Controls access to stores containing X.509 certificates. This class cannot be inherited.
(in System.dll)
Visual Basic (Declaration)
<SerializableAttribute> _
Public NotInheritable Class StorePermission _
Inherits CodeAccessPermission _
Implements IUnrestrictedPermission
Dim instance As StorePermission
[SerializableAttribute]
public sealed class StorePermission : CodeAccessPermission,
IUnrestrictedPermission
[SerializableAttribute]
public ref class StorePermission sealed : public CodeAccessPermission,
IUnrestrictedPermission
public final class StorePermission extends CodeAccessPermission implements IUnrestrictedPermission
StorePermission controls the access that code is granted to X.509 stores. The permission is based on flags representing the access levels that apply to every store.
The following code example demonstrates the behavior of the StorePermission methods.
The example is intended to show how the methods perform if you execute the methods from your code. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications.
Imports System
Imports System.Security.Permissions
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.Security
Imports System.IO
<Assembly: StorePermissionAttribute(SecurityAction.RequestMinimum, Flags:=StorePermissionFlags.DeleteStore)>
Public Class X509store2
Public Shared Sub Main(ByVal args() As String)
Console.WriteLine("Creating a permission with Flags = OpenStore.")
Dim sp As New System.Security.Permissions.StorePermission(StorePermissionFlags.OpenStore)
'Create a new X509 store named teststore from the local certificate store.
'You must put in a valid path to a certificate in the following constructor.
Dim certificate As New X509Certificate2("c:\certificates\*****.cer")
' Deny the permission to open a store.
sp.Deny()
' The following code results in an exception due to an attempt to open a store.
AddToStore(certificate)
' Remove the deny for opening a store.
CodeAccessPermission.RevertDeny()
' The following code results in an exception due to an attempt to add a certificate.
' The exception is thrown due to a StorePermissionAttribute on the method denying AddToStore permission.
AddToStore(certificate)
' The current code is not affected by the attribute in the previously called method, so the following
' intructions execute without an exception.
Dim store As New X509Store("teststore", StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadWrite)
store.Add(certificate)
' Demonstrate the behavior of the class members.
ShowMembers()
Console.WriteLine("Press the Enter key to exit.")
Console.ReadKey()
Return
End Sub 'Main
'Deny the permission the ability to add to a store.
<StorePermission(SecurityAction.Deny, Flags:=StorePermissionFlags.AddToStore)> _
Private Shared Sub AddToStore(ByVal cert As X509Certificate2)
Try
Dim store As New X509Store("teststore", StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadWrite)
' The following attempt to add a certificate results in an exception being thrown.
store.Add(cert)
Return
Catch e As SecurityException
Console.WriteLine("Security exception thrown when attempting: " + _
CType(e.FirstPermissionThatFailed, System.Security.Permissions.StorePermission).Flags)
Return
End Try
End Sub 'AddToStore
' The following method is intended to demonstrate only the behavior of
' StorePermission class members,and not their practical usage. Most properties
' and methods in this class are used for the resolution and enforcement of
' security policy by the security infrastructure code.
Private Shared Sub ShowMembers()
Console.WriteLine("Creating first permission with Flags = OpenStore.")
Dim sp1 As New System.Security.Permissions.StorePermission(StorePermissionFlags.OpenStore)
Console.WriteLine("Creating second permission with Flags = AllFlags.")
Dim sp2 As New System.Security.Permissions.StorePermission(StorePermissionFlags.AllFlags)
Console.WriteLine("Creating third permission as Unrestricted.")
Dim sp3 As New System.Security.Permissions.StorePermission(PermissionState.Unrestricted)
Console.WriteLine("Creating fourth permission with a permission state of none.")
Dim sp4 As New System.Security.Permissions.StorePermission(PermissionState.None)
Dim rc As Boolean = sp2.IsSubsetOf(sp3)
Console.WriteLine("Is the permission with complete store access (AllFlags) a subset of " + _
vbLf + vbTab + "the permission with an Unrestricted permission state? " + _
IIf(rc, "Yes", "No"))
rc = sp1.IsSubsetOf(sp2)
Console.WriteLine("Is the permission with OpenStore access a subset of the permission with " + _
vbLf + vbTab + "complete store access (AllFlags)? " + IIf(rc, "Yes", "No"))
rc = sp3.IsUnrestricted()
Console.WriteLine("Is the third permission unrestricted? " + IIf(rc, "Yes", "No"))
Console.WriteLine("Copying the second permission to the fourth permission.")
sp4 = CType(sp2.Copy(), System.Security.Permissions.StorePermission)
rc = sp4.Equals(sp2)
Console.WriteLine("Is the fourth permission equal to the second permission? " + _
IIf(rc, "Yes", "No"))
Console.WriteLine("Creating the intersection of the second and first permissions.")
