HostSecurityManager クラス
メモ : このクラスは、.NET Framework version 2.0 で新しく追加されたものです。 アプリケーション ドメインのセキュリティ動作の制御およびカスタマイズを実行できるようにします。 名前空間: System.Security
アセンブリ: mscorlib (mscorlib.dll 内)
構文
解説
使用例
.NET Framework のセキュリティ
継承階層
スレッド セーフ
プラットフォーム
バージョン情報
参照
アセンブリ: mscorlib (mscorlib.dll 内)
構文解説新しい AppDomain を作成すると、共通言語ランタイムによって AppDomainManager に HostSecurityManager が存在するかどうかが照会されます。これは、AppDomain に対するセキュリティ決定を行う際に考慮されます。ホストのプロバイダには、HostSecurityManager クラスを継承するホスト セキュリティ マネージャを実装する必要があります。
継承時の注意 HostSecurityManager の一部のメンバは、暗黙的または明示的にアセンブリが読み込まれるたびに呼び出されます。DomainPolicy プロパティの get アクセサ、ProvideAssemblyEvidence メソッド、および ProvideAppDomainEvidence メソッドでは、アセンブリを読み込まないでください。アセンブリを読み込むと、HostSecurityManager のメンバが再帰的に呼び出されるためです。循環参照を避けるには、HostSecurityManager から派生したクラスのコンストラクタで、暗黙的または明示的にアセンブリの読み込みを実行できるクラスのインスタンスを新しく作成します。使用例HostSecurityManager の非常に単純な実装を次のコード例に示します。
' To replace the default security manager with MySecurityManager, add the ' assembly to the GAC and call MySecurityManager in the ' custom implementation of the AppDomainManager. Imports System Imports System.Collections Imports System.Net Imports System.Reflection Imports System.Security Imports System.Security.Permissions Imports System.Security.Policy Imports System.Security.Principal Imports System.Threading Imports System.Runtime.InteropServices Imports System.Runtime.Hosting <Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()> <Serializable()> _ <SecurityPermissionAttribute(SecurityAction.Demand, Flags:=SecurityPermissionFlag.Infrastructure)> _ Public Class MySecurityManager Inherits HostSecurityManager Public Sub New() Console.WriteLine(" Creating MySecurityManager.") End Sub 'New Private myDomainPolicy As PolicyLevel = Nothing Public Overrides ReadOnly Property DomainPolicy() As PolicyLevel Get If AppDomain.CurrentDomain.FriendlyName = "DefaultDomain" OrElse AppDomain.CurrentDomain.FriendlyName = "Compilation Domain" Then Return Nothing End If If myDomainPolicy Is Nothing Then myDomainPolicy = CreateAppDomainPolicy() End If Return myDomainPolicy End Get End Property Private hostFlags As HostSecurityManagerOptions = HostSecurityManagerOptions.HostDetermineApplicationTrust Or HostSecurityManagerOptions.HostAssemblyEvidence Public Overrides ReadOnly Property Flags() As HostSecurityManagerOptions Get Return hostFlags End Get End Property Public Overrides Function ProvideAssemblyEvidence(ByVal loadedAssembly As [Assembly], ByVal evidence As Evidence) As Evidence Console.WriteLine("Provide assembly evidence for: " + IIf(loadedAssembly Is Nothing, "Unknown", loadedAssembly.ToString()) + ".") 'TODO: For performance reasons this should be changed to nested IF statements If evidence Is Nothing Then Return Nothing End If evidence.AddAssembly(New CustomEvidenceType()) Return evidence End Function 'ProvideAssemblyEvidence Public Overrides Function ProvideAppDomainEvidence(ByVal evidence As Evidence) As Evidence Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.") If evidence Is Nothing Then Return Nothing End If evidence.AddHost(New CustomEvidenceType()) Return evidence End Function 'ProvideAppDomainEvidence <SecurityPermissionAttribute(SecurityAction.Demand, Execution:=True), SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted:=True)> _ Public Overrides Function DetermineApplicationTrust(ByVal applicationEvidence As Evidence, ByVal activatorEvidence As Evidence, ByVal context As TrustManagerContext) As ApplicationTrust If applicationEvidence Is Nothing Then Throw New ArgumentNullException("applicationEvidence") End If ' Get the activation context from the application evidence. ' This HostSecurityManager does not examine the activator evidence ' nor is it concerned with the TrustManagerContext; ' it simply grants the requested grant in the application manifest. Dim enumerator As IEnumerator = applicationEvidence.GetHostEnumerator() Dim activationArgs As ActivationArguments = Nothing While enumerator.MoveNext() activationArgs = enumerator.Current ' If Not (activationArgs Is Nothing) Then Exit While End If End While If activationArgs Is Nothing