Export (0) Print
Expand All

StorePermission Class

Controls access to stores containing X.509 certificates. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: System (in system.dll)

[SerializableAttribute] 
public sealed class StorePermission : CodeAccessPermission, IUnrestrictedPermission
/** @attribute SerializableAttribute() */ 
public final class StorePermission extends CodeAccessPermission implements IUnrestrictedPermission
SerializableAttribute 
public final class StorePermission extends CodeAccessPermission implements IUnrestrictedPermission
Not applicable.

StorePermission controls the access that code is granted to X.509 stores. The permission is based on flags representing the access levels that apply to every store.

The following code example demonstrates the behavior of the StorePermission methods.

The example is intended to show how the methods perform if you execute the methods from your code. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications.

using System;
using System.Security.Permissions;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security;
using System.IO;
[assembly:
StorePermission(SecurityAction.RequestMinimum, Flags = StorePermissionFlags.DeleteStore)]
public class X509store2
{
    public static void Main(string[] args)
    {
        Console.WriteLine("Creating a permission with Flags = OpenStore.");
        StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
        //Create a new X509 store named teststore from the local certificate store.
        //You must put in a valid path to a certificate in the following constructor.
        X509Certificate2 certificate = new X509Certificate2("c:\\certificates\\*****.cer");
        //      Deny the permission to open a store.
        sp.Deny();
        // The following code results in an exception due to an attempt to open a store.
        AddToStore(certificate);
        // Remove the deny for opening a store.
        CodeAccessPermission.RevertDeny();
        // The following code results in an exception due to an attempt to add a certificate.
        // The exception is thrown due to a StorePermissionAttribute on the method denying AddToStore permission.
        AddToStore(certificate);
        // The current code is not affected by the attribute in the previously called method, so the following
        // intructions execute without an exception.
        X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadWrite);
        store.Add(certificate);

        // Demonstrate the behavior of the class members.
        ShowMembers();

        Console.WriteLine("Press the Enter key to exit.");
        Console.ReadKey();
        return;
    }
    //Deny the permission the ability to add to a store.
    [StorePermission(SecurityAction.Deny, Flags = StorePermissionFlags.AddToStore)]
    private static void AddToStore(X509Certificate2 cert)
    {
        try
        {
            X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            // The following attempt to add a certificate results in an exception being thrown.
            store.Add(cert);
            return;
        }
        catch (SecurityException e)
        {
            Console.WriteLine("Security exception thrown when attempting: " + 
                ((StorePermission)e.FirstPermissionThatFailed).Flags);
            return;
        }
    }

    // The following method is intended to demonstrate only the behavior of 
    // StorePermission class members,and not their practical usage.  Most properties 
    // and methods in this class are used for the resolution and enforcement of
    // security policy by the security infrastructure code.
    private static void ShowMembers()
    {
        Console.WriteLine("Creating first permission with Flags = OpenStore.");

        StorePermission sp1 = new StorePermission(StorePermissionFlags.OpenStore);

        Console.WriteLine("Creating second permission with Flags = AllFlags.");

        StorePermission sp2 = new StorePermission(StorePermissionFlags.AllFlags);

        Console.WriteLine("Creating third permission as Unrestricted.");
        StorePermission sp3 = new StorePermission(PermissionState.Unrestricted);
        Console.WriteLine("Creating fourth permission with a permission state of none.");

        StorePermission sp4 = new StorePermission(PermissionState.None);
        bool rc = sp2.IsSubsetOf(sp3);
        Console.WriteLine("Is the permission with complete store access (AllFlags) a subset of \n" +
            "\tthe permission with an Unrestricted permission state? " + (rc ? "Yes" : "No"));
        rc = sp1.IsSubsetOf(sp2);
        Console.WriteLine("Is the permission with OpenStore access a subset of the permission with \n" +
            "\tcomplete store access (AllFlags)? " + (rc ? "Yes" : "No"));
        rc = sp3.IsUnrestricted();
        Console.WriteLine("Is the third permission unrestricted? " + (rc ? "Yes" : "No"));
        Console.WriteLine("Copying the second permission to the fourth permission.");
        sp4 = (StorePermission)sp2.Copy();
        rc = sp4.Equals(sp2);
        Console.WriteLine("Is the fourth permission equal to the second permission? " + (rc ? "Yes" : "No"));

        Console.WriteLine("Creating the intersection of the second and first permissions.");
        sp4 = (StorePermission)sp2.Intersect(sp1);
        Console.WriteLine("Value of the Flags property is: " + sp4.Flags.ToString());

        Console.WriteLine("Creating the union of the second and first permissions.");
        sp4 = (StorePermission)sp2.Union(sp1);
        Console.WriteLine("Result of the union of the second permission with the first:  " + sp4.Flags);

        Console.WriteLine("Using an XML roundtrip to reset the fourth permission.");
        sp4.FromXml(sp2.ToXml());
        rc = sp4.Equals(sp2);
        Console.WriteLine("Does the XML roundtrip result equal the original permission? " + (rc ? "Yes" : "No"));
    }
}

import System.*;
import System.Security.Permissions.*;
import System.Security.Cryptography.*;
import System.Security.Cryptography.X509Certificates.*;
import System.Security.*;
import System.IO.*;

