SiteIdentityPermission Class (System.Security.Permissions)

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

SiteIdentityPermission Class

Defines the identity permission for the Web site from which the code originates. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

Syntax

Visual Basic (Declaration)

<SerializableAttribute> _
<ComVisibleAttribute(True)> _
Public NotInheritable Class SiteIdentityPermission _
    Inherits CodeAccessPermission

Visual Basic (Usage)

Dim instance As SiteIdentityPermission

[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class SiteIdentityPermission : CodeAccessPermission

Visual C++

[SerializableAttribute]
[ComVisibleAttribute(true)]
public ref class SiteIdentityPermission sealed : public CodeAccessPermission

JScript

public final class SiteIdentityPermission extends CodeAccessPermission

Remarks

Using this class, it is possible to ensure that callers are from a specific Web site. Site identity is only defined for code from URLs with the protocols of HTTP, HTTPS, and FTP. A site is the string between the "//" after the protocol of a URL and the following "/", if present, for example, www.fourthcoffee.com in the URL http://www.fourthcoffee.com/process/grind.htm. This excludes port numbers. If a given URL is http://www.fourthcoffee.com:8000/, the site is www.fourthcoffee.com, not www.fourthcoffee.com:8000.

Sites can be matched exactly, or by a wildcard ("*") prefix at the dot delimiter. For example, the site name string *.fourthcoffee.com matches fourthcoffee.com as well as www.fourthcoffee.com. Without a wildcard, the site name must be a precise match. The site name string * will match any site, but will not match code that has no site evidence.

Important Note:
In the .NET Framework versions 1.0 and 1.1, demands on the identity permissions are effective, even when the calling assembly is fully trusted. That is, although the calling assembly has full trust, a demand for an identity permission fails if the assembly does not meet the demanded criteria. In the .NET Framework version 2.0, demands for identity permissions are ineffective if the calling assembly has full trust. This assures consistency for all permissions, eliminating the treatment of identity permissions as a special case.

Important Note:

In the .NET Framework versions 1.0 and 1.1, demands on the identity permissions are effective, even when the calling assembly is fully trusted. That is, although the calling assembly has full trust, a demand for an identity permission fails if the assembly does not meet the demanded criteria. In the .NET Framework version 2.0, demands for identity permissions are ineffective if the calling assembly has full trust. This assures consistency for all permissions, eliminating the treatment of identity permissions as a special case.

Caution:
SiteIdentityPermission grants permission for all paths to the site, including both the URL and the IP address. To Deny access to a site, you must Deny all possible paths to the site. For example, if www.fourthcoffee.com is located at IP address 192.168.238.241, to Deny access to www.fourthcoffee.com, you must Deny www.fourthcoffee.com, 192.168.238.241 and any other path that you can use to access the site. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see Canonicalization Problems Using Deny in the Using the Deny Method topic.

Caution:

SiteIdentityPermission grants permission for all paths to the site, including both the URL and the IP address. To Deny access to a site, you must Deny all possible paths to the site. For example, if www.fourthcoffee.com is located at IP address 192.168.238.241, to Deny access to www.fourthcoffee.com, you must Deny www.fourthcoffee.com, 192.168.238.241 and any other path that you can use to access the site. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see Canonicalization Problems Using Deny in the Using the Deny Method topic.

Note:
In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0, identity permissions can have any permission state value. This means that in version 2.0, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. For information on executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy> Element.

Note:

In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0, identity permissions can have any permission state value. This means that in version 2.0, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. For information on executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy> Element.

Examples

The following code example shows the behavior of the SiteIdentityPermission class methods.

Note:
The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

Note:

The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

Visual Basic

Imports System
Imports System.Security
Imports System.Security.Permissions



Public Class SiteIdentityPermissionDemo

    Public Shared Sub Main(ByVal args() As String)
        IsSubsetOfDemo()
        CopyDemo()
        UnionDemo()
        IntersectDemo()
        ToFromXmlDemo()

    End Sub 'Main


    ' IsSubsetOf determines whether the current permission is a subset of the specified permission.
    Private Shared Sub IsSubsetOfDemo()
        Dim siteIdPerm1 As New SiteIdentityPermission("*.fourthcoffee.com")
        Dim siteIdPerm2 As New SiteIdentityPermission("www.fourthcoffee.com")

        If siteIdPerm1.IsSubsetOf(siteIdPerm2) Then
            Console.WriteLine(siteIdPerm1.Site + " is a subset of " + siteIdPerm2.Site)
        Else
            Console.WriteLine(siteIdPerm1.Site + " is not a subset of " + siteIdPerm2.Site)
        End If
        If siteIdPerm2.IsSubsetOf(siteIdPerm1) Then
            Console.WriteLine(siteIdPerm2.Site + " is a subset of " + siteIdPerm1.Site)
        Else
            Console.WriteLine(siteIdPerm2.Site + " is not a subset of " + siteIdPerm1.Site)
        End If

