Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

NetCodeGroup Class

.NET Framework 4

Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.

System.Object
  System.Security.Policy.CodeGroup
    System.Security.Policy.NetCodeGroup

Namespace:  System.Security.Policy
Assembly:  mscorlib (in mscorlib.dll)
C#
C++
F#
VB
Copy 
[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class NetCodeGroup : CodeGroup

The NetCodeGroup type exposes the following members.

  Name Description
Public method NetCodeGroup Initializes a new instance of the NetCodeGroup class.
Top
  Name Description
Public property AttributeString Gets a string representation of the attributes of the policy statement for the code group. (Overrides CodeGroup.AttributeString.)
Public property Children Gets or sets an ordered list of the child code groups of a code group. (Inherited from CodeGroup.)
Public property Description Gets or sets the description of the code group. (Inherited from CodeGroup.)
Public property MembershipCondition Gets or sets the code group's membership condition. (Inherited from CodeGroup.)
Public property MergeLogic Gets the logic to use for merging groups. (Overrides CodeGroup.MergeLogic.)
Public property Name Gets or sets the name of the code group. (Inherited from CodeGroup.)
Public property PermissionSetName Gets the name of the NamedPermissionSet for the code group. (Overrides CodeGroup.PermissionSetName.)
Public property PolicyStatement Gets or sets the policy statement associated with the code group. (Inherited from CodeGroup.)
Top
  Name Description
Public method AddChild Adds a child code group to the current code group. (Inherited from CodeGroup.)
Public method AddConnectAccess Adds the specified connection access to the current code group.
Public method Copy Makes a deep copy of the current code group. (Overrides CodeGroup.Copy().)
Protected method CreateXml When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement. (Inherited from CodeGroup.)
Public method Equals(Object) Determines whether the specified code group is equivalent to the current code group. (Overrides CodeGroup.Equals(Object).)
Public method Equals(CodeGroup, Boolean) Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified. (Inherited from CodeGroup.)
Protected method Finalize Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public method FromXml(SecurityElement) Reconstructs a security object with a given state from an XML encoding. (Inherited from CodeGroup.)
Public method FromXml(SecurityElement, PolicyLevel) Reconstructs a security object with a given state and policy level from an XML encoding. (Inherited from CodeGroup.)
Public method GetConnectAccessRules Gets the connection access information for the current code group.
Public method GetHashCode Gets the hash code of the current code group. (Overrides CodeGroup.GetHashCode().)
Public method GetType Gets the Type of the current instance. (Inherited from Object.)
Protected method MemberwiseClone Creates a shallow copy of the current Object. (Inherited from Object.)
Protected method ParseXml When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement. (Inherited from CodeGroup.)
Public method RemoveChild Removes the specified child code group. (Inherited from CodeGroup.)
Public method ResetConnectAccess Removes all connection access information for the current code group.
Public method Resolve Resolves policy for the code group and its descendants for a set of evidence. (Overrides CodeGroup.Resolve(Evidence).)
Public method ResolveMatchingCodeGroups Resolves matching code groups. (Overrides CodeGroup.ResolveMatchingCodeGroups(Evidence).)
Public method ToString Returns a string that represents the current object. (Inherited from Object.)
Public method ToXml() Creates an XML encoding of the security object and its current state. (Inherited from CodeGroup.)
Public method ToXml(PolicyLevel) Creates an XML encoding of the security object, its current state, and the policy level within which the code exists. (Inherited from CodeGroup.)
Top
  Name Description
Public field Static member AbsentOriginScheme Contains a value used to specify connection access for code with an unknown or unrecognized origin scheme.
Public field Static member AnyOtherOriginScheme Contains a value used to specify any other unspecified origin scheme.
Top

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have one or more child code groups. Each child code group can have its own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to the group, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly, along with their child code groups, apply code access security policy.

NetCodeGroup has the same merge semantics as that of UnionCodeGroup; it forms the union of the PolicyStatement objects of all matching child code groups and the PolicyStatement it generates from the input Url evidence. However, NetCodeGroup returns a permission containing a dynamically calculated WebPermission that grants connect access to the site from which the code is run; UnionCodeGroup simply returns a static permission set.

When a NetCodeGroup is created, it contains the default connection access rules shown in the following table.

URI Scheme

Rule

file

No connection access to the origin server is permitted.

http

HTTP and HTTPS access is permitted using the origin port.

https

HTTPS access is permitted using the origin port.

You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a CodeConnectAccess object with the appropriate Scheme and Port property values to the AddConnectAccess method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying AbsentOriginScheme ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying AnyOtherOriginScheme ("*") as the scheme.

Note Note

If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site.

The following code example demonstrates creating a NetCodeGroup and adding CodeConnectAccess objects for code downloaded using the HTTP scheme.

C#
C++
VB
Copy 

public static void SetNetCodeGroupAccess()
{
    const string userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel level = null;
    System.Collections.IEnumerator ph = 
        System.Security.SecurityManager.PolicyHierarchy();
    while(ph.MoveNext())
    {
        level = (PolicyLevel)ph.Current;
        if( level.Label == userPolicyLevel )
        {
            break;
        }
    }
    if (level.Label != userPolicyLevel)
        throw new ApplicationException("Could not find User policy level.");

    IMembershipCondition membership =
        new UrlMembershipCondition(@"http://www.contoso.com/*");
    NetCodeGroup codeGroup = new NetCodeGroup(membership);
    // Delete default settings.
    codeGroup.ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and default port.
    CodeConnectAccess a1 = new CodeConnectAccess(Uri.UriSchemeFtp, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the HTTPS scheme and default port.
    CodeConnectAccess a2 = new CodeConnectAccess(Uri.UriSchemeHttps, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the origin scheme and port.
    CodeConnectAccess a3 = CodeConnectAccess.CreateOriginSchemeAccess(CodeConnectAccess.OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a1);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a2);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a3);
    // Provide name and description information for caspol.exe tool.
    codeGroup.Name = "ContosoHttpCodeGroup";
    codeGroup.Description = "Code originating from contoso.com can connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level.RootCodeGroup.AddChild(codeGroup);
    // Save the changes to the policy level.
    System.Security.SecurityManager.SavePolicy();
}

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