SecurityManager.SavePolicyLevel-Methode
Speichert eine geänderte Sicherheitsrichtlinienebene, die mit LoadPolicyLevelFromFile geladen wurde.
Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)
Syntax
'Declaration
Public Shared Sub SavePolicyLevel ( _
level As PolicyLevel _
)
'Usage
Dim level As PolicyLevel
SecurityManager.SavePolicyLevel(level)
public static void SavePolicyLevel (
PolicyLevel level
)
public:
static void SavePolicyLevel (
PolicyLevel^ level
)
public static void SavePolicyLevel (
PolicyLevel level
)
public static function SavePolicyLevel (
level : PolicyLevel
)
Parameter
- level
Das zu speichernde PolicyLevel-Objekt.
Ausnahmen
| Ausnahmetyp | Bedingung |
|---|---|
Der diese Methode aufrufende Code verfügt nicht über SecurityPermissionFlag.ControlPolicy. |
Hinweise
Die PolicyLevel wird an demselben Ort gespeichert, an dem sie geladen wurde.
Beispiel
Das vollständige Beispiel finden Sie unter dem Thema zur SecurityManager-Klasse.
' Create a custom named permission set based on the LocalIntranet permission set.
Private Shared Sub CreateCompanyPermission()
Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy()
' Move through the policy levels to the Machine policy level.
While policyEnumerator.MoveNext()
Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current, PolicyLevel)
If currentLevel.Label = "Machine" Then
' Enumerate the permission sets in the Machine policy level.
Dim namedPermissions As IList = currentLevel.NamedPermissionSets
Dim namedPermission As IEnumerator = namedPermissions.GetEnumerator()
' Locate the LocalIntranet permission set.
While namedPermission.MoveNext()
If CType(namedPermission.Current, NamedPermissionSet).Name = "LocalIntranet" Then
' The current permission set is a copy of the LocalIntranet permission set.
' It can be modified to provide the permissions for the new permission set.
' Rename the copy to the name chosen for the new permission set.
CType(namedPermission.Current, NamedPermissionSet).Name = "MyCompany"
Dim permissions As IEnumerator = CType(namedPermission.Current, NamedPermissionSet).GetEnumerator()
' Remove the current security permission from the permission set and replace it
' with a new security permission that does not have the right to assert permissions.
While permissions.MoveNext()
If permissions.Current.GetType().ToString() = "System.Security.Permissions.SecurityPermission" Then
' Remove the current security permission.
CType(namedPermission.Current, NamedPermissionSet).RemovePermission(permissions.Current.GetType())
' Add a new security permission that only allows execution.
CType(namedPermission.Current, NamedPermissionSet).AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution))
Exit While
End If
End While
Try
' If you run this application twice, the following instruction throws
' an exception because the named permission set is already present.
' You can remove the custom named permission set using Caspole.exe or the
' .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(CType(namedPermission.Current, NamedPermissionSet))
SecurityManager.SavePolicy()
' Catch the exception for a duplicate permission set.
Catch e As System.ArgumentException
Console.WriteLine(e.Message)
Return
End Try
Console.WriteLine(CType(namedPermission.Current, NamedPermissionSet).ToString())
Exit While
End If
End While
End If
End While
End Sub 'CreateCompanyPermission
// Create a custom named permission set based on the LocalIntranet permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while(policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
if(currentLevel.Label == "Machine")
{
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions = currentLevel.NamedPermissionSets;
IEnumerator namedPermission = namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while(namedPermission.MoveNext())
{
if(((NamedPermissionSet)namedPermission.Current).Name == "LocalIntranet")
{
// The current permission set is a copy of the LocalIntranet permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
((NamedPermissionSet)namedPermission.Current).Name = "MyCompany";
IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator();
// Remove the current security permission from the permission set and replace it
// with a new security permission that does not have the right to assert permissions.
while(permissions.MoveNext())
{
if(permissions.Current.GetType().ToString() == "System.Security.Permissions.SecurityPermission")
{
// Remove the current security permission.
((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType());
// Add a new security permission that only allows execution.
