Thread-CurrentPrincipal
// Get and set thread's current principal (for role based security).
// 获取并设置线程的当前主体(用于基于角色的安全性)。
public static IPrincipal CurrentPrincipal { [System.Security.SecuritySafeCritical] // auto-generated get { lock (CurrentThread) { IPrincipal principal = (IPrincipal) CallContext.Principal; if (principal == null) { principal = GetDomain().GetThreadPrincipal(); CallContext.Principal = principal; } return principal; } } [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)] set { CallContext.Principal = value; } }
CurrentPrincipal是静态属性,首先看下,Principal
using System.Runtime.InteropServices;
namespace System.Security.Principal
[System.Runtime.InteropServices.ComVisible(true)] public interface IPrincipal { // Retrieve the identity object IIdentity Identity { get; } // Perform a check for a specific role bool IsInRole (string role); }
是在namespace System.Security.Principal下的,属于安全方面的。怎么做到安全呢?就是加上自定义名称,和认证类型,保证该线程是自己发起的,如下代码所示:
string[] rolesArray = { "managers", "executives" }; try { // Set the principal to a new generic principal. Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity( "Bob", "Passport"), rolesArray); } catch (SecurityException secureException) { Console.WriteLine("{0}: Permission to set Principal " + "is denied.", secureException.GetType().Name); } IPrincipal threadPrincipal = Thread.CurrentPrincipal; Console.WriteLine("Name: {0}\nIsAuthenticated: {1}" + "\nAuthenticationType: {2}", threadPrincipal.Identity.Name, threadPrincipal.Identity.IsAuthenticated, threadPrincipal.Identity.AuthenticationType);
输出结果是
Name: Bob
IsAuthenticated: True
AuthenticationType: Passport
True