Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Fügt der aktuellen Richtlinienebene ein NamedPermissionSet hinzu.
Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)
Syntax
'Declaration
Public Sub AddNamedPermissionSet ( _
permSet As NamedPermissionSet _
)
'Usage
Dim instance As PolicyLevel
Dim permSet As NamedPermissionSet
instance.AddNamedPermissionSet(permSet)
public void AddNamedPermissionSet (
NamedPermissionSet permSet
)
public:
void AddNamedPermissionSet (
NamedPermissionSet^ permSet
)
public void AddNamedPermissionSet (
NamedPermissionSet permSet
)
public function AddNamedPermissionSet (
permSet : NamedPermissionSet
)
Parameter
- permSet
Das NamedPermissionSet, das der aktuellen Richtlinienebene hinzugefügt werden soll.
Ausnahmen
| Ausnahmetyp | Bedingung |
|---|---|
Der permSet-Parameter ist NULL (Nothing in Visual Basic). |
|
Der permSet-Parameter hat denselben Namen wie ein vorhandenes NamedPermissionSet auf dem PolicyLevel. |
Hinweise
Richtlinienebenen legen den Gültigkeitsbereich benannter Berechtigungssätze fest.
Beispiel
Im folgenden Code wird veranschaulicht, wie einer Richtlinienebene ein benannter Berechtigungssatz hinzugefügt wird. Dieses Codebeispiel ist Teil eines umfangreicheren Beispiels für die PolicyLevel-Klasse.
' Create a custom named permission set based on the LocalIntranet permission set.
Private Shared Sub CreateCompanyPermission()
Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy()
' Move through the policy levels to the Machine policy level.
While policyEnumerator.MoveNext()
Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current, PolicyLevel)
If currentLevel.Label = "Machine" Then
' Enumerate the permission sets in the Machine policy level.
Dim namedPermissions As IList = currentLevel.NamedPermissionSets
Dim namedPermission As IEnumerator = namedPermissions.GetEnumerator()
' Locate the LocalIntranet permission set.
While namedPermission.MoveNext()
If CType(namedPermission.Current, NamedPermissionSet).Name = "LocalIntranet" Then
' The current permission set is a copy of the LocalIntranet permission set.
' It can be modified to provide the permissions for the new permission set.
' Rename the copy to the name chosen for the new permission set.
CType(namedPermission.Current, NamedPermissionSet).Name = "MyCompany"
Dim permissions As IEnumerator = CType(namedPermission.Current, NamedPermissionSet).GetEnumerator()
' Remove the current security permission from the permission set and replace it
' with a new security permission that does not have the right to assert permissions.
While permissions.MoveNext()
If permissions.Current.GetType().ToString() = "System.Security.Permissions.SecurityPermission" Then
' Remove the current security permission.
CType(namedPermission.Current, NamedPermissionSet).RemovePermission(permissions.Current.GetType())
' Add a new security permission that only allows execution.
CType(namedPermission.Current, NamedPermissionSet).AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution))
Exit While
End If
End While
Try
' If you run this application twice, the following instruction throws
' an exception because the named permission set is already present.
' You can remove the custom named permission set using Caspole.exe or the
' .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(CType(namedPermission.Current, NamedPermissionSet))
SecurityManager.SavePolicy()
' Catch the exception for a duplicate permission set.
Catch e As System.ArgumentException
Console.WriteLine(e.Message)
Return
End Try
Console.WriteLine(CType(namedPermission.Current, NamedPermissionSet).ToString())
Exit While
End If
End While
End If
End While
End Sub 'CreateCompanyPermission
// Create a custom named permission set based on the LocalIntranet permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while(policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
if(currentLevel.Label == "Machine")
{
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions = currentLevel.NamedPermissionSets;
IEnumerator namedPermission = namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while(namedPermission.MoveNext())
{
if(((NamedPermissionSet)namedPermission.Current).Name == "LocalIntranet")
{
// The current permission set is a copy of the LocalIntranet permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
((NamedPermissionSet)namedPermission.Current).Name = "MyCompany";
IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator();
// Remove the current security permission from the permission set and replace it
// with a new security permission that does not have the right to assert permissions.
while(permissions.MoveNext())
{
if(permissions.Current.GetType().ToString() == "System.Security.Permissions.SecurityPermission")
{
// Remove the current security permission.