    End Sub 'IsSubsetOfDemo

    ' Union creates a new permission that is the union of the current permission
    ' and the specified permission.
    Private Shared Sub UnionDemo()
        Dim siteIdPerm1 As New SiteIdentityPermission("*.fourthcoffee.com")
        Dim siteIdPerm2 As New SiteIdentityPermission("www.fourthcoffee.com")
        Dim p3 As SiteIdentityPermission = CType(siteIdPerm1.Union(siteIdPerm2), SiteIdentityPermission)
        Try
            If Not (p3 Is Nothing) Then
                Console.WriteLine("The union of " + siteIdPerm1.Site + " and " + vbLf + vbTab + siteIdPerm2.Site + " is " + vbLf + vbTab + p3.Site + vbLf)

            Else
                Console.WriteLine("The union of " + siteIdPerm1.Site + " and " + vbLf + vbTab + siteIdPerm2.Site + " is null." + vbLf)
            End If
        Catch e As SystemException
            Console.WriteLine("The union of " + siteIdPerm1.Site + " and " + vbLf + vbTab + siteIdPerm2.Site + " failed.")

            Console.WriteLine(e.Message)
        End Try

    End Sub 'UnionDemo

    ' Intersect creates and returns a new permission that is the intersection of the
    ' current permission and the permission specified.
    Private Shared Sub IntersectDemo()

        Dim siteIdPerm1 As New SiteIdentityPermission("*.fourthcoffee.com")
        Dim siteIdPerm2 As New SiteIdentityPermission("www.fourthcoffee.com")
        Dim p3 As SiteIdentityPermission = CType(siteIdPerm1.Intersect(siteIdPerm2), SiteIdentityPermission)

        If Not (p3 Is Nothing) Then
            Console.WriteLine("The intersection of " + siteIdPerm1.Site + " and " + vbLf + vbTab + siteIdPerm2.Site + " is " + p3.Site + vbLf)

        Else
            Console.WriteLine("The intersection of " + siteIdPerm1.Site + " and " + vbLf + vbTab + siteIdPerm2.Site + " is null." + vbLf)
        End If

    End Sub 'IntersectDemo



    'Copy creates and returns an identical copy of the current permission.
    Private Shared Sub CopyDemo()

        Dim siteIdPerm1 As New SiteIdentityPermission("*.fourthcoffee.com")
        Dim siteIdPerm2 As New SiteIdentityPermission(PermissionState.None)
        siteIdPerm2 = CType(siteIdPerm1.Copy(), SiteIdentityPermission)
        If Not (siteIdPerm2 Is Nothing) Then
            Console.WriteLine("The copy succeeded:  " + siteIdPerm2.ToString() + " " + vbLf)
        End If

    End Sub 'CopyDemo

    ' ToXml creates an XML encoding of the permission and its current state; FromXml reconstructs a
    ' permission with the specified state from the XML encoding.
    Private Shared Sub ToFromXmlDemo()


        Dim siteIdPerm1 As New SiteIdentityPermission("*.fourthcoffee.com")
        Dim siteIdPerm2 As New SiteIdentityPermission(PermissionState.None)
        siteIdPerm2.FromXml(siteIdPerm1.ToXml())
        Dim result As Boolean = siteIdPerm2.Equals(siteIdPerm1)
        If result Then
            Console.WriteLine("Result of ToFromXml = " + siteIdPerm2.ToString())
        Else
            Console.WriteLine(siteIdPerm2.ToString())
            Console.WriteLine(siteIdPerm1.ToString())
        End If

    End Sub 'ToFromXmlDemo 
End Class 'SiteIdentityPermissionDemo

using System;
using System.Security;
using System.Security.Permissions;

public class SiteIdentityPermissionDemo
{
    public static void Main(String[] args)
    {
        IsSubsetOfDemo();
        CopyDemo();
        UnionDemo();
        IntersectDemo();
        ToFromXmlDemo();
    }

    // IsSubsetOf determines whether the current permission is a subset of the specified permission.
    private static void IsSubsetOfDemo()
    {
        SiteIdentityPermission siteIdPerm1 = new SiteIdentityPermission("*.fourthcoffee.com");
        SiteIdentityPermission siteIdPerm2 = new SiteIdentityPermission("www.fourthcoffee.com");

        if (siteIdPerm1.IsSubsetOf(siteIdPerm2))
        {
            Console.WriteLine(siteIdPerm1.Site + " is a subset of " + siteIdPerm2.Site);
        }
        else
        {
            Console.WriteLine(siteIdPerm1.Site + " is not a subset of " + siteIdPerm2.Site);

