AddressOfCallBacks: The VA of a null-terminated array of TLS callback function pointers.The array is null terminated, and as a result this field is never null and points to an all-zero pointer if no callback functions are specified. The IL assembler does not support TLS callback functions, so the entire array of TLS callback function pointers consists of a null terminator. This null terminator immediately follows the TLS directory structure in the .sdata section.

AddressOfCallBacksTLS回调函数指针数组的虚地址。这个数组是以null结尾的,所以这个字段不为null,并且,如果没有指定回调函数,那么这个字段就会指向一个全部为0的指针。IL编译器并不支持TLS回调函数,所以整个TLS回调函数指针数组将会由null终结符组成。在.sdata节中,这个null终结符紧跟在TLS目录结构之后。


•SiteIdentityPermission.

This permission identifies the Web site from which the code originates. The attribute class has one property, Site, of type string, which

contains part of the Web site’s URL with a stripped protocol specification at the start and the filename at the end—for example, http://www.microsoft.com/ in the URL http://www.microsoft.com/ms.htm. The protocol is presumed to be HTTP, HTTPS, or FTP. The wildcard character (*) is allowed in the site specifications, this time as the left part of the specification. 

l         SiteIdentityPermission 该许可权限标识了代码来自于哪个Web站点。特性类有一个属性Site,类型为string,它包含着Web站点的URL的一部分,其开始部分是剥离的协议说明,结束位置为文件名——例如,在URLhttp://www.microsoft.com/ms.htm中的http://www.microsoft.com/。假定该协议为HTTPHTTPSFTP。在站点的说明中可以使用通配符,此时通配符位于说明的左边部分。 

•IsolatedStorageFilePermission.

 This permission definesthe right to access the isolated storage. Briefly, the isolated storage is a storage space allocated specifically for the user’s application, providing a data store independent of the structure of the local file system, a sort of “sandbox” for the application to play in without touching the rest of the file system. Data compartments within the isolated storage are defined by the identity of the application or component code. Thus, there’s no need to work magic with the file paths to ensure that the data storages specific to different applications don’t overlap. The attribute class has two properties:


该访问权限拒绝对独立存储的访问。简而言之,独立存储(isolated storage),就是专门为用户应用程序分配的存储空间,提供了独立于本地文件系统结构的数据存储,对于应用程序来说是一种触及不到文件系统其余部分的“沙盒”sandbox)。独立存储中的数据舱(data compartment)是由应用程序代码或组件代码的标识定义的。这样,就不需要处理文件路径了,从而保证了用于不同应用程序的数据存储不会重叠。特性类有两个属性:


Permission Sets

     Individual permissionobjects (the instances of the permission classes) can be combined into permission sets. A permission set is an instance of the [mscorlib]System.Security.PermissionSet class or of the [mscorlib]System.Security.NamedPermissionSet class, which

is derived from the former. A permission set can be constructed, such as by combining all permissions relevant to a certain resource or to a certain metadata item (the assembly, a class, or a method).

     The PermissionSet class, after its constituent permission classes, implements the interface IPermission with its methods Copy, Intersect, Union, IsSubsetOf, and Demand.

The declarative security is represented in the metadata by the unnamed permission sets, grouped by the security action. Each such permission set is attributed toone metadata item(assembly, class, or method).


单个许可权限对象(许可权限类的实例)可以组合到许可权限集中。许可权限集是[mscorlib]System.Security.PermissionSet类或[mscorlib]System.Security.NamedPermissionSet类的实例,后一个类派生于前一个类。例如,可以通过组合与某个资源或某个元数据(程序集、类或方法)相关的所有许可权限来构造许可权限集。

PermissionSet类,在组成它的许可权限类之后,实现了接口IPermission及其CopyIntersectUnionIsSubsetOfDemand方法。

声明性安全在元数据中由未命名的许可权限集表示,通过安全操作进行分组。每个这样的许可权限集都归因于一个元数据项(程序集、类或方法)。