/** @assembly StorePermission(SecurityAction.RequestMinimum,
    Flags = StorePermissionFlags.DeleteStore)
 */
public class X509store2
{
	public static void main(String[] args)
	{
		Console.WriteLine("Creating a permission with Flags = OpenStore.");
		StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
		//Create a new X509 store named teststore from the local certificate 
		// store.
		//You must put in a valid path to a certificate in the following 
		// constructor.
		X509Certificate2 certificate =
			new X509Certificate2("c:\\certificates\\*****.cer");
		//      Deny the permission to open a store.
		sp.Deny();
		// The following code results in an exception due to an attempt 
		// to open a store.
		AddToStore(certificate);
		// Remove the deny for opening a store.
		CodeAccessPermission.RevertDeny();
		// The following code results in an exception due to an attempt to 
		// add a certificate.
		// The exception is thrown due to a StorePermissionAttribute 
		// on the method denying AddToStore permission.
		AddToStore(certificate);
		// The current code is not affected by the attribute in the
		// previously called method, so the following
		// intructions execute without an exception.
		X509Store store = new X509Store("teststore",
			StoreLocation.CurrentUser);
		store.Open(OpenFlags.ReadWrite);
		store.Add(certificate);
		// Demonstrate the behavior of the class members.
		ShowMembers();

		Console.WriteLine("Press the Enter key to exit.");
		Console.ReadKey();
		return;
	} //main

	//Deny the permission the ability to add to a store.
	/** @attribute StorePermission(SecurityAction.Deny, Flags =
		StorePermissionFlags.AddToStore)
	 */
	private static void AddToStore(X509Certificate2 cert)
	{
		try
		{
			X509Store store = new X509Store("teststore",
				StoreLocation.CurrentUser);
			store.Open(OpenFlags.ReadWrite);
			// The following attempt to add a certificate results in 
			// an exception being thrown.
			store.Add(cert);
			return;
		}
		catch (System.Security.SecurityException e)
		{
			Console.WriteLine("Security exception thrown when attempting: "
				+ ((StorePermission)e.get_FirstPermissionThatFailed()).get_Flags());
			return;
		}
	} //AddToStore

	// The following method is intended to demonstrate only the behavior of 
	// StorePermission class members,and not their practical usage. 
	// Most properties 
	// and methods in this class are used for the resolution and enforcement 
	// of security policy by the security infrastructure code.
	private static void ShowMembers()
	{
		Console.WriteLine("Creating first permission with Flags = OpenStore.");
		StorePermission sp1 = new StorePermission(StorePermissionFlags.
			OpenStore);
		Console.WriteLine("Creating second permission with Flags = AllFlags.");
		StorePermission sp2 = new StorePermission(StorePermissionFlags.AllFlags);
		Console.WriteLine("Creating third permission as Unrestricted.");
		StorePermission sp3 = new StorePermission(PermissionState.Unrestricted);
		Console.WriteLine("Creating fourth permission with a permission "
			+ "state of none.");
		StorePermission sp4 = new StorePermission(PermissionState.None);
		boolean rc = sp2.IsSubsetOf(sp3);
		Console.WriteLine("Is the permission with complete store access "
			+ "(AllFlags) a subset of \n"
			+ "\tthe permission with an Unrestricted permission state? "
			+ ((rc) ? "Yes" : "No"));
		rc = sp1.IsSubsetOf(sp2);
		Console.WriteLine("Is the permission with OpenStore access "
			+ "a subset of the permission with \n"
			+ "\tcomplete store access (AllFlags)? "
			+ ((rc) ? "Yes" : "No"));
		rc = sp3.IsUnrestricted();
		Console.WriteLine("Is the third permission unrestricted? "
			+ ((rc) ? "Yes" : "No"));
		Console.WriteLine("Copying the second permission to the fourth "
			+ "permission.");
		sp4 = (StorePermission)sp2.Copy();
		rc = sp4.Equals(sp2);
		Console.WriteLine("Is the fourth permission equal to the second "
			+ "permission? " + ((rc) ? "Yes" : "No"));
		Console.WriteLine("Creating the intersection of the second and "
			+ "first permissions.");
		sp4 = (StorePermission)sp2.Intersect(sp1);
		Console.WriteLine("Value of the Flags property is: "
			+ sp4.get_Flags().ToString());
		Console.WriteLine("Creating the union of the second and first "
			+ "permissions.");
		sp4 = (StorePermission)sp2.Union(sp1);
		Console.WriteLine("Result of the union of the second permission "
			+ "with the first:  " + sp4.get_Flags());
		Console.WriteLine("Using an XML roundtrip to reset the fourth "
			+ "permission.");
		sp4.FromXml(sp2.ToXml());
		rc = sp4.Equals(sp2);
		Console.WriteLine("Does the XML roundtrip result equal the original "
			+ "permission? " + ((rc) ? "Yes" : "No"));
	} //ShowMembers 
} //X509store2

System.Object
   System.Security.CodeAccessPermission
    System.Security.Permissions.StorePermission

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show:
© 2014 Microsoft