Export (0) Print
Expand All

KeyContainerPermission Class

Controls the ability to access key containers. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[ComVisibleAttribute(true)] 
public sealed class KeyContainerPermission : CodeAccessPermission, IUnrestrictedPermission
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class KeyContainerPermission extends CodeAccessPermission implements IUnrestrictedPermission
SerializableAttribute 
ComVisibleAttribute(true) 
public final class KeyContainerPermission extends CodeAccessPermission implements IUnrestrictedPermission
Not applicable.

This permission is used to provide limited access to key containers.

The following code example shows the behavior of the KeyContainerPermission class methods.

NoteNote:

The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

using System;
using System.Security;
using System.Security.Permissions;
using System.Security.Cryptography;

namespace KeyContainerPermissionDemo
{
    public class KeyContainerPermissionDemo
    {
        private static CspParameters cspParams = new CspParameters();
        private static RSACryptoServiceProvider rsa = 
            new RSACryptoServiceProvider();
        private static string providerName;
        private static int providerType;
        private static string myKeyContainerName;
        
        // Create three KeyContainerPermissionAccessEntry objects, 
        // each with a different constructor.
        private static KeyContainerPermissionAccessEntry 
            keyContainerPermAccEntry1 = new KeyContainerPermissionAccessEntry(
            "MyKeyContainer", KeyContainerPermissionFlags.Create);
        private static KeyContainerPermissionAccessEntry 
            keyContainerPermAccEntry2 = new KeyContainerPermissionAccessEntry(
            cspParams, KeyContainerPermissionFlags.Open);
        private static KeyContainerPermissionAccessEntry 
            keyContainerPermAccEntry3 = new KeyContainerPermissionAccessEntry(
            "Machine", providerName, providerType, myKeyContainerName, 1, 
            KeyContainerPermissionFlags.Open);

        public static int Main()
        {
            try
            {
                // Create a key container for use in the sample.
                GenKey_SaveInContainer("MyKeyContainer");
                
                // Initialize property values for creating a 
                // KeyContainerPermissionAccessEntry object.
                myKeyContainerName = rsa.CspKeyContainerInfo.KeyContainerName;
                providerName = rsa.CspKeyContainerInfo.ProviderName;
                providerType = rsa.CspKeyContainerInfo.ProviderType;
                cspParams.KeyContainerName = myKeyContainerName;
                cspParams.ProviderName = providerName;
                cspParams.ProviderType = providerType;

                // Display the KeyContainerPermissionAccessEntry properties  
                // using the third KeyContainerPermissionAccessEntry object.
                DisplayAccessEntryMembers();
                
                // Add access entry objects to a key container permission.
                KeyContainerPermission keyContainerPerm1 = 
                    new KeyContainerPermission(PermissionState.Unrestricted);
                Console.WriteLine("Is the permission unrestricted? " + 
                    keyContainerPerm1.IsUnrestricted());
                keyContainerPerm1.AccessEntries.Add(keyContainerPermAccEntry1);
                keyContainerPerm1.AccessEntries.Add(keyContainerPermAccEntry2);

                // Display the permission.
                System.Console.WriteLine(keyContainerPerm1.ToXml().ToString());

                // Create an array of KeyContainerPermissionAccessEntry objects
                KeyContainerPermissionAccessEntry[] keyContainerPermAccEntryArray 
                    = { keyContainerPermAccEntry1, keyContainerPermAccEntry2 };

                // Create a new KeyContainerPermission using the array.
                KeyContainerPermission keyContainerPerm2 = 
                    new KeyContainerPermission(
                    KeyContainerPermissionFlags.AllFlags,
                    keyContainerPermAccEntryArray);

                DisplayPermissionMembers(
                    keyContainerPerm2, keyContainerPermAccEntryArray);

                // Demonstrate the effect of a deny for opening a key container.
                DenyOpen();

                // Demonstrate the deletion of a key container.           
                DeleteContainer();