Then Return Nothing End If Dim activationContext As ActivationContext = activationArgs.ActivationContext If activationContext Is Nothing Then Return Nothing End If Dim trust As New ApplicationTrust(activationContext.Identity) Dim asi As New ApplicationSecurityInfo(activationContext) trust.DefaultGrantSet = New PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing) trust.IsApplicationTrustedToRun = True Return trust End Function 'DetermineApplicationTrust Private Shared localIntranet As NamedPermissionSet Private Shared Function CreateAppDomainPolicy() As PolicyLevel Console.WriteLine("CreateAppDomainPolicy called.") Dim pLevel As PolicyLevel = PolicyLevel.CreateAppDomainLevel() ' The root code group of the policy level combines all ' permissions of its children. Dim rootCodeGroup As UnionCodeGroup Dim ps As New PermissionSet(PermissionState.None) ps.AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution)) rootCodeGroup = New UnionCodeGroup(New AllMembershipCondition(), New PolicyStatement(ps, PolicyStatementAttribute.Nothing)) ' The following code limits all code on this machine to local intranet permissions ' when running in this application domain. FindNamedPermissionSet("LocalIntranet") Dim virtualIntranet As New UnionCodeGroup(New ZoneMembershipCondition(SecurityZone.MyComputer), New PolicyStatement(localIntranet, PolicyStatementAttribute.Nothing)) virtualIntranet.Name = "Virtual Intranet" ' Add the code groups to the policy level. rootCodeGroup.AddChild(virtualIntranet) pLevel.RootCodeGroup = rootCodeGroup Return pLevel End Function 'CreateAppDomainPolicy Private Shared Sub FindNamedPermissionSet(ByVal name As String) Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy() While policyEnumerator.MoveNext() Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current, PolicyLevel) If currentLevel.Label = "Machine" Then Dim namedPermissions As IList = currentLevel.NamedPermissionSets Dim namedPermission As IEnumerator = namedPermissions.GetEnumerator() While namedPermission.MoveNext() If CType(namedPermission.Current, NamedPermissionSet).Name = name Then Console.WriteLine("Named permission set " + CType(namedPermission.Current, NamedPermissionSet).Name + " found.") ' Save the LocalIntranet permissions set for later use. localIntranet = CType(namedPermission.Current, NamedPermissionSet) End If End While End If End While End Sub 'FindNamedPermissionSet End Class 'MySecurityManager <Serializable()> _ Public Class CustomEvidenceType Public Sub New() End Sub 'New Public Overrides Function ToString() As String Return "CustomEvidenceType" End Function 'ToString End Class 'CustomEvidenceType
// To replace the default security manager with MySecurityManager, add the // assembly to the GAC and call MySecurityManager in the // custom implementation of the AppDomainManager. using System; using System.Collections; using System.Net; using System.Reflection; using System.Security; using System.Security.Permissions; using System.Security.Policy; using System.Security.Principal; using System.Threading; using System.Runtime.InteropServices; using System.Runtime.Hosting; [assembly: System.Security.AllowPartiallyTrustedCallersAttribute()] namespace MyNamespace { [Serializable()] [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.Infrastructure)] public class MySecurityManager : HostSecurityManager { public MySecurityManager() { Console.WriteLine(" Creating MySecurityManager."); } private PolicyLevel myDomainPolicy = null; public override PolicyLevel DomainPolicy { get { if (AppDomain.CurrentDomain.FriendlyName == "DefaultDomain" || AppDomain.CurrentDomain.FriendlyName == "Compilation Domain") return null; if (myDomainPolicy == null) myDomainPolicy = CreateAppDomainPolicy(); return myDomainPolicy; } } private HostSecurityManagerOptions hostFlags = HostSecurityManagerOptions.HostDetermineApplicationTrust | HostSecurityManagerOptions.HostAssemblyEvidence; public override HostSecurityManagerOptions Flags { get { return hostFlags; } } public override Evidence ProvideAssemblyEvidence(Assembly