PolicyLevel.AddNamedPermissionSet メソッドとは？ わかりやすく解説

.NET Framework クラス ライブラリ リファレンス

PolicyLevel.AddNamedPermissionSet メソッド

NamedPermissionSet を現在のポリシー レベルに追加します。

名前空間: System.Security.Policy
アセンブリ: mscorlib (mscorlib.dll 内)
構文

Visual Basic (宣言)

Public Sub AddNamedPermissionSet ( _
    permSet As NamedPermissionSet _
)

Visual Basic (使用法)

Dim instance As PolicyLevel
Dim permSet As NamedPermissionSet

instance.AddNamedPermissionSet(permSet)

C#

public void AddNamedPermissionSet (
    NamedPermissionSet permSet
)

C++

public:
void AddNamedPermissionSet (
    NamedPermissionSet^ permSet
)

J#

public void AddNamedPermissionSet (
    NamedPermissionSet permSet
)

JScript

public function AddNamedPermissionSet (
    permSet : NamedPermissionSet
)

パラメータ

permSet

現在のポリシー レベルに追加する NamedPermissionSet。

例外

例外の種類	条件
ArgumentNullException	permSet パラメータが null 参照 (Visual Basic では Nothing) です。
ArgumentException	permSet パラメータが、PolicyLevel の既存の NamedPermissionSet と同じ名前です。

解説

名前付きアクセス許可セットのスコープは、ポリシー レベルで設定されます。

使用例

名前を指定してアクセス許可をポリシー レベルに追加する方法を次のコード例に示します。このコード例は、PolicyLevel クラスのトピックで取り上げているコード例の一部分です。

Visual Basic

' Create a custom named permission set based on the LocalIntranet permission
 set.
Private Shared Sub CreateCompanyPermission()
    Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy()
    ' Move through the policy levels to the Machine policy level.
    While policyEnumerator.MoveNext()
        Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current,
 PolicyLevel)
        If currentLevel.Label = "Machine"
 Then
            ' Enumerate the permission sets in the Machine policy level.
            Dim namedPermissions As IList =
 currentLevel.NamedPermissionSets
            Dim namedPermission As IEnumerator
 = namedPermissions.GetEnumerator()
            ' Locate the LocalIntranet permission set.
            While namedPermission.MoveNext()
                If CType(namedPermission.Current, NamedPermissionSet).Name
 = "LocalIntranet" Then
                    ' The current permission set is a copy of the LocalIntranet
 permission set.
                    ' It can be modified to provide the permissions
 for the new permission set.
                    ' Rename the copy to the name chosen for the new
 permission set.
                    CType(namedPermission.Current, NamedPermissionSet).Name = "MyCompany"
                    Dim permissions As IEnumerator
 = CType(namedPermission.Current, NamedPermissionSet).GetEnumerator()
                    ' Remove the current security permission from the
 permission set and replace it 
                    ' with a new security permission that does not have
 the right to assert permissions.
                    While permissions.MoveNext()
                        If permissions.Current.GetType().ToString()
 = "System.Security.Permissions.SecurityPermission"
 Then
                            ' Remove the current security permission.
                            CType(namedPermission.Current, NamedPermissionSet).RemovePermission(permissions.Current.GetType())
                            ' Add a new security permission that only
 allows execution.
                            CType(namedPermission.Current, NamedPermissionSet).AddPermission(New
 SecurityPermission(SecurityPermissionFlag.Execution))
                            Exit While
                        End If
                    End While
                    Try
                        ' If you run this application twice, the following
 instruction throws
                        ' an exception because the named permission
 set is already present.
                        ' You can remove the custom named permission
 set using Caspole.exe or the  
                        ' .NET Framework Configuration tool 
                        currentLevel.AddNamedPermissionSet(CType(namedPermission.Current,
 NamedPermissionSet))
                        SecurityManager.SavePolicy()
                        ' Catch the exception for a duplicate permission
 set.
                    Catch e As System.ArgumentException
                        Console.WriteLine(e.Message)
                        Return
                    End Try
                    Console.WriteLine(CType(namedPermission.Current, NamedPermissionSet).ToString())
                    Exit While
                End If
            End While
        End If
    End While
End Sub 'CreateCompanyPermission