                Console.WriteLine("Press the Enter key to exit.");
                Console.Read();
                return 0;
            // Close the current try block that did not expect an exception.
            }
            catch (Exception e)
            {
                Console.WriteLine("Unexpected exception thrown:  " + e.Message);
                return 0;
            }
        }

        private static void DisplayAccessEntryMembers()
        {
            Console.WriteLine("\nKeycontainerName is " + 
                keyContainerPermAccEntry3.KeyContainerName);
            Console.WriteLine("KeySpec is " + (1 == 
                keyContainerPermAccEntry3.KeySpec ? "AT_KEYEXCHANGE " : 
                "AT_SIGNATURE"));
            Console.WriteLine("KeyStore is " + 
                keyContainerPermAccEntry3.KeyStore);
            Console.WriteLine("ProviderName is " + 
                keyContainerPermAccEntry3.ProviderName);
            Console.WriteLine("ProviderType is " + (1 == 
                keyContainerPermAccEntry3.ProviderType ? "PROV_RSA_FULL" :
                keyContainerPermAccEntry3.ProviderType.ToString()));
            Console.WriteLine("Hashcode = " + 
                keyContainerPermAccEntry3.GetHashCode());
            Console.WriteLine(
                "Are the KeyContainerPermissionAccessEntry objects equal? " + 
                keyContainerPermAccEntry3.Equals(keyContainerPermAccEntry2));
        }

        private static void DisplayPermissionMembers(
            KeyContainerPermission keyContainerPermParam,
            KeyContainerPermissionAccessEntry[] 
            keyContainerPermAccEntryArrayParam)
        {
            KeyContainerPermission keyContainerPerm2 = keyContainerPermParam;
            KeyContainerPermissionAccessEntry[] keyContainerPermAccEntryArray = 
                keyContainerPermAccEntryArrayParam;

            // Display the KeyContainerPermission properties.
            Console.WriteLine("\nFlags value is " + 
                keyContainerPerm2.Flags.ToString());
            KeyContainerPermission keyContainerPerm3 = 
                (KeyContainerPermission)keyContainerPerm2.Copy();
            Console.WriteLine("Is the copy equal to the original? " + 
                keyContainerPerm3.Equals(keyContainerPerm2));

            // Perform an XML roundtrip.
            keyContainerPerm3.FromXml(keyContainerPerm2.ToXml());
            Console.WriteLine("Was the XML roundtrip successful? " + 
                keyContainerPerm3.Equals(keyContainerPerm2));
            KeyContainerPermission keyContainerPerm4 = 
                new KeyContainerPermission(KeyContainerPermissionFlags.Open,
                keyContainerPermAccEntryArray);
            KeyContainerPermission keyContainerPerm5 = 
                (KeyContainerPermission)keyContainerPerm2.Intersect(
                keyContainerPerm4);
            Console.WriteLine("Flags value after the intersection is " + 
                keyContainerPerm5.Flags.ToString());
            keyContainerPerm5 = (KeyContainerPermission)keyContainerPerm2.Union(
                keyContainerPerm4);
            Console.WriteLine("Flags value after the union is " + 
                keyContainerPerm5.Flags.ToString());
            Console.WriteLine("Is one permission a subset of the other? " + 
                keyContainerPerm4.IsSubsetOf(keyContainerPerm2));
        }

        private static void GenKey_SaveInContainer(string containerName)
        {
            // Create the CspParameters object and set the key container 
            // name used to store the RSA key pair.
            cspParams = new CspParameters();

            cspParams.KeyContainerName = containerName;

            // Create a new instance of RSACryptoServiceProvider that accesses
            // the key container identified by the containerName parameter.
            rsa = new RSACryptoServiceProvider(cspParams);

            // Display the key information to the console.
            Console.WriteLine("\nKey added to container: \n  {0}", 
                rsa.ToXmlString(true));
        }
        private static void GetKeyFromContainer(string containerName)
        {
            try
            {
                cspParams = new CspParameters();
                cspParams.KeyContainerName = containerName;

                // Create a new instance of RSACryptoServiceProvider that accesses
                // the key container identified by the containerName parameter.
                // If the key container does not exist, a new one is created.
                rsa = new RSACryptoServiceProvider(cspParams);

                // Use the rsa object to access the key. 
                // Display the key information to the console.
                Console.WriteLine("\nKey retrieved from container : \n {0}", 
                    rsa.ToXmlString(true));
                Console.WriteLine("KeycontainerName is " + 
                    rsa.CspKeyContainerInfo.KeyContainerName);
                Console.WriteLine("ProviderName is " + 
                    rsa.CspKeyContainerInfo.ProviderName);
                Console.WriteLine("ProviderType is " + (1 == 
                    rsa.CspKeyContainerInfo.ProviderType ? "PROV_RSA_FULL" : 
                    rsa.CspKeyContainerInfo.ProviderType.ToString()));
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception thrown:  " + e.Message);
            }

        }
        private static void DeleteKeyContainer(string containerName)
        {
            // Create the CspParameters object and set the key container 
            // name used to store the RSA key pair.