loadedAssembly, Evidence evidence) { Console.WriteLine("Provide assembly evidence for: " + (loadedAssembly == null ? "Unknown" : loadedAssembly.ToString()) + "."); if (evidence == null) return null; evidence.AddAssembly(new CustomEvidenceType()); return evidence; } public override Evidence ProvideAppDomainEvidence(Evidence evidence) { Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain." ); if (evidence == null) return null; evidence.AddHost(new CustomEvidenceType()); return evidence; } [SecurityPermissionAttribute(SecurityAction.Demand, Execution = true)] [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted = true)] public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context) { if (applicationEvidence == null) throw new ArgumentNullException("applicationEvidence"); // Get the activation context from the application evidence. // This HostSecurityManager does not examine the activator evidence // nor is it concerned with the TrustManagerContext; // it simply grants the requested grant in the application manifest. IEnumerator enumerator = applicationEvidence.GetHostEnumerator(); ActivationArguments activationArgs = null; while (enumerator.MoveNext()) { activationArgs = enumerator.Current as ActivationArguments; if (activationArgs != null) break; } if (activationArgs == null) return null; ActivationContext activationContext = activationArgs.ActivationContext; if (activationContext == null) return null; ApplicationTrust trust = new ApplicationTrust(activationContext.Identity); ApplicationSecurityInfo asi = new ApplicationSecurityInfo(activationContext); trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing); trust.IsApplicationTrustedToRun = true; return trust; } private static NamedPermissionSet localIntranet; private static PolicyLevel CreateAppDomainPolicy() { Console.WriteLine("CreateAppDomainPolicy called."); PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel(); // The root code group of the policy level combines all // permissions of its children. UnionCodeGroup rootCodeGroup; PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(ps, PolicyStatementAttribute.Nothing)); // The following code limits all code on this machine to local intranet permissions // when running in this application domain. FindNamedPermissionSet("LocalIntranet"); UnionCodeGroup virtualIntranet = new UnionCodeGroup( new ZoneMembershipCondition(SecurityZone.MyComputer) , new PolicyStatement(localIntranet, PolicyStatementAttribute.Nothing)); virtualIntranet.Name = "Virtual Intranet"; // Add the code groups to the policy level. rootCodeGroup.AddChild(virtualIntranet); pLevel.RootCodeGroup = rootCodeGroup; return pLevel; } private static void FindNamedPermissionSet(string name) { IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy(); while (policyEnumerator.MoveNext()) { PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current; if (currentLevel.Label == "Machine") { IList namedPermissions = currentLevel.NamedPermissionSets; IEnumerator namedPermission = namedPermissions.GetEnumerator(); while (namedPermission.MoveNext()) { if (((NamedPermissionSet)namedPermission.Current).Name == name) { Console.WriteLine("Named permission set " + ((NamedPermissionSet)namedPermission.Current).Name + " found."); // Save the LocalIntranet permissions set for later use. localIntranet = ((NamedPermissionSet)namedPermission.Current); } } } } } } [Serializable()] public class CustomEvidenceType { public CustomEvidenceType() { } public override string ToString() { return "CustomEvidenceType"; } } }
.NET Framework のセキュリティ継承階層 System.Object
System.Security.HostSecurityManager
System.Security.HostSecurityManager
スレッド セーフプラットフォームWindows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。
バージョン情報参照 このページでは「.NET Framework クラス ライブラリ リファレンス」からHostSecurityManager クラスを検索した結果を表示しています。
Weblioに収録されているすべての辞書からHostSecurityManager クラスを検索する場合は、下記のリンクをクリックしてください。
全ての辞書からHostSecurityManager クラス を検索
Weblioに収録されているすべての辞書からHostSecurityManager クラスを検索する場合は、下記のリンクをクリックしてください。
全ての辞書からHostSecurityManager クラス を検索 - HostSecurityManager クラスのページへのリンク
