代码访问安全性 (CAS) 是一项不受支持的传统技术。 用于启用 CAS 的基础结构(仅存在于 .NET Framework 2.x - 4.x)已弃用,并且不接受服务或安全修补。
因此,从 .NET 5 开始,.NET 中大多数与代码访问安全性 (CAS) 相关的类型均已过时。 这包含 CAS 属性(如 SecurityPermissionAttribute)、CAS 权限对象(如 SocketPermission)、EvidenceBase 派生类型和其他支持 API。 使用这些 API 会在编译时生成警告 SYSLIB0003。
已过时 CAS API 的完整列表如下所示:
System.AppDomain.ExecuteAssembly(String, String[], Byte[], AssemblyHashAlgorithm)
System.AppDomain.PermissionSet
System.Configuration.ConfigurationPermission
System.Configuration.ConfigurationPermissionAttribute
System.Data.Common.DBDataPermission
System.Data.Common.DBDataPermissionAttribute
System.Data.Odbc.OdbcPermission
System.Data.Odbc.OdbcPermissionAttribute
System.Data.OleDb.OleDbPermission
System.Data.OleDb.OleDbPermissionAttribute
System.Data.OracleClient.OraclePermission
System.Data.OracleClient.OraclePermissionAttribute
System.Data.SqlClient.SqlClientPermission
System.Data.SqlClient.SqlClientPermissionAttribute
System.Diagnostics.EventLogPermission
System.Diagnostics.EventLogPermissionAttribute
System.Diagnostics.PerformanceCounterPermission
System.Diagnostics.PerformanceCounterPermissionAttribute
System.DirectoryServices.DirectoryServicesPermission
System.DirectoryServices.DirectoryServicesPermissionAttribute
System.Drawing.Printing.PrintingPermission
System.Drawing.Printing.PrintingPermissionAttribute
System.Net.DnsPermission
System.Net.DnsPermissionAttribute
System.Net.Mail.SmtpPermission
System.Net.Mail.SmtpPermissionAttribute
System.Net.NetworkInformation.NetworkInformationPermission
System.Net.NetworkInformation.NetworkInformationPermissionAttribute
System.Net.PeerToPeer.Collaboration.PeerCollaborationPermission
System.Net.PeerToPeer.Collaboration.PeerCollaborationPermissionAttribute
System.Net.PeerToPeer.PnrpPermission
System.Net.PeerToPeer.PnrpPermissionAttribute
System.Net.SocketPermission
System.Net.SocketPermissionAttribute
System.Net.WebPermission
System.Net.WebPermissionAttribute
System.Runtime.InteropServices.AllowReversePInvokeCallsAttribute
System.Security.CodeAccessPermission
System.Security.HostProtectionException
System.Security.IPermission
System.Security.IStackWalk
System.Security.NamedPermissionSet
System.Security.PermissionSet
System.Security.Permissions.CodeAccessSecurityAttribute
System.Security.Permissions.DataProtectionPermission
System.Security.Permissions.DataProtectionPermissionAttribute
System.Security.Permissions.DataProtectionPermissionFlags
System.Security.Permissions.EnvironmentPermission
System.Security.Permissions.EnvironmentPermissionAccess
System.Security.Permissions.EnvironmentPermissionAttribute
System.Security.Permissions.FileDialogPermission
System.Security.Permissions.FileDialogPermissionAccess
System.Security.Permissions.FileDialogPermissionAttribute
System.Security.Permissions.FileIOPermission
System.Security.Permissions.FileIOPermissionAccess
System.Security.Permissions.FileIOPermissionAttribute
System.Security.Permissions.GacIdentityPermission
System.Security.Permissions.GacIdentityPermissionAttribute
System.Security.Permissions.HostProtectionAttribute
System.Security.Permissions.HostProtectionResource
System.Security.Permissions.IUnrestrictedPermission
System.Security.Permissions.IsolatedStorageContainment
System.Security.Permissions.IsolatedStorageFilePermission
System.Security.Permissions.IsolatedStorageFilePermissionAttribute
System.Security.Permissions.IsolatedStoragePermission
System.Security.Permissions.IsolatedStoragePermissionAttribute
System.Security.Permissions.KeyContainerPermission
System.Security.Permissions.KeyContainerPermissionAccessEntry
System.Security.Permissions.KeyContainerPermissionAccessEntryCollection
System.Security.Permissions.KeyContainerPermissionAccessEntryEnumerator
System.Security.Permissions.KeyContainerPermissionAttribute
System.Security.Permissions.KeyContainerPermissionFlags
System.Security.Permissions.MediaPermission
System.Security.Permissions.MediaPermissionAttribute
System.Security.Permissions.MediaPermissionAudio
System.Security.Permissions.MediaPermissionImage
System.Security.Permissions.MediaPermissionVideo
System.Security.Permissions.PermissionSetAttribute
System.Security.Permissions.PermissionState
System.Security.Permissions.PrincipalPermission
System.Security.Permissions.PrincipalPermissionAttribute
System.Security.Permissions.PublisherIdentityPermission
System.Security.Permissions.PublisherIdentityPermissionAttribute
System.Security.Permissions.ReflectionPermission
System.Security.Permissions.ReflectionPermissionAttribute
System.Security.Permissions.ReflectionPermissionFlag
System.Security.Permissions.RegistryPermission
System.Security.Permissions.RegistryPermissionAccess