            cspParams = new CspParameters();
            cspParams.KeyContainerName = containerName;

            // Create a new instance of RSACryptoServiceProvider that accesses
            // the key container.
            rsa = new RSACryptoServiceProvider(cspParams);

            // Do not persist the key entry, effectively deleting the key.
            rsa.PersistKeyInCsp = false;

            // Call Clear to release the key container resources.
            rsa.Clear();
            Console.WriteLine("\nKey container released.");
        }
        private static void DenyOpen()
        {
            try
            {
                // Create a KeyContainerPermission with the right 
                // to open the key container.
                KeyContainerPermission keyContainerPerm = new
                     KeyContainerPermission(KeyContainerPermissionFlags.Open);

                // Demonstrate the results of a deny for an open action.
                keyContainerPerm.Deny();

                // The next line causes an exception to be thrown when the
                // infrastructure code attempts to open the key container.
                CspKeyContainerInfo info = new CspKeyContainerInfo(cspParams);
            }
            catch (Exception e)
            {
                Console.WriteLine("Expected exception thrown: " + e.Message);
            }

            // Revert the deny.
            CodeAccessPermission.RevertDeny();
        }
        private static void DeleteContainer()
        {
            try
            {
                // Create a KeyContainerPermission with the right to 
                // create a key container.
                KeyContainerPermission keyContainerPerm = new 
                    KeyContainerPermission(KeyContainerPermissionFlags.Create);

                // Deny the ability to create a key container.
                // This deny is used to show the key container has been 
                // successfully deleted.
                keyContainerPerm.Deny();

                // Retrieve the key from the container.
                // This code executes successfully because the key 
                // container already exists.
                // The deny for permission to create a key container 
                // does not affect this method call.
                GetKeyFromContainer("MyKeyContainer");

                // Delete the key and the container.
                DeleteKeyContainer("MyKeyContainer");

                // Attempt to obtain the key from the deleted key container.
                // This time the method call results in an exception because of
                // an attempt to create a new key container.
                Console.WriteLine("\nAttempt to create a new key container " +
                    "with create permission denied.");
                GetKeyFromContainer("MyKeyContainer");
            }
            catch (CryptographicException e)
            {
                Console.WriteLine("Expected exception thrown: " + e.Message);
            }
        }
    }
}

package KeyContainerPermissionDemo; 
import System.*;
import System.Security.*;
import System.Security.Permissions.*;
import System.Security.Cryptography.*;

public class KeyContainerPermissionDemo
{
    private static CspParameters cspParams = new CspParameters();
    private static RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
    private static String providerName;
    private static int providerType;
    private static String myKeyContainerName;

    // Create three KeyContainerPermissionAccessEntry objects, 
    // each with a different constructor.
    private static KeyContainerPermissionAccessEntry 
    keyContainerPermAccEntry1 = 
        new KeyContainerPermissionAccessEntry("MyKeyContainer", 
            KeyContainerPermissionFlags.Create);

    private static KeyContainerPermissionAccessEntry keyContainerPermAccEntry2 = 
        new KeyContainerPermissionAccessEntry(cspParams, 
            KeyContainerPermissionFlags.Open);

    private static KeyContainerPermissionAccessEntry keyContainerPermAccEntry3 = 
        new KeyContainerPermissionAccessEntry("Machine", providerName, 
            providerType, myKeyContainerName, 1, KeyContainerPermissionFlags.Open);

    public static void main(String[] args)
    {
        try {
            // Create a key container for use in the sample.
            GenKey_SaveInContainer("MyKeyContainer");

            // Initialize property values for creating a 
            // KeyContainerPermissionAccessEntry object.
            myKeyContainerName = rsa.get_CspKeyContainerInfo().get_KeyContainerName();
            providerName = rsa.get_CspKeyContainerInfo().get_ProviderName();
            providerType = rsa.get_CspKeyContainerInfo().get_ProviderType();
            cspParams.KeyContainerName = myKeyContainerName;
            cspParams.ProviderName = providerName;
            cspParams.ProviderType = providerType;

            // Display the KeyContainerPermissionAccessEntry properties using 
            // the third KeyContainerPermissionAccessEntry object.
            DisplayAccessEntryMembers();

            // Add access entry objects to a key container permission.
            KeyContainerPermission keyContainerPerm1 = 
                new KeyContainerPermission(PermissionState.Unrestricted);
            Console.WriteLine(("Is the permission unrestricted? " 
                + System.Convert.ToString(keyContainerPerm1.IsUnrestricted())));
            keyContainerPerm1.get_AccessEntries().Add(keyContainerPermAccEntry1);
            keyContainerPerm1.get_AccessEntries().Add(keyContainerPermAccEntry2);

