbox.
            Directory.CreateDirectory("C:\\Sandbox");
            File.Copy("..\\..\\..\\HelloWorld\\bin\\debug\\HelloWorld.exe", "C:\\sandbox\\HelloWorld.exe", true);

            // Create the sandboxed domain.
            AppDomain sandbox = AppDomain.CreateDomain(
               "Sandboxed Domain",
               e,
               ads,
               pset,
               null);
            sandbox.ExecuteAssemblyByName("HelloWorld");
        }
    }
}

Imports System.Collections
Imports System.Diagnostics
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Reflection
Imports System.IO



Class Program
    
    Shared Sub Main(ByVal args() As String) 
        ' Create the permission set to grant to other assemblies.
        ' In this case we are granting the permissions found in the LocalIntranet zone.
        Dim e As New Evidence()
        e.AddHostEvidence(New Zone(SecurityZone.Intranet))
        Dim pset As PermissionSet = SecurityManager.GetStandardSandbox(e)
        
        Dim ads As New AppDomainSetup()
        ' Identify the folder to use for the sandbox.
        ads.ApplicationBase = "C:\Sandbox"
        ' Copy the application to be executed to the sandbox.
        Directory.CreateDirectory("C:\Sandbox")
        File.Copy("..\..\..\HelloWorld\bin\debug\HelloWorld.exe", "C:\sandbox\HelloWorld.exe", True)
        
        ' Create the sandboxed domain.
        Dim sandbox As AppDomain = AppDomain.CreateDomain("Sandboxed Domain", e, ads, pset, Nothing)
        sandbox.ExecuteAssemblyByName("HelloWorld")
    
    End Sub
End Class

注解

注意

在.NET Framework 4 中,中的evidence主机证据必须包含System.Security.Policy.Zone证据。

下表显示了为每个区域返回的权限集。

区域 权限集
MyComputer FullTrust
Intranet LocalIntranet
Trusted Internet
Internet Internet
Untrusted
NoZone

可以考虑其他证据,如 UrlSite

沙盒可以使用返回的权限集来运行应用程序。 请注意,此方法不指定策略,但可帮助主机确定应用程序请求的权限集是否合理。 此方法可用于将区域映射到沙盒。

适用于