System.Security.Permissions.RegistryPermissionAttribute
System.Security.Permissions.ResourcePermissionBase
System.Security.Permissions.ResourcePermissionBaseEntry
System.Security.Permissions.SecurityAction
System.Security.Permissions.SecurityAttribute
System.Security.Permissions.SecurityPermission
System.Security.Permissions.SecurityPermissionAttribute
System.Security.Permissions.SecurityPermissionFlag
System.Security.Permissions.SiteIdentityPermission
System.Security.Permissions.SiteIdentityPermissionAttribute
System.Security.Permissions.StorePermission
System.Security.Permissions.StorePermissionAttribute
System.Security.Permissions.StorePermissionFlags
System.Security.Permissions.StrongNameIdentityPermission
System.Security.Permissions.StrongNameIdentityPermissionAttribute
System.Security.Permissions.StrongNamePublicKeyBlob
System.Security.Permissions.TypeDescriptorPermission
System.Security.Permissions.TypeDescriptorPermissionAttribute
System.Security.Permissions.TypeDescriptorPermissionFlags
System.Security.Permissions.UIPermission
System.Security.Permissions.UIPermissionAttribute
System.Security.Permissions.UIPermissionClipboard
System.Security.Permissions.UIPermissionWindow
System.Security.Permissions.UrlIdentityPermission
System.Security.Permissions.UrlIdentityPermissionAttribute
System.Security.Permissions.WebBrowserPermission
System.Security.Permissions.WebBrowserPermissionAttribute
System.Security.Permissions.WebBrowserPermissionLevel
System.Security.Permissions.ZoneIdentityPermission
System.Security.Permissions.ZoneIdentityPermissionAttribute
System.Security.Policy.ApplicationTrust.ApplicationTrust(PermissionSet, IEnumerable<StrongName>)
System.Security.Policy.ApplicationTrust.FullTrustAssemblies
System.Security.Policy.FileCodeGroup
System.Security.Policy.GacInstalled
System.Security.Policy.IIdentityPermissionFactory
System.Security.Policy.PolicyLevel.AddNamedPermissionSet(NamedPermissionSet)
System.Security.Policy.PolicyLevel.ChangeNamedPermissionSet(String, PermissionSet)
System.Security.Policy.PolicyLevel.GetNamedPermissionSet(String)
System.Security.Policy.PolicyLevel.RemoveNamedPermissionSet
System.Security.Policy.PolicyStatement.PermissionSet
System.Security.Policy.PolicyStatement.PolicyStatement
System.Security.Policy.Publisher
System.Security.Policy.Site
System.Security.Policy.StrongName
System.Security.Policy.StrongNameMembershipCondition
System.Security.Policy.Url
System.Security.Policy.Zone
System.Security.SecurityContext
System.Security.SecurityManager
System.ServiceProcess.ServiceControllerPermission
System.ServiceProcess.ServiceControllerPermissionAttribute
System.Threading.Thread.GetCompressedStack()
System.Threading.Thread.SetCompressedStack(CompressedStack)
System.Transactions.DistributedTransactionPermission
System.Transactions.DistributedTransactionPermissionAttribute
System.Web.AspNetHostingPermission
System.Web.AspNetHostingPermissionAttribute
System.Xaml.Permissions.XamlLoadPermission
工作区
如果要断言任何安全权限,请删除断言该权限的属性或调用。
// REMOVE the attribute below.
[SecurityPermission(SecurityAction.Assert, ControlThread = true)]
public void DoSomething()
{
}
public void DoAssert()
{
// REMOVE the line below.
new SecurityPermission(SecurityPermissionFlag.ControlThread).Assert();
}
如果要拒绝或限制(通过 PermitOnly)任何权限,请与安全顾问联系。 由于 .NET 5 及更高版本的运行时不支持 CAS 属性,因此如果应用程序错误地依赖于 CAS 基础结构来限制对这些方法的访问,则它可能存在安全漏洞。
// REVIEW the attribute below; could indicate security vulnerability.
[SecurityPermission(SecurityAction.Deny, ControlThread = true)]
public void DoSomething()
{
}
public void DoPermitOnly()
{
// REVIEW the line below; could indicate security vulnerability.
new SecurityPermission(SecurityPermissionFlag.ControlThread).PermitOnly();
}
如果要求任何权限(除 PrincipalPermission 外),请删除该请求。 所有请求都将在运行时成功。
// REMOVE the attribute below; it will always succeed.
[SecurityPermission(SecurityAction.Demand, ControlThread = true)]
public void DoSomething()
{
}
public void DoDemand()
{
// REMOVE the line below; it will always succeed.
new SecurityPermission(SecurityPermissionFlag.ControlThread).Demand();
}
如果要求 PrincipalPermission,请参阅 SYSLIB0002:PrincipalPermissionAttribute 已过时指南。 本指南适用于 PrincipalPermission 和 PrincipalPermissionAttribute。
禁止显示警告
建议尽可能使用可用的解决方法。 但是,如果无法更改代码,可以通过 #pragma 指令或 <NoWarn> 项目设置来禁止显示警告。 如果必须使用过时 API,并且 SYSLIB0XXX 诊断没有显示为错误,则可以在代码或项目文件中取消该警告。
若要禁止显示代码中的警告,请执行以下操作:
// Disable the warning.
#pragma warning disable SYSLIB0001
// Code that uses obsolete API.
//...
// Re-enable the warning.
#pragma warning restore SYSLIB0001
若要禁止显示项目文件中的警告,请执行以下操作:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<!-- NoWarn below suppresses SYSLIB0001 project-wide -->
<NoWarn>