            // Display the permission.
            System.Console.WriteLine(keyContainerPerm1.ToXml().ToString());

            // Create an array of KeyContainerPermissionAccessEntry objects
            KeyContainerPermissionAccessEntry keyContainerPermAccEntryArray[] =  
                { keyContainerPermAccEntry1, keyContainerPermAccEntry2 };

            // Create a new KeyContainerPermission using the array.
            KeyContainerPermission keyContainerPerm2 = new KeyContainerPermission(
                KeyContainerPermissionFlags.AllFlags, 
                keyContainerPermAccEntryArray);

            DisplayPermissionMembers(keyContainerPerm2, keyContainerPermAccEntryArray);

            // Demonstrate the effect of a deny for opening a key container.
            DenyOpen();

            // Demonstrate the deletion of a key container.           
            DeleteContainer();
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadKey();
            return ;
            // Close the current try block that did not expect an exception.
        } 
        catch (System.Exception e) {
            Console.WriteLine(("Unexpected exception thrown:  " + e.get_Message()));
            return ;
        }
    } //main

    private static void DisplayAccessEntryMembers()
    {
        Console.WriteLine(("\nKeycontainerName is " + keyContainerPermAccEntry3.get_KeyContainerName()));

        Console.WriteLine(("KeySpec is " 
            + ((1 == keyContainerPermAccEntry3.get_KeySpec()) ? "AT_KEYEXCHANGE " : "AT_SIGNATURE")));

        Console.WriteLine(("KeyStore is " + keyContainerPermAccEntry3.get_KeyStore()));

        Console.WriteLine(("ProviderName is " + keyContainerPermAccEntry3.get_ProviderName()));

        Console.WriteLine(("ProviderType is " + ((1 == keyContainerPermAccEntry3.get_ProviderType()) ?
            "PROV_RSA_FULL" : System.Convert.ToString(keyContainerPermAccEntry3.get_ProviderType()))));

        Console.WriteLine(("Hashcode = " + keyContainerPermAccEntry3.GetHashCode()));

        Console.WriteLine(("Are the KeyContainerPermissionAccessEntry objects equal? " 
            + System.Convert.ToString(keyContainerPermAccEntry3.Equals(keyContainerPermAccEntry2))));
    } //DisplayAccessEntryMembers

    private static void DisplayPermissionMembers(
        KeyContainerPermission keyContainerPermParam, 
        KeyContainerPermissionAccessEntry keyContainerPermAccEntryArrayParam[])
    {
        KeyContainerPermission keyContainerPerm2 = keyContainerPermParam;
        KeyContainerPermissionAccessEntry[] keyContainerPermAccEntryArray = keyContainerPermAccEntryArrayParam;

        // Display the KeyContainerPermission properties.
        Console.WriteLine(("\nFlags value is " + keyContainerPerm2.get_Flags().ToString()));

        KeyContainerPermission keyContainerPerm3 = (KeyContainerPermission)(keyContainerPerm2.Copy());

        Console.WriteLine(("Is the copy equal to the original? " + System.Convert.ToString(
            keyContainerPerm3.Equals(keyContainerPerm2))));

        // Perform an XML roundtrip.
        keyContainerPerm3.FromXml(keyContainerPerm2.ToXml());
        Console.WriteLine(("Was the XML roundtrip successful? " + System.Convert.ToString(
            keyContainerPerm3.Equals(keyContainerPerm2))));

        KeyContainerPermission keyContainerPerm4 = new KeyContainerPermission(
            KeyContainerPermissionFlags.Open, 
            keyContainerPermAccEntryArray);

        KeyContainerPermission keyContainerPerm5 = ((KeyContainerPermission)(
            keyContainerPerm2.Intersect(keyContainerPerm4)));
        Console.WriteLine(("Flags value after the intersection is "
            + keyContainerPerm5.get_Flags().ToString()));

        keyContainerPerm5 = ((KeyContainerPermission)(keyContainerPerm2.Union(keyContainerPerm4)));
        Console.WriteLine(("Flags value after the union is " 
            + keyContainerPerm5.get_Flags().ToString()));

