Updated: September 2008
The common language runtime allows code to perform only those operations that the code has permission to perform. The runtime uses objects called permissions to implement its mechanism for enforcing restrictions on managed code.
There are three kinds of permissions, and each has a specific purpose:
Code Access Permissions, which represent access to a protected resource or the ability to perform a protected operation.
Identity Permissions (a category of code access permissions), which indicate that code has credentials that support a particular kind of identity.
Role-Based Security Permissions, which provide a mechanism for discovering whether a user (or the agent acting on the user's behalf) has a particular identity or is a member of a specified role. PrincipalPermission is the only role-based security permission.
Security permissions can be in the form of a permission class (Imperative Security) or an attribute that represents a permission class (Declarative Security). The base class for security permissions is CodeAccessPermission; the base class for security permission attributes is CodeAccessSecurityAttribute.
An application, in the form of an assembly, is granted a set of permissions. The grants are made by using predefined permission sets. The .NET Framework provides default NamedPermissionSets. The grant set determines the permissions the code has available to it. The runtime grants permissions to code based on characteristics of the code's identity, on the permissions that are requested, and on how much the code is trusted (as determined by security policy set by an administrator). For more information about how the runtime decides which permissions to grant, see Security Policy and Permission Grants.
The primary uses of permissions are as follows:
Library code can demand that its callers have specific permissions. If you place a Demand for a permission in your code, all code that uses your code is expected to have that permission to run. Demands can be used to determine whether callers have access to specific resources or to discover the identity of a caller.
Code can verify that it has the permissions it either needs or could use. Use the RequestMinimum flag to confirm that code has the permissions it needs to run. For more information, see How to: Request Minimum Permissions by Using the RequestMinimum Flag.
Code can use permissions to deny access to resources it wants to protect. You can use the ability to deny permissions to protect against inadvertent access by your own code; for example, you can limit file access to a specific location when you accept a file path from user input. However, we do not recommend using permission requests to prohibit access for the purpose of protecting against intentional misuse. Called assemblies, which have the refused permissions in their grant set, can override denied permissions by using the Assert method. The only way to securely protect resources from untrusted code in referenced assemblies is to execute that code with a grant set that does not include those permissions.
The runtime provides built-in permission classes in several namespaces and also supplies support for designing and implementing custom permission classes.