        }
        if (siteIdPerm2.IsSubsetOf(siteIdPerm1))
        {
            Console.WriteLine(siteIdPerm2.Site + " is a subset of " + siteIdPerm1.Site);
        }
        else
        {
            Console.WriteLine(siteIdPerm2.Site + " is not a subset of " + siteIdPerm1.Site);

        }
    }
    // Union creates a new permission that is the union of the current permission
    // and the specified permission.
    private static void UnionDemo()
    {
        SiteIdentityPermission siteIdPerm1 = new SiteIdentityPermission("*.fourthcoffee.com");
        SiteIdentityPermission siteIdPerm2 = new SiteIdentityPermission("www.fourthcoffee.com");
        SiteIdentityPermission p3 = (SiteIdentityPermission)siteIdPerm1.Union(siteIdPerm2);
        try
        {
            if (p3 != null)
            {
                Console.WriteLine("The union of " + siteIdPerm1.Site +
                    " and \n\t" + siteIdPerm2.Site + " is \n\t"
                    + p3.Site + "\n");

            }
            else
            {
                Console.WriteLine("The union of " + siteIdPerm1.Site +
                    " and \n\t" + siteIdPerm2.Site + " is null.\n");
            }
        }
        catch (SystemException e)
        {
            Console.WriteLine("The union of " + siteIdPerm1.Site +
                    " and \n\t" + siteIdPerm2.Site + " failed.");

            Console.WriteLine(e.Message);
        }

    }
    // Intersect creates and returns a new permission that is the intersection of the
    // current permission and the permission specified.
    private static void IntersectDemo()
    {

        SiteIdentityPermission siteIdPerm1 = new SiteIdentityPermission("*.fourthcoffee.com");
        SiteIdentityPermission siteIdPerm2 = new SiteIdentityPermission("www.fourthcoffee.com");
        SiteIdentityPermission p3 = (SiteIdentityPermission)siteIdPerm1.Intersect(siteIdPerm2);

        if (p3 != null)
        {
            Console.WriteLine("The intersection of " + siteIdPerm1.Site + " and \n\t" +
                siteIdPerm2.Site + " is " + p3.Site + "\n");

        }
        else
        {
            Console.WriteLine("The intersection of " + siteIdPerm1.Site +
                " and \n\t" + siteIdPerm2.Site + " is null.\n");
        }


    }
    //Copy creates and returns an identical copy of the current permission.
    private static void CopyDemo()
    {

        SiteIdentityPermission siteIdPerm1 = new SiteIdentityPermission("*.fourthcoffee.com");
        SiteIdentityPermission siteIdPerm2 = new SiteIdentityPermission(PermissionState.None);
        siteIdPerm2 = (SiteIdentityPermission)siteIdPerm1.Copy();
        if (siteIdPerm2 != null)
        {
            Console.WriteLine("The copy succeeded:  " + siteIdPerm2.ToString() + " \n");
        }

    }
    // ToXml creates an XML encoding of the permission and its current state; FromXml reconstructs a
    // permission with the specified state from the XML encoding.
    private static void ToFromXmlDemo()
    {


        SiteIdentityPermission siteIdPerm1 = new SiteIdentityPermission("*.fourthcoffee.com");
        SiteIdentityPermission siteIdPerm2 = new SiteIdentityPermission(PermissionState.None);
        siteIdPerm2.FromXml(siteIdPerm1.ToXml());
        bool result = siteIdPerm2.Equals(siteIdPerm1);
        if (result)
        {
            Console.WriteLine("Result of ToFromXml = " + siteIdPerm2.ToString());
        }
        else
        {
            Console.WriteLine(siteIdPerm2.ToString());
            Console.WriteLine(siteIdPerm1.ToString());
        }

    }

}

Visual C++

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Runtime::InteropServices;


void IsSubsetOfDemo();                      // Forward References
void CopyDemo();
void UnionDemo();
void IntersectDemo();
void ToFromXmlDemo();



void main()
{
    IsSubsetOfDemo();
    CopyDemo();
    UnionDemo();
    IntersectDemo();
    ToFromXmlDemo();