sp4 = CType(sp2.Intersect(sp1), System.Security.Permissions.StorePermission)
Console.WriteLine("Value of the Flags property is: " + sp4.Flags.ToString())
Console.WriteLine("Creating the union of the second and first permissions.")
sp4 = CType(sp2.Union(sp1), System.Security.Permissions.StorePermission)
Console.WriteLine("Result of the union of the second permission with the first: " + _
sp4.Flags)
Console.WriteLine("Using an XML roundtrip to reset the fourth permission.")
sp4.FromXml(sp2.ToXml())
rc = sp4.Equals(sp2)
Console.WriteLine("Does the XML roundtrip result equal the original permission? " + _
IIf(rc, "Yes", "No"))
End Sub
End Class 'X509store2
using System;
using System.Security.Permissions;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security;
using System.IO;
[assembly:
StorePermission(SecurityAction.RequestMinimum, Flags = StorePermissionFlags.DeleteStore)]
public class X509store2
{
public static void Main(string[] args)
{
Console.WriteLine("Creating a permission with Flags = OpenStore.");
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
//Create a new X509 store named teststore from the local certificate store.
//You must put in a valid path to a certificate in the following constructor.
X509Certificate2 certificate = new X509Certificate2("c:\\certificates\\*****.cer");
// Deny the permission to open a store.
sp.Deny();
// The following code results in an exception due to an attempt to open a store.
AddToStore(certificate);
// Remove the deny for opening a store.
CodeAccessPermission.RevertDeny();
// The following code results in an exception due to an attempt to add a certificate.
// The exception is thrown due to a StorePermissionAttribute on the method denying AddToStore permission.
AddToStore(certificate);
// The current code is not affected by the attribute in the previously called method, so the following
// intructions execute without an exception.
X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
// Demonstrate the behavior of the class members.
ShowMembers();
Console.WriteLine("Press the Enter key to exit.");
Console.ReadKey();
return;
}
//Deny the permission the ability to add to a store.
[StorePermission(SecurityAction.Deny, Flags = StorePermissionFlags.AddToStore)]
private static void AddToStore(X509Certificate2 cert)
{
try
{
X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
// The following attempt to add a certificate results in an exception being thrown.
store.Add(cert);
return;
}
catch (SecurityException e)
{
Console.WriteLine("Security exception thrown when attempting: " +
((StorePermission)e.FirstPermissionThatFailed).Flags);
return;
}
}
// The following method is intended to demonstrate only the behavior of
// StorePermission class members,and not their practical usage. Most properties
// and methods in this class are used for the resolution and enforcement of
// security policy by the security infrastructure code.
private static void ShowMembers()
{
Console.WriteLine("Creating first permission with Flags = OpenStore.");
StorePermission sp1 = new StorePermission(StorePermissionFlags.OpenStore);
Console.WriteLine("Creating second permission with Flags = AllFlags.");
StorePermission sp2 = new StorePermission(StorePermissionFlags.AllFlags);
Console.WriteLine("Creating third permission as Unrestricted.");
StorePermission sp3 = new StorePermission(PermissionState.Unrestricted);
Console.WriteLine("Creating fourth permission with a permission state of none.");
StorePermission sp4 = new StorePermission(PermissionState.None);
bool rc = sp2.IsSubsetOf(sp3);
Console.WriteLine("Is the permission with complete store access (AllFlags) a subset of \n" +
"\tthe permission with an Unrestricted permission state? " + (rc ? "Yes" : "No"));
rc = sp1.IsSubsetOf(sp2);
Console.WriteLine("Is the permission with OpenStore access a subset of the permission with \n" +
"\tcomplete store access (AllFlags)? " + (rc ? "Yes" : "No"));
rc = sp3.IsUnrestricted();
Console.WriteLine("Is the third permission unrestricted? " + (rc ? "Yes" : "No"));
Console.WriteLine("Copying the second permission to the fourth permission.");
sp4 = (StorePermission)sp2.Copy();
rc = sp4.Equals(sp2);
Console.WriteLine("Is the fourth permission equal to the second permission? " + (rc ? "Yes" : "No"));
Console.WriteLine("Creating the intersection of the second and first permissions.");
sp4 = (StorePermission)sp2.Intersect(sp1);
Console.WriteLine("Value of the Flags property is: " + sp4.Flags.ToString());
Console.WriteLine("Creating the union of the second and first permissions.");
sp4 = (StorePermission)sp2.Union(sp1);
Console.WriteLine("Result of the union of the second permission with the first: " + sp4.Flags);
Console.WriteLine("Using an XML roundtrip to reset the fourth permission.");
sp4.FromXml(sp2.ToXml());
rc = sp4.Equals(sp2);
Console.WriteLine("Does the XML roundtrip result equal the original permission? " + (rc ? "Yes" : "No"));
}
}
#using <System.Security.dll>
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
using namespace System::Security;
using namespace System::IO;
[assembly:StorePermissionAttribute(SecurityAction::RequestMinimum,
Flags=StorePermissionFlags::DeleteStore)];
void AddToStore( X509Certificate2 ^ cert );
void ShowMembers();
int main()
{
Console::WriteLine( "Creating a permission with Flags = OpenStore." );
StorePermission ^ sp = gcnew StorePermission( StorePermissionFlags::OpenStore );
//Create a new X509 store named teststore from the local certificate store.