C#

// Create a custom named permission set based on the LocalIntranet permission
 set.
private static void CreateCompanyPermission()
{
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
    // Move through the policy levels to the Machine policy level.
    while(policyEnumerator.MoveNext())
    {
        PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
        if(currentLevel.Label == "Machine")
        {
            // Enumerate the permission sets in the Machine policy level.
            IList namedPermissions = currentLevel.NamedPermissionSets;
            IEnumerator namedPermission = namedPermissions.GetEnumerator();
            // Locate the LocalIntranet permission set.
            while(namedPermission.MoveNext())
            {
                if(((NamedPermissionSet)namedPermission.Current).Name
 == "LocalIntranet")
                {
                    // The current permission set is a copy of the LocalIntranet
 permission set.
                    // It can be modified to provide the permissions
 for the new permission set.
                    // Rename the copy to the name chosen for the new
 permission set.
                    ((NamedPermissionSet)namedPermission.Current).Name = "MyCompany";
                    IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator();
                    // Remove the current security permission from the
 permission set and replace it
                    // with a new security permission that does not
 have the right to assert permissions.
                    while(permissions.MoveNext())
                    {
                        if(permissions.Current.GetType().ToString()
 == "System.Security.Permissions.SecurityPermission")
                        {
                            // Remove the current security permission.
                            ((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType());
                            // Add a new security permission that only
 allows execution.
                            ((NamedPermissionSet)namedPermission.Current).AddPermission(new
 SecurityPermission(SecurityPermissionFlag.Execution));
                            break;
                        }
                    }
                    try
                    {
                        // If you run this application twice, the following
 instruction throws
                        // an exception because the named permission
 set is already present.
                        // You can remove the custom named permission
 set using Caspole.exe or the
                        // .NET Framework Configuration tool
                        currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current));
                        SecurityManager.SavePolicy();
                    }
                        // Catch the exception for a duplicate permission
 set.
                    catch ( System.ArgumentException e)
                    {
                        Console.WriteLine(e.Message);
                        return;
                    }
                    Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString());
                    break;
                }
            }
        }
    }
}

C++

// Create a custom named permission set based on the LocalIntranet permission
 set.
void CreateCompanyPermission()
{
   IEnumerator^ policyEnumerator = SecurityManager::PolicyHierarchy();

   // Move through the policy levels to the Machine policy level.
   while ( policyEnumerator->MoveNext() )
   {
      PolicyLevel^ currentLevel = dynamic_cast<PolicyLevel^>(policyEnumerator->Current);
      if ( currentLevel->Label->Equals( "Machine"
 ) )
      {
         // Enumerate the permission sets in the Machine policy level.
         IList^ namedPermissions = currentLevel->NamedPermissionSets;
         IEnumerator^ namedPermission = namedPermissions->GetEnumerator();

         // Locate the LocalIntranet permission set.
         while ( namedPermission->MoveNext() )
         {
            if ( (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name->Equals(
 "LocalIntranet" ) )
            {
               // The current permission set is a copy of the LocalIntranet
 permission set.
               // It can be modified to provide the permissions for
 the new permission set.
               // Rename the copy to the name chosen for the new permission
 set.
               (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name
 = "MyCompany";
               IEnumerator^ permissions = (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->GetEnumerator();

               // Remove the current security permission from the permission
 set and replace it 
               // with a new security permission that does not have
 the right to assert permissions.
               while ( permissions->MoveNext() )
               {
                  if ( permissions->Current->GetType()->ToString()->Equals(
 "System.Security.Permissions.SecurityPermission" ) )
                  {
                     // Remove the current security permission.
                     (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->RemovePermission(
 permissions->Current->GetType() );

