This topic has not yet been rated - Rate this topic

CodeAccessPermission Class

.NET Framework 4

Other Versions

Defines the underlying structure of all code access permissions.

Inheritance Hierarchy

System.Object
System.Security.CodeAccessPermission
More...

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

Syntax

C++

Copy

[SerializableAttribute]
[ComVisibleAttribute(true)]
[SecurityPermissionAttribute(SecurityAction.InheritanceDemand, ControlEvidence = true, 
	ControlPolicy = true)]
public abstract class CodeAccessPermission : IPermission, 
	ISecurityEncodable, IStackWalk

The CodeAccessPermission type exposes the following members.

Constructors

	Name	Description
	CodeAccessPermission	Initializes a new instance of the CodeAccessPermission class.

Top

Methods

	Name	Description
	Assert	Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using Assert can create security issues.
	Copy	When implemented by a derived class, creates and returns an identical copy of the current permission object.
	Demand	Forces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.
	Deny	Obsolete. Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.
	Equals	Determines whether the specified CodeAccessPermission object is equal to the current CodeAccessPermission. (Overrides Object.Equals(Object).)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
	FromXml	When overridden in a derived class, reconstructs a security object with a specified state from an XML encoding.
	GetHashCode	Gets a hash code for the CodeAccessPermission object that is suitable for use in hashing algorithms and data structures such as a hash table. (Overrides Object.GetHashCode().)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	Intersect	When implemented by a derived class, creates and returns a permission that is the intersection of the current permission and the specified permission.
	IsSubsetOf	When implemented by a derived class, determines whether the current permission is a subset of the specified permission.
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object.)
	PermitOnly	Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.
	RevertAll	Causes all previous overrides for the current frame to be removed and no longer in effect.
	RevertAssert	Causes any previous Assert for the current frame to be removed and no longer in effect.
	RevertDeny	Obsolete. Causes any previous Deny for the current frame to be removed and no longer in effect.
	RevertPermitOnly	Causes any previous PermitOnly for the current frame to be removed and no longer in effect.
	ToString	Creates and returns a string representation of the current permission object. (Overrides Object.ToString().)
	ToXml	When overridden in a derived class, creates an XML encoding of the security object and its current state.
	Union	When overridden in a derived class, creates a permission that is the union of the current permission and the specified permission.

Top

Remarks

Code access permissions use a stack walk to ensure that all callers of the code have been granted a permission. If a permission object is null, it is handled the same as a permission object with the state PermissionState.None.

The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

Inheritors of the CodeAccessPermission class must be granted full trust to function correctly as permissions extending the security infrastructure. To determine that the inheritors are fully trusted, CodeAccessPermission issues an InheritanceDemand for ControlEvidence = true and ControlPolicy = true.

For more information on inheritance demands, see Inheritance Demands.

Notes to Inheritors

When you inherit from CodeAccessPermission, you must also implement the IUnrestrictedPermission interface.

The following CodeAccessPermission members must be overridden: Copy, Intersect, IsSubsetOf, ToXml, FromXml, and Union.

You must also define a constructor that takes a PermissionState as its only parameter.

You must apply the SerializableAttribute attribute to a class that inherits from CodeAccessPermission.

Examples

The following code example shows a permission derived from the CodeAccessPermission class.

C++

Copy


//#define debug
// This custom permission is intended only for the purposes of illustration.
// The following code shows how to create a custom permission that inherits
// from CodeAccessPermission. The code implements all required overrides.
// A wildcard character ('*') is implemented for the Name property.
using System;
using System.Security;
using System.Security.Permissions;
using System.IO;
using System.Security.Policy;
using System.Collections;
using System.Text;

[assembly:System.Reflection.AssemblyKeyFile("Key.snk")]
[assembly:System.Security.AllowPartiallyTrustedCallersAttribute()]

namespace MyPermission
{
    [Serializable()] sealed public class   NameIdPermission : CodeAccessPermission, IUnrestrictedPermission
    {
        private String m_Name;
        private bool m_Unrestricted;

        public  NameIdPermission(String name)
        {
            m_Name = name;
        }

        public  NameIdPermission(PermissionState state)
        {
            if (state == PermissionState.None)
            {
                m_Name = "";
            }
            else
                if (state == PermissionState.Unrestricted)
            {
                throw new ArgumentException("Unrestricted state is not allowed for identity permissions.");
            }
            else throw new ArgumentException("Invalid permission state.");
        }

        public String Name
        {
            set{m_Name = value;}
            get{ return m_Name;}
        }
        public override IPermission Copy()
        {
            string name = m_Name;
            return new  NameIdPermission( name );
        }
        public bool IsUnrestricted()
        {
            // Always false, unrestricted state is not allowed.
            return m_Unrestricted;
        }

        private bool VerifyType(IPermission target)
        {
            return (target is  NameIdPermission);
        }
        public override bool IsSubsetOf(IPermission target)
        {
#if(debug)
            Console.WriteLine ("************* Entering IsSubsetOf *********************");
#endif
            if (target == null)
            {
                Console.WriteLine ("IsSubsetOf: target == null");
                return false;
            }
#if(debug)