((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType());
// Add a new security permission that only allows execution.
((NamedPermissionSet)namedPermission.Current).AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch ( System.ArgumentException e)
{
Console.WriteLine(e.Message);
return;
}
Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString());
break;
}
}
}
}
}
// Create a custom named permission set based on the LocalIntranet permission set.
void CreateCompanyPermission()
{
IEnumerator^ policyEnumerator = SecurityManager::PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while ( policyEnumerator->MoveNext() )
{
PolicyLevel^ currentLevel = dynamic_cast<PolicyLevel^>(policyEnumerator->Current);
if ( currentLevel->Label->Equals( "Machine" ) )
{
// Enumerate the permission sets in the Machine policy level.
IList^ namedPermissions = currentLevel->NamedPermissionSets;
IEnumerator^ namedPermission = namedPermissions->GetEnumerator();
// Locate the LocalIntranet permission set.
while ( namedPermission->MoveNext() )
{
if ( (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name->Equals( "LocalIntranet" ) )
{
// The current permission set is a copy of the LocalIntranet permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name = "MyCompany";
IEnumerator^ permissions = (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->GetEnumerator();
// Remove the current security permission from the permission set and replace it
// with a new security permission that does not have the right to assert permissions.
while ( permissions->MoveNext() )
{
if ( permissions->Current->GetType()->ToString()->Equals( "System.Security.Permissions.SecurityPermission" ) )
{
// Remove the current security permission.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->RemovePermission( permissions->Current->GetType() );
// Add a new security permission that only allows execution.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel->AddNamedPermissionSet( safe_cast<NamedPermissionSet^>(namedPermission->Current) );
SecurityManager::SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch ( System::ArgumentException^ e )
{
Console::WriteLine( e->Message );
return;
}
Console::WriteLine( );
break;
}
}
}
}
}
// Create a custom named permission set based on the LocalIntranet
// permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while (policyEnumerator.MoveNext()) {
PolicyLevel currentLevel =
((PolicyLevel)(policyEnumerator.get_Current()));
if (currentLevel.get_Label().equalsIgnoreCase("Machine")) {
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions =
currentLevel.get_NamedPermissionSets();
IEnumerator namedPermission =
namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while (namedPermission.MoveNext()) {
if (((NamedPermissionSet)(namedPermission.get_Current()))
.get_Name().equalsIgnoreCase("LocalIntranet")) {
// The current permission set is a copy of the
// LocalIntranet permission set.It can be modified
// to provide the permissions for the new permission
// set.Rename the copy to the name chosen for the new
// permission set.
((NamedPermissionSet)(namedPermission.get_Current())).
set_Name("MyCompany");
IEnumerator permissions = ((NamedPermissionSet)
(namedPermission.get_Current())).GetEnumerator();
// Remove the current security permission from the
// permission set and replace it with a new security
// permission that does not have the right to assert
// permissions.
while (permissions.MoveNext()) {
if (
permissions.get_Current().GetType().ToString()
.equalsIgnoreCase("System.Security."
+ "Permissions.SecurityPermission")) {
// Remove the current security permission.
((NamedPermissionSet)
(namedPermission.get_Current()))
.RemovePermission(permissions.get_Current()
.GetType());
// Add a new security permission that only
// allows execution.
((NamedPermissionSet)
(namedPermission.get_Current()))
.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
break;
}
}
try {
// If you run this application twice, the following
// instruction throws an exception because the
// named permission set is already present.You can
// remove the custom named permission set using
// Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(
((NamedPermissionSet)
(namedPermission.get_Current())));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch (System.ArgumentException e) {
Console.WriteLine(e.get_Message());
return;
}
Console.WriteLine(((NamedPermissionSet)
(namedPermission.get_Current())).ToString());
break;
}
}
}
}
} //CreateCompanyPermission
Plattformen
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
.NET Framework unterstützt nicht alle Versionen sämtlicher Plattformen. Eine Liste der unterstützten Versionen finden Sie unter Systemanforderungen.
Versionsinformationen
.NET Framework
Unterstützt in: 2.0, 1.1, 1.0
Siehe auch
Referenz
PolicyLevel-Klasse
PolicyLevel-Member
System.Security.Policy-Namespace