//You must put in a valid path to a certificate in the following constructor.
X509Certificate2 ^ certificate = gcnew X509Certificate2( "c:\\certificates\\*****.cer" );
// Deny the permission to open a store.
sp->Deny();
// The following code results in an exception due to an attempt to open a store.
AddToStore( certificate );
// Remove the deny for opening a store.
CodeAccessPermission::RevertDeny();
// The following code results in an exception due to an attempt to add a certificate.
// The exception is thrown due to a StorePermissionAttribute on the method denying AddToStore permission.
AddToStore( certificate );
// The current code is not affected by the attribute in the previously called method, so the following
// intructions execute without an exception.
X509Store ^ store = gcnew X509Store( "teststore",StoreLocation::CurrentUser );
store->Open( OpenFlags::ReadWrite );
store->Add( certificate );
// Demonstrate the behavior of the class members.
ShowMembers();
Console::WriteLine( "Press the Enter key to exit." );
Console::ReadKey();
}
//Deny the permission the ability to add to a store.
[StorePermission(SecurityAction::Deny,Flags=StorePermissionFlags::AddToStore)]
void AddToStore( X509Certificate2 ^ cert )
{
try
{
X509Store ^ store = gcnew X509Store( "teststore",StoreLocation::CurrentUser );
store->Open( OpenFlags::ReadWrite );
// The following attempt to add a certificate results in an exception being thrown.
store->Add( cert );
return;
}
catch ( SecurityException^ e )
{
Console::WriteLine( "Security exception thrown when attempting: {0}",
(dynamic_cast<StorePermission^>(e->FirstPermissionThatFailed))->Flags );
return;
}
}
// The following function is intended to demonstrate only the behavior of
// StorePermission class members,and not their practical usage. Most properties
// and methods in this class are used for the resolution and enforcement of
// security policy by the security infrastructure code.
void ShowMembers()
{
Console::WriteLine( "Creating first permission with Flags = OpenStore." );
StorePermission ^ sp1 = gcnew StorePermission( StorePermissionFlags::OpenStore );
Console::WriteLine( "Creating second permission with Flags = AllFlags." );
StorePermission ^ sp2 = gcnew StorePermission( StorePermissionFlags::AllFlags );
Console::WriteLine( "Creating third permission as Unrestricted." );
StorePermission ^ sp3 = gcnew StorePermission( PermissionState::Unrestricted );
Console::WriteLine( "Creating fourth permission with a permission state of none." );
StorePermission ^ sp4 = gcnew StorePermission( PermissionState::None );
bool rc = sp2->IsSubsetOf( sp3 );
Console::WriteLine( "Is the permission with complete store access (AllFlags) a subset of \n"
"\tthe permission with an Unrestricted permission state? {0}", (rc ? (String^)"Yes" : "No") );
rc = sp1->IsSubsetOf( sp2 );
Console::WriteLine( "Is the permission with OpenStore access a subset of the permission with \n"
"\tcomplete store access (AllFlags)? {0}", (rc ? (String^)"Yes" : "No") );
rc = sp3->IsUnrestricted();
Console::WriteLine( "Is the third permission unrestricted? {0}", (rc ? (String^)"Yes" : "No") );
Console::WriteLine( "Copying the second permission to the fourth permission." );
sp4 = dynamic_cast<StorePermission^>(sp2->Copy());
rc = sp4->Equals( sp2 );
Console::WriteLine( "Is the fourth permission equal to the second permission? {0}", (rc ? (String^)"Yes" : "No") );
Console::WriteLine( "Creating the intersection of the second and first permissions." );
sp4 = dynamic_cast<StorePermission^>(sp2->Intersect( sp1 ));
Console::WriteLine( "Value of the Flags property is: {0}", sp4->Flags );
Console::WriteLine( "Creating the union of the second and first permissions." );
sp4 = dynamic_cast<StorePermission^>(sp2->Union( sp1 ));
Console::WriteLine( "Result of the union of the second permission with the first: {0}", sp4->Flags );
Console::WriteLine( "Using an XML roundtrip to reset the fourth permission." );
sp4->FromXml( sp2->ToXml() );
rc = sp4->Equals( sp2 );
Console::WriteLine( "Does the XML roundtrip result equal the original permission? {0}", (rc ? (String^)"Yes" : "No") );
}
System..::.Object
System.Security..::.CodeAccessPermission
System.Security.Permissions..::.StorePermission
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 3.5, 3.0, 2.0
Reference
Other Resources