    Console::WriteLine("\n\nPress ENTER to return");
    Console::ReadLine();
}

// IsSubsetOf determines whether the current permission is a subset of the specified permission.
void IsSubsetOfDemo()
{
    SiteIdentityPermission ^ siteIdPerm1 = gcnew SiteIdentityPermission("*.fourthcoffee.com");
    SiteIdentityPermission ^ siteIdPerm2 = gcnew SiteIdentityPermission("www.fourthcoffee.com");

    if (siteIdPerm1->IsSubsetOf(siteIdPerm2))
          Console::WriteLine(siteIdPerm1->Site + " is a subset of " + siteIdPerm2->Site);
    else  Console::WriteLine(siteIdPerm1->Site + " is not a subset of " + siteIdPerm2->Site);

    if (siteIdPerm2->IsSubsetOf(siteIdPerm1))
          Console::WriteLine(siteIdPerm2->Site + " is a subset of " + siteIdPerm1->Site);
    else  Console::WriteLine(siteIdPerm2->Site + " is not a subset of " + siteIdPerm1->Site);
     }

// Union creates a new permission that is the union of the current permission
// and the specified permission.
void UnionDemo()
{
    SiteIdentityPermission ^ siteIdPerm1 = gcnew SiteIdentityPermission("*.fourthcoffee.com");
    SiteIdentityPermission ^ siteIdPerm2 = gcnew SiteIdentityPermission("www.fourthcoffee.com");
    SiteIdentityPermission ^ p3 = (SiteIdentityPermission ^)siteIdPerm1->Union(siteIdPerm2);
    Console::WriteLine("The union of " + siteIdPerm1->Site + " and " + siteIdPerm2->Site + " is ");

    try
        {
            if (p3 != nullptr)
                Console::WriteLine("The union of " + siteIdPerm1->Site +
                    " and \n\t" + siteIdPerm2->Site + " is \n\t" + p3->Site + "\n");
            else
                Console::WriteLine("The union of " + siteIdPerm1->Site +
                    " and \n\t" + siteIdPerm2->Site + " is null.\n");
        }
    catch (SystemException ^ e)
        {
            Console::WriteLine("The union of " + siteIdPerm1->Site +
                    " and \n\t" + siteIdPerm2->Site + " failed.");
            Console::WriteLine(e->Message);
        }
}

// Intersect creates and returns a new permission that is the intersection of the
// current permission and the permission specified.
void IntersectDemo()
{

    SiteIdentityPermission ^ siteIdPerm1 = gcnew SiteIdentityPermission("*.fourthcoffee.com");
    SiteIdentityPermission ^ siteIdPerm2 = gcnew SiteIdentityPermission("www.fourthcoffee.com");
    SiteIdentityPermission ^ p3 = (SiteIdentityPermission ^)siteIdPerm1->Intersect(siteIdPerm2);

    if (p3)
        Console::WriteLine("The intersection of " + siteIdPerm1->Site + " and \n\t" + 
            siteIdPerm2->Site + " is " + p3->Site + "\n");
    else
        Console::WriteLine("The intersection of " + siteIdPerm1->Site + 
            " and \n\t" + siteIdPerm2->Site + " is null.\n");
}

//Copy creates and returns an identical copy of the current permission.
void CopyDemo()
{
    SiteIdentityPermission ^ siteIdPerm1 = gcnew SiteIdentityPermission("*.fourthcoffee.com");
    SiteIdentityPermission ^ siteIdPerm2 = gcnew SiteIdentityPermission(PermissionState::None);
    siteIdPerm2 = (SiteIdentityPermission ^)siteIdPerm1->Copy();
    if (siteIdPerm2)
        Console::WriteLine("The copy succeeded:  " + siteIdPerm2->ToString() + " \n");
}

// ToXml creates an XML encoding of the permission and its current state; FromXml reconstructs a
// permission with the specified state from the XML encoding.
void ToFromXmlDemo()
{
    SiteIdentityPermission ^ siteIdPerm1 = gcnew SiteIdentityPermission("*.fourthcoffee.com");
    SiteIdentityPermission ^ siteIdPerm2 = gcnew SiteIdentityPermission(PermissionState::None);
    siteIdPerm2->FromXml(siteIdPerm1->ToXml());
    bool result = siteIdPerm2->Equals(siteIdPerm1);
        if (result)
            Console::WriteLine("Result of ToFromXml = " + siteIdPerm2->ToString());
        else
        {
            Console::WriteLine(siteIdPerm2->ToString());
            Console::WriteLine(siteIdPerm1->ToString());
        }
}

Inheritance Hierarchy

System..::.Object
System.Security..::.CodeAccessPermission
System.Security.Permissions..::.SiteIdentityPermission

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Reference

SiteIdentityPermission Members

System.Security.Permissions Namespace

SiteIdentityPermissionAttribute

Site

SiteMembershipCondition

Other Resources

Security Permissions

Requesting Permissions