((NamedPermissionSet)namedPermission.Current).AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch ( System.ArgumentException e)
{
Console.WriteLine(e.Message);
return;
}
Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString());
break;
}
}
}
}
}
// Create a custom named permission set based on the LocalIntranet permission set.
void CreateCompanyPermission()
{
IEnumerator^ policyEnumerator = SecurityManager::PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while ( policyEnumerator->MoveNext() )
{
PolicyLevel^ currentLevel = dynamic_cast<PolicyLevel^>(policyEnumerator->Current);
if ( currentLevel->Label->Equals( "Machine" ) )
{
// Enumerate the permission sets in the Machine policy level.
IList^ namedPermissions = currentLevel->NamedPermissionSets;
IEnumerator^ namedPermission = namedPermissions->GetEnumerator();
// Locate the LocalIntranet permission set.
while ( namedPermission->MoveNext() )
{
if ( (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name->Equals( "LocalIntranet" ) )
{
// The current permission set is a copy of the LocalIntranet permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name = "MyCompany";
IEnumerator^ permissions = (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->GetEnumerator();
// Remove the current security permission from the permission set and replace it
// with a new security permission that does not have the right to assert permissions.
while ( permissions->MoveNext() )
{
if ( permissions->Current->GetType()->ToString()->Equals( "System.Security.Permissions.SecurityPermission" ) )
{
// Remove the current security permission.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->RemovePermission( permissions->Current->GetType() );
// Add a new security permission that only allows execution.
(dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel->AddNamedPermissionSet( safe_cast<NamedPermissionSet^>(namedPermission->Current) );
SecurityManager::SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch ( System::ArgumentException^ e )
{
Console::WriteLine( e->Message );
return;
}
Console::WriteLine( );
break;
}
}
}
}
}
// Create a custom named permission set based on the LocalIntranet
// permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while (policyEnumerator.MoveNext()) {
PolicyLevel currentLevel =
((PolicyLevel)(policyEnumerator.get_Current()));
if (currentLevel.get_Label().equalsIgnoreCase("Machine")) {
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions =
currentLevel.get_NamedPermissionSets();
IEnumerator namedPermission =
namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while (namedPermission.MoveNext()) {
if (((NamedPermissionSet)(namedPermission.get_Current()))
.get_Name().equalsIgnoreCase("LocalIntranet")) {
// The current permission set is a copy of the
// LocalIntranet permission set.It can be modified
// to provide the permissions for the new permission
// set.Rename the copy to the name chosen for the new
// permission set.
((NamedPermissionSet)(namedPermission.get_Current())).
set_Name("MyCompany");
IEnumerator permissions = ((NamedPermissionSet)
(namedPermission.get_Current())).GetEnumerator();
// Remove the current security permission from the
// permission set and replace it with a new security
// permission that does not have the right to assert
// permissions.
while (permissions.MoveNext()) {
if (
permissions.get_Current().GetType().ToString()
.equalsIgnoreCase("System.Security."
+ "Permissions.SecurityPermission")) {
// Remove the current security permission.
((NamedPermissionSet)
(namedPermission.get_Current()))
.RemovePermission(permissions.get_Current()
.GetType());
// Add a new security permission that only
// allows execution.
((NamedPermissionSet)
(namedPermission.get_Current()))
.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
break;
}
}
try {
// If you run this application twice, the following
// instruction throws an exception because the
// named permission set is already present.You can
// remove the custom named permission set using
// Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(
((NamedPermissionSet)
(namedPermission.get_Current())));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch (System.ArgumentException e) {
Console.WriteLine(e.get_Message());
return;
}
Console.WriteLine(((NamedPermissionSet)
(namedPermission.get_Current())).ToString());
break;
}
}
}
}
} //CreateCompanyPermission
.NET Framework-Sicherheit
- SecurityPermission zum Ändern von Richtlinien. Zugeordnete Enumeration: SecurityPermissionFlag.ControlPolicy
Plattformen
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
.NET Framework unterstützt nicht alle Versionen sämtlicher Plattformen. Eine Liste der unterstützten Versionen finden Sie unter Systemanforderungen.
Versionsinformationen
.NET Framework
Unterstützt in: 2.0, 1.1, 1.0
Siehe auch
Referenz
SecurityManager-Klasse
SecurityManager-Member
System.Security-Namespace