是ASP中的信任级别。NET 4.0过时吗?

时间:2021-08-25 16:03:06

Microsoft introduced a new security model on .NET 4.0 and above which is a replacement for code access security. Since trust levels are code access security, is this approach obsolete?

微软在。net 4.0和以上版本中引入了一个新的安全模型,它可以替代代码访问安全性。既然信任级别是代码访问安全性,那么这种方法过时了吗?

If above statement is in the right way, how do you define a PermissionSet for a concrete ASP.NET application in .NET 4.x?

如果上面的语句是正确的,那么如何定义一个具体的ASP的许可。NET在。NET 4.x中的应用程序?

1 个解决方案

#1

2  

No, ASP.NET trust levels are not obsolete. Your concern that this might be the case seems to be due to a misunderstanding of how CAS has changed in .NET 4.0. CAS has not actually been replaced. Instead, there have been two major changes in how CAS is enforced:

不,ASP。净信任级别没有过时。您对这种情况的担心似乎是由于误解了。net 4.0中CAS是如何变化的。CAS实际上没有被替换。相反,在如何执行CAS方面有两个主要的变化:

  1. The transparency mechanism now plays a key role in code permission enforcement and
  2. 透明机制现在在代码权限执行和执行中起着关键作用
  3. The "naked" CLR no longer enforces CAS policy.
  4. “裸”CLR不再执行CAS策略。

However, if you read the second linked article above, you will see that it is fully expected that hosts such as ASP.NET will continue to enforce CAS permission restrictions. Unless you see a direct indication that some future version of ASP.NET will handle code permission restrictions differently, you should continue to rely on trust levels just as you have in the past.

但是,如果您阅读上面的第二篇链接文章,您将会看到,您完全希望使用诸如ASP这样的主机。NET将继续执行CAS权限限制。除非你能直接看到未来的ASP版本。NET将以不同的方式处理代码权限限制,您应该像以前一样继续依赖信任级别。

#1

2  

No, ASP.NET trust levels are not obsolete. Your concern that this might be the case seems to be due to a misunderstanding of how CAS has changed in .NET 4.0. CAS has not actually been replaced. Instead, there have been two major changes in how CAS is enforced:

不,ASP。净信任级别没有过时。您对这种情况的担心似乎是由于误解了。net 4.0中CAS是如何变化的。CAS实际上没有被替换。相反,在如何执行CAS方面有两个主要的变化:

  1. The transparency mechanism now plays a key role in code permission enforcement and
  2. 透明机制现在在代码权限执行和执行中起着关键作用
  3. The "naked" CLR no longer enforces CAS policy.
  4. “裸”CLR不再执行CAS策略。

However, if you read the second linked article above, you will see that it is fully expected that hosts such as ASP.NET will continue to enforce CAS permission restrictions. Unless you see a direct indication that some future version of ASP.NET will handle code permission restrictions differently, you should continue to rely on trust levels just as you have in the past.

但是,如果您阅读上面的第二篇链接文章,您将会看到,您完全希望使用诸如ASP这样的主机。NET将继续执行CAS权限限制。除非你能直接看到未来的ASP版本。NET将以不同的方式处理代码权限限制,您应该像以前一样继续依赖信任级别。

标签:

相关文章