Export (0) Print
Expand All

Adding Declarative Security Support 

Although not strictly required, a custom permission should support declarative security so that developers can specify the custom permission when using declarative syntax for security actions such as requests, demands, or assertions. In fact, permission requests, link demands, and inheritance demands can only be made declaratively. For this reason, your custom code access permission cannot be requested or used with link demands or inheritance demands unless you provide support for declarative security. This topic describes how to implement an Attribute class that enables declarative security support for your custom permission.

Security attributes for declarations must derive (either directly or indirectly) from the SecurityAttribute class. If the permission is a code access permission, the attribute class derives from CodeAccessSecurityAttribute, which derives from SecurityAttribute. Security attribute classes must implement the CreatePermission method, which creates an instance of the permission object from the associated custom permission. Note that this associated custom permission class must be marked with the SerializableAttribute in order to be serialized into metadata by the compiler. For more information, see Implementing a Custom Permission.

The following code implements an attribute class for a Boolean permission named CustomPermission. In this example, the permission class has a single Boolean Unrestricted property that contains its state.

[AttributeUsageAttribute(AttributeTargets.All, AllowMultiple = true)]
public class CustomPermissionAttribute: CodeAccessSecurityAttribute
{
   bool unrestricted = false;

   public new bool Unrestricted
   {
      get{ return unrestricted; }
      set{ unrestricted = value; }
   }

   public CustomPermissionAttribute(SecurityAction action): base (action)
   {  
   }
   public override IPermission CreatePermission()
   {
      if(Unrestricted)
      {
         return new CustomPermission(PermissionState.Unrestricted);
      }
      else
      {
         return new CustomPermission(PermissionState.None);
      }
   }
}

In this case, CreatePermission checks the internal Unrestricted property and creates the appropriate instance of a CustomPermission object. While only the Unrestricted property is used in this case, other custom permission attribute classes should support all possible states of the permission objects they support.

The use of CustomPermissionAttribute is illustrated in the following demand declaration:

[CustomPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]

See Also

Community Additions

ADD
Show:
© 2014 Microsoft