Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

NetCodeGroup Class

Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.

Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[ComVisibleAttribute(true)] 
public sealed class NetCodeGroup : CodeGroup
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class NetCodeGroup extends CodeGroup
SerializableAttribute 
ComVisibleAttribute(true) 
public final class NetCodeGroup extends CodeGroup

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have one or more child code groups. Each child code group can have its own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to the group, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly, along with their child code groups, apply code access security policy.

NetCodeGroup has the same merge semantics as that of UnionCodeGroup; it forms the union of the PolicyStatement objects of all matching child code groups and the PolicyStatement it generates from the input Url evidence. However, NetCodeGroup returns a permission containing a dynamically calculated WebPermission that grants connect access to the site from which the code is run; UnionCodeGroup simply returns a static permission set.

When a NetCodeGroup is created, it contains the default connection access rules shown in the following table.

URI Scheme

Rule

file

No connection access to the origin server is permitted.

http

HTTP and HTTPS access is permitted using the origin port.

https

HTTPS access is permitted using the origin port.

You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a CodeConnectAccess object with the appropriate Scheme and Port property values to the AddConnectAccess method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying AbsentOriginScheme ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying AnyOtherOriginScheme ("*") as the scheme.

NoteNote

If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site.

The following code example demonstrates creating a NetCodeGroup and adding CodeConnectAccess objects for code downloaded using the HTTP scheme.

public static void SetNetCodeGroupAccess()
{
    const string userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel level = null;
    System.Collections.IEnumerator ph = 
        System.Security.SecurityManager.PolicyHierarchy();
    while(ph.MoveNext())
    {
        level = (PolicyLevel)ph.Current;
        if( level.Label == userPolicyLevel )
        {
            break;
        }
    }
    if (level.Label != userPolicyLevel)
        throw new ApplicationException("Could not find User policy level.");

    IMembershipCondition membership =
        new UrlMembershipCondition(@"http://www.contoso.com/*");
    NetCodeGroup codeGroup = new NetCodeGroup(membership);
    // Delete default settings.
    codeGroup.ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and default port.
    CodeConnectAccess a1 = new CodeConnectAccess(Uri.UriSchemeFtp, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the HTTPS scheme and default port.
    CodeConnectAccess a2 = new CodeConnectAccess(Uri.UriSchemeHttps, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the origin scheme and port.
    CodeConnectAccess a3 = CodeConnectAccess.CreateOriginSchemeAccess(CodeConnectAccess.OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a1);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a2);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a3);
    // Provide name and description information for caspol.exe tool.
    codeGroup.Name = "ContosoHttpCodeGroup";
    codeGroup.Description = "Code originating from contoso.com can connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level.RootCodeGroup.AddChild(codeGroup);
    // Save the changes to the policy level.
    System.Security.SecurityManager.SavePolicy();
}

public static void SetNetCodeGroupAccess() throws ApplicationException
{
    final String userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel level = null;
    System.Collections.IEnumerator ph =
        System.Security.SecurityManager.PolicyHierarchy();
    while (ph.MoveNext()) {
        level = (PolicyLevel)ph.get_Current();
        if (level.get_Label().Equals(userPolicyLevel)) {
            break;
        }
    }
    if (!(level.get_Label().Equals(userPolicyLevel))) {
        throw new ApplicationException("Could not find User policy level.");
    }
    IMembershipCondition membership =
        new UrlMembershipCondition("http://www.contoso.com/*");
    NetCodeGroup codeGroup = new NetCodeGroup(membership);
    // Delete default settings.
    codeGroup.ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and
    // default port.
    CodeConnectAccess a1 =
        new CodeConnectAccess(Uri.UriSchemeFtp,
        CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the HTTPS scheme
    // and default port.
    CodeConnectAccess a2 = new CodeConnectAccess(Uri.UriSchemeHttps,
        CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the origin scheme and port.
    CodeConnectAccess a3 = CodeConnectAccess.CreateOriginSchemeAccess(
        CodeConnectAccess.OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a1);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a2);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a3);
    // Provide name and description information for caspol.exe tool.
    codeGroup.set_Name("ContosoHttpCodeGroup");
    codeGroup.set_Description("Code originating from contoso.com can"
        + " connect back using the FTP or HTTPS.");
    // Add the code group to the User policy's root node.
    level.get_RootCodeGroup().AddChild(codeGroup);
    // Save the changes to the policy level.
    System.Security.SecurityManager.SavePolicy();
} //SetNetCodeGroupAccess

System.Object
   System.Security.Policy.CodeGroup
    System.Security.Policy.NetCodeGroup
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0, 1.1, 1.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.