Specifies the security actions that can be performed using declarative security.
Assembly: mscorlib (in mscorlib.dll)
<[%$TOPIC/3scex4y1_en-us_VS_110_1_0_0_0_0%]> _
<[%$TOPIC/3scex4y1_en-us_VS_110_1_0_0_0_1%](True)> _
Public Enumeration SecurityAction[[%$TOPIC/3scex4y1_en-us_VS_110_1_0_1_0_0%]]
[[%$TOPIC/3scex4y1_en-us_VS_110_1_0_1_0_1%](true)]
public enum SecurityAction[[%$TOPIC/3scex4y1_en-us_VS_110_1_0_2_0_0%]]
[[%$TOPIC/3scex4y1_en-us_VS_110_1_0_2_0_1%](true)]
public enum class SecurityAction[<[%$TOPIC/3scex4y1_en-us_VS_110_1_0_3_0_0%]>]
[<[%$TOPIC/3scex4y1_en-us_VS_110_1_0_3_0_1%](true)>]
type SecurityAction| Member name | Description | |
|---|---|---|
| Assert | The calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource (see Using the Assert Method). | |
| Demand | All callers higher in the call stack are required to have been granted the permission specified by the current permission object (see Security Demands). | |
| Deny | Obsolete. The ability to access the resource specified by the current permission object is denied to callers, even if they have been granted permission to access it (see [<topic://cpcondeny>]). | |
| InheritanceDemand | The derived class inheriting the class or overriding a method is required to have been granted the specified permission. For more information, see Inheritance Demands. | |
.gif) | LinkDemand | The immediate caller is required to have been granted the specified permission. Do not use in the .NET Framework 4. For full trust, use SecurityCriticalAttribute instead; for partial trust, use Demand. |
| PermitOnly | Only the resources specified by this permission object can be accessed, even if the code has been granted permission to access other resources (see Using the PermitOnly Method). | |
| RequestMinimum | Obsolete. The request for the minimum permissions required for code to run. This action can only be used within the scope of the assembly. | |
| RequestOptional | Obsolete. The request for additional permissions that are optional (not required to run). This request implicitly refuses all other permissions not specifically requested. This action can only be used within the scope of the assembly. | |
| RequestRefuse | Obsolete. The request that permissions that might be misused will not be granted to the calling code. This action can only be used within the scope of the assembly. |
The following table describes the time that each security action takes place and the targets that it supports.
.gif) Important |
|---|
In the .NET Framework 4, runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. These requests should not be used in code that is based on .NET Framework 4 or later. For more information about this and other changes, see Security Changes in the .NET Framework. |
You should not use LinkDemand in the .NET Framework 4. Instead, use the SecurityCriticalAttribute to restrict usage to fully trusted applications, or use Demand to restrict partially trusted callers.
Declaration of security action | Time of action | Targets supported |
|---|---|---|
LinkDemand (do not use in the .NET Framework 4) | Just-in-time compilation | Class, method |
InheritanceDemand | Load time | Class, method |
Demand | Run time | Class, method |
Assert | Run time | Class, method |
Deny (obsolete in the .NET Framework 4) | Run time | Class, method |
PermitOnly | Run time | Class, method |
RequestMinimum (obsolete in the .NET Framework 4) | Grant time | Assembly |
RequestOptional (obsolete in the .NET Framework 4) | Grant time | Assembly |
RequestRefuse (obsolete in the .NET Framework 4) | Grant time | Assembly |
For additional information about attribute targets, see Attribute.
This example shows how to notify the CLR that code in called methods has only IsolatedStoragePermission, and also demonstrates how to write and read from isolated storage.
Option Strict On
Imports System
Imports System.Security.Permissions
Imports System.IO.IsolatedStorage
Imports System.IO
' Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
' This restricts the called methods to working only with storage files that are isolated
' by user and assembly.
<IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed:=IsolatedStorageContainment.AssemblyIsolationByUser)> _
Public NotInheritable Class App
Shared Sub Main()
WriteIsolatedStorage()
End Sub 'Main
Shared Sub WriteIsolatedStorage()
' Attempt to create a storage file that is isolated by user and assembly.
' IsolatedStorageFilePermission granted to the attribute at the top of this file
' allows CLR to load this assembly and execution of this statement.
Dim s As New IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Write some data out to the isolated file.
Dim sw As New StreamWriter(s)
Try
sw.Write("This is some test data.")
Finally
sw.Dispose()
End Try
Finally
s.Dispose()
End Try
' Attempt to open the file that was previously created.
Dim t As New IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly())
Try
' Read the data from the file and display it.
Dim sr As New StreamReader(t)
Try
Console.WriteLine(sr.ReadLine())
Finally
sr.Dispose()
End Try
Finally
t.Dispose()
End Try
End Sub
End Class 'App
' This code produces the following output.
'
' Some test data.using System;
using System.Security.Permissions;
using System.IO.IsolatedStorage;
using System.IO;
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction.PermitOnly, UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser)]
public sealed class App
{
static void Main()
{
WriteIsolatedStorage();
}
private static void WriteIsolatedStorage()
{
// Attempt to create a storage file that is isolated by user and assembly.
// IsolatedStorageFilePermission granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this statement.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Create, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Write some data out to the isolated file.
using (StreamWriter sw = new StreamWriter(s))
{
sw.Write("This is some test data.");
}
}
// Attempt to open the file that was previously created.
using (Stream s = new IsolatedStorageFileStream("AssemblyData", FileMode.Open, IsolatedStorageFile.GetUserStoreForAssembly()))
{
// Read the data from the file and display it.
using (StreamReader sr = new StreamReader(s))
{
Console.WriteLine(sr.ReadLine());
}
}
}
}
// This code produces the following output.
//
// Some test data.using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::IO::IsolatedStorage;
using namespace System::IO;
static void WriteIsolatedStorage()
{
try
{
// Attempt to create a storage file that is isolated by
// user and assembly. IsolatedStorageFilePermission
// granted to the attribute at the top of this file
// allows CLR to load this assembly and execution of this
// statement.
Stream^ fileCreateStream = gcnew
IsolatedStorageFileStream(
"AssemblyData",
FileMode::Create,
IsolatedStorageFile::GetUserStoreForAssembly());
StreamWriter^ streamWriter = gcnew StreamWriter(
fileCreateStream);
try
{
// Write some data out to the isolated file.
streamWriter->Write("This is some test data.");
streamWriter->Close();
}
finally
{
delete fileCreateStream;
delete streamWriter;
}
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
try
{
Stream^ fileOpenStream =
gcnew IsolatedStorageFileStream(
"AssemblyData",
FileMode::Open,
IsolatedStorageFile::GetUserStoreForAssembly());
// Attempt to open the file that was previously created.
StreamReader^ streamReader = gcnew StreamReader(
fileOpenStream);
try
{
// Read the data from the file and display it.
Console::WriteLine(streamReader->ReadLine());
streamReader->Close();
}
finally
{
delete fileOpenStream;
delete streamReader;
}
}
catch (FileNotFoundException^ ex)
{
Console::WriteLine(ex->Message);
}
catch (IOException^ ex)
{
Console::WriteLine(ex->Message);
}
}
// Notify the CLR to only grant IsolatedStorageFilePermission to called methods.
// This restricts the called methods to working only with storage files that are isolated
// by user and assembly.
[IsolatedStorageFilePermission(SecurityAction::PermitOnly, UsageAllowed = IsolatedStorageContainment::AssemblyIsolationByUser)]
int main()
{
WriteIsolatedStorage();
}
// This code produces the following output.
//
// This is some test data.Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
