Code Access Security (CAS) helps protect APIs that have potential security risks when the APIs are running on the server.
CAS-enabled APIs called on the server require the use of a permission class—one of the classes derived from CodeAccessPermission. If permission to use the API is not asserted, the following error is generated:
Request for the permission of type '%1' failed.
This error is also generated if permission is asserted, but the code is running on the client. Permission is required only for CAS-enabled APIs that run on the server. The string supplied in the error message is the name of one of the following permission classes:
-
ExecutePermission
-
FileIoPermission
-
InteropPermission
-
RunAsPermission
-
SkipAOSValidationPermission
-
SqlDataDictionaryPermission
-
SqlStatementExecutePermission
-
SysDatabaseLogPermission
For a list of CAS-enabled APIs, see Secured APIs.
You can CAS-enable your own APIs. For more information, see How to: Secure an API on the AOS.
-
Declare a variable for the relevant permission class.
-
Create a new instance of the class.
-
Request permission by using the assert method on the permission class.
-
Revert the assertion (to limit the scope of the permission) after the CAS-enabled API has been used; optional. Permission is automatically reverted when the method finishes executing.
Example
{
DictClass dictClass;
anytype retVal;
str resultOutput;
// Variable for the permission class.
ExecutePermission perm;
;
perm = new ExecutePermission();
// Grants permission to execute the DictClass.callObject method.
// DictClass.callObject is protected by code access security.
perm.assert();
dictClass = new DictClass(classidget(infolog));
if (dictClass != null)
{
retVal = dictClass.callObject("toString", infolog);
resultOutput = strfmt("Return value of is %1", retVal);
print resultOutput;
pause;
}
// Closes the code access permission scope.
CodeAccessPermission::revertAssert();
}