        Console.WriteLine(("Is one permission a subset of the other? " + System.Convert.ToString(
            keyContainerPerm4.IsSubsetOf(keyContainerPerm2))));
    } //DisplayPermissionMembers
    
    private static void GenKey_SaveInContainer(String containerName)
    {
        // Create the CspParameters object and set the key container 
        // name used to store the RSA key pair.
        cspParams = new CspParameters();
        cspParams.KeyContainerName = containerName;

        // Create a new instance of RSACryptoServiceProvider that accesses
        // the key container identified by the containerName parameter.
        rsa = new RSACryptoServiceProvider(cspParams);

        // Display the key information to the console.
        Console.WriteLine("\nKey added to container: \n  {0}", rsa.ToXmlString(true));
    } //GenKey_SaveInContainer

    private static void GetKeyFromContainer(String containerName)
    {
        try {
            cspParams = new CspParameters();
            cspParams.KeyContainerName = containerName;

            // Create a new instance of RSACryptoServiceProvider that accesses
            // the key container identified by the containerName parameter.
            // If the key container does not exist, a new one is created.
            rsa = new RSACryptoServiceProvider(cspParams);

            // Use the rsa object to access the key. 
            // Display the key information to the console.
            Console.WriteLine("\nKey retrieved from container : \n {0}", 
                rsa.ToXmlString(true));
            Console.WriteLine(("KeycontainerName is " 
                + rsa.get_CspKeyContainerInfo().get_KeyContainerName()));
            Console.WriteLine(("ProviderName is " 
                + rsa.get_CspKeyContainerInfo().get_ProviderName()));
            Console.WriteLine(("ProviderType is " + ((1 == rsa.get_CspKeyContainerInfo().get_ProviderType()) ? 
                "PROV_RSA_FULL" : System.Convert.ToString(rsa.get_CspKeyContainerInfo().get_ProviderType()))));
        }
        catch (System.Exception e) {
            Console.WriteLine(("Exception thrown:  " + e.get_Message()));
        }
    } //GetKeyFromContainer

    private static void DeleteKeyContainer(String containerName)
    {
        // Create the CspParameters object and set the key container 
        // name used to store the RSA key pair.
        cspParams = new CspParameters();
        cspParams.KeyContainerName = containerName;

        // Create a new instance of RSACryptoServiceProvider that accesses
        // the key container.
        rsa = new RSACryptoServiceProvider(cspParams);

        // Do not persist the key entry, effectively deleting the key.
        rsa.set_PersistKeyInCsp(false);

        // Call Clear to release the key container resources.
        rsa.Clear();
        Console.WriteLine("\nKey container released.");
    } //DeleteKeyContainer

    private static void DenyOpen()
    {
        try {
            // Create a KeyContainerPermission with the 
            // right to open the key container.
            KeyContainerPermission keyContainerPerm = new KeyContainerPermission(KeyContainerPermissionFlags.Open);

            // Demonstrate the results of a deny for an open action.
            keyContainerPerm.Deny();

            // The next line causes an exception to be thrown when the 
            // infrastructure code attempts 
            // to open the key container.
            CspKeyContainerInfo info = new CspKeyContainerInfo(cspParams);
        }
        catch (System.Exception e) {
            Console.WriteLine(("Expected exception thrown: "  + e.get_Message()));
        }

        // Revert the deny.
        CodeAccessPermission.RevertDeny();
    } //DenyOpen

    private static void DeleteContainer()
    {
        try {
            // Create a KeyContainerPermission with the right to create 
            // a key container.
            KeyContainerPermission keyContainerPerm = 
                new KeyContainerPermission(KeyContainerPermissionFlags.Create);

            // Deny the ability to create a key container.
            // This deny is used to show the key container has
            // been successfully deleted.
            keyContainerPerm.Deny();

            // Retrieve the key from the container.
            // This code executes successfully because the key container 
            // already exists.
            // The deny for permission to create a key container does not 
            // affect this method call.
            GetKeyFromContainer("MyKeyContainer");

            // Delete the key and the container.
            DeleteKeyContainer("MyKeyContainer");

            // Attempt to obtain the key from the deleted key container.
            // This time the method call results in an exception because of
            // an attempt to create a new key container.
            Console.WriteLine("\nAttempt to create a new key container "+ "with create permission denied.");
            GetKeyFromContainer("MyKeyContainer");
        }
        catch (CryptographicException e) {
            Console.WriteLine(("Expected exception thrown: " + e.get_Message()));
        }
    } //DeleteContainer
} //KeyContainerPermissionDemo   

System.Object
   System.Security.CodeAccessPermission
    System.Security.Permissions.KeyContainerPermission

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show:
© 2014 Microsoft