                     // Add a new security permission that only allows
 execution.
                     (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->AddPermission(
 gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
                     break;
                  }
               }
               try
               {
                  // If you run this application twice, the following
 instruction throws
                  // an exception because the named permission set is
 already present.
                  // You can remove the custom named permission set
 using Caspole.exe or the  
                  // .NET Framework Configuration tool 
                  currentLevel->AddNamedPermissionSet( safe_cast<NamedPermissionSet^>(namedPermission->Current)
 );
                  SecurityManager::SavePolicy();
               }
               // Catch the exception for a duplicate permission set.
               catch ( System::ArgumentException^ e ) 
               {
                  Console::WriteLine( e->Message );
                  return;
               }

               Console::WriteLine(  );
               break;
            }
         }
      }
   }
}

J#

// Create a custom named permission set based on the LocalIntranet
// permission set.
private static void CreateCompanyPermission()
{
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();

    // Move through the policy levels to the Machine policy level.
    while (policyEnumerator.MoveNext()) {
        PolicyLevel currentLevel = 
            ((PolicyLevel)(policyEnumerator.get_Current()));
        if (currentLevel.get_Label().equalsIgnoreCase("Machine"))
 {
            // Enumerate the permission sets in the Machine policy level.
            IList namedPermissions =
                currentLevel.get_NamedPermissionSets();
            IEnumerator namedPermission = 
                namedPermissions.GetEnumerator();

            // Locate the LocalIntranet permission set.
            while (namedPermission.MoveNext()) {
                if (((NamedPermissionSet)(namedPermission.get_Current()))
                        .get_Name().equalsIgnoreCase("LocalIntranet"))
 {
                    // The current permission set is a copy of the
                    // LocalIntranet permission set.It can be modified
                    // to provide the permissions for the new permission
                    // set.Rename the copy to the name chosen for the
 new
                    // permission set.
                    ((NamedPermissionSet)(namedPermission.get_Current())).
                        set_Name("MyCompany");

                    IEnumerator permissions = ((NamedPermissionSet)
                        (namedPermission.get_Current())).GetEnumerator();

                    // Remove the current security permission from the
                    // permission set and replace it with a new security
                    // permission that does not have the right to assert
                    // permissions.
                    while (permissions.MoveNext()) {
                        if (
                            permissions.get_Current().GetType().ToString()
                            .equalsIgnoreCase("System.Security."
                            + "Permissions.SecurityPermission")) {
                            // Remove the current security permission.
                            ((NamedPermissionSet)
                                (namedPermission.get_Current()))
                                .RemovePermission(permissions.get_Current()
                                .GetType());

                            // Add a new security permission that only
                            // allows execution.
                            ((NamedPermissionSet)
                            (namedPermission.get_Current()))
                            .AddPermission(new SecurityPermission
                            (SecurityPermissionFlag.Execution));
                            break;
                        }
                    }

                    try {
                        // If you run this application twice, the following
                        // instruction throws an exception because the
                        // named permission set is already present.You
 can
                        // remove the custom named permission set using
                        // Caspole.exe or the
                        // .NET Framework Configuration tool
                        currentLevel.AddNamedPermissionSet(
                            ((NamedPermissionSet)
                            (namedPermission.get_Current())));
                        SecurityManager.SavePolicy();
                    }
                    // Catch the exception for a duplicate permission
 set.
                    catch (System.ArgumentException e) {
                        Console.WriteLine(e.get_Message());
                        return;
                    }
                    Console.WriteLine(((NamedPermissionSet)
                        (namedPermission.get_Current())).ToString());
                    break;
                }
            }
        }
    }
} //CreateCompanyPermission

プラットフォーム

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。

バージョン情報

.NET Framework
サポート対象 : 2.0、1.1、1.0

参照

関連項目
PolicyLevel クラス
PolicyLevel メンバ
System.Security.Policy 名前空間