            Console.WriteLine ("This is = " + (( NameIdPermission)this).Name);
            Console.WriteLine ("Target is " + (( NameIdPermission)target).m_Name);
#endif
            try
            {
                 NameIdPermission operand = ( NameIdPermission)target;

                // The following check for unrestricted permission is only included as an example for
                // permissions that allow the unrestricted state. It is of no value for this permission.
                if (true == operand.m_Unrestricted)
                {
                    return true;
                }
                else if (true == this.m_Unrestricted)
                {
                    return false;
                }

                if (this.m_Name != null)
                {
                    if (operand.m_Name == null) return false;

                    if (this.m_Name == "") return true;
                }

                if (this.m_Name.Equals (operand.m_Name)) return true;
                else
                {
                    // Check for wild card character '*'.
                    int i = operand.m_Name.LastIndexOf ("*");

                    if (i > 0)
                    {
                        string prefix = operand.m_Name.Substring (0, i);

                        if (this.m_Name.StartsWith (prefix))
                        {
                            return true;
                        }
                    }
                }

                return false;
            }
            catch (InvalidCastException)
            {
                throw new ArgumentException (String.Format ("Argument_WrongType", this.GetType ().FullName));
            }
        }
        public override IPermission Intersect(IPermission target)
        {
            Console.WriteLine ("************* Entering Intersect *********************");
            if (target == null)
            {
                return null;
            }
#if(debug)
            Console.WriteLine ("This is = " + (( NameIdPermission)this).Name);
            Console.WriteLine ("Target is " + (( NameIdPermission)target).m_Name);
#endif
            if (!VerifyType(target))
            {
                throw new ArgumentException (String.Format ("Argument is wrong type.", this.GetType ().FullName));
            }

             NameIdPermission operand = ( NameIdPermission)target;

            if (operand.IsSubsetOf (this)) return operand.Copy ();
            else if (this.IsSubsetOf (operand)) return this.Copy ();
            else
                return null;
        }

        public override IPermission Union(IPermission target)
        {
#if(debug)
            Console.WriteLine ("************* Entering Union *********************");
#endif
            if (target == null)
            {
                return this;
            }
#if(debug)
            Console.WriteLine ("This is = " + (( NameIdPermission)this).Name);
            Console.WriteLine ("Target is " + (( NameIdPermission)target).m_Name);
#endif
            if (!VerifyType(target))
            {
                throw new ArgumentException (String.Format ("Argument_WrongType", this.GetType ().FullName));
            }

             NameIdPermission operand = ( NameIdPermission)target;

            if (operand.IsSubsetOf (this)) return this.Copy ();
            else if (this.IsSubsetOf (operand)) return operand.Copy ();
            else
                return null;
        }




       public override void FromXml(SecurityElement e)
        {
            // The following code for unrestricted permission is only included as an example for
            // permissions that allow the unrestricted state. It is of no value for this permission.
            String elUnrestricted = e.Attribute("Unrestricted");
            if (null != elUnrestricted)
            {
                m_Unrestricted = bool.Parse(elUnrestricted);
                return;
            }

            String elName = e.Attribute( "Name" );
            m_Name = elName == null ? null : elName;
        }
        public override SecurityElement ToXml()
        {
            // Use the SecurityElement class to encode the permission to XML.
            SecurityElement esd = new SecurityElement("IPermission");
            String name = typeof( NameIdPermission).AssemblyQualifiedName;
            esd.AddAttribute("class", name);
            esd.AddAttribute("version", "1.0");

            // The following code for unrestricted permission is only included as an example for
            // permissions that allow the unrestricted state. It is of no value for this permission.
            if (m_Unrestricted)
            {
                esd.AddAttribute("Unrestricted", true.ToString());
            }
            if (m_Name != null) esd.AddAttribute( "Name", m_Name );
            return esd;
        }
     }
}

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

.NET Framework Security

InheritanceDemand
for the ability of inheritors to provide evidence and view and modify policy. Associated enumerations: SecurityPermissionFlag.ControlEvidence, SecurityPermissionFlag.ControlPolicy.

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Reference

System.Security Namespace

Other Resources

Security Permissions

Requesting Permissions

Inheritance Hierarchy

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