NetCodeGroup Class (System.Security.Policy)

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

NetCodeGroup Class

Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.

Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)

Syntax

Visual Basic (Declaration)

<SerializableAttribute> _
<ComVisibleAttribute(True)> _
Public NotInheritable Class NetCodeGroup _
    Inherits CodeGroup

Visual Basic (Usage)

Dim instance As NetCodeGroup

[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class NetCodeGroup : CodeGroup

Visual C++

[SerializableAttribute]
[ComVisibleAttribute(true)]
public ref class NetCodeGroup sealed : public CodeGroup

JScript

public final class NetCodeGroup extends CodeGroup

Remarks

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have one or more child code groups. Each child code group can have its own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to the group, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly, along with their child code groups, apply code access security policy.

NetCodeGroup has the same merge semantics as that of UnionCodeGroup; it forms the union of the PolicyStatement objects of all matching child code groups and the PolicyStatement it generates from the input Url evidence. However, NetCodeGroup returns a permission containing a dynamically calculated WebPermission that grants connect access to the site from which the code is run; UnionCodeGroup simply returns a static permission set.

When a NetCodeGroup is created, it contains the default connection access rules shown in the following table.

URI Scheme	Rule
file	No connection access to the origin server is permitted.
http	HTTP and HTTPS access is permitted using the origin port.
https	HTTPS access is permitted using the origin port.

You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a CodeConnectAccess object with the appropriate Scheme and Port property values to the AddConnectAccess method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying AbsentOriginScheme ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying AnyOtherOriginScheme ("*") as the scheme.

Note:
If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site.

Examples

The following code example demonstrates creating a NetCodeGroup and adding CodeConnectAccess objects for code downloaded using the HTTP scheme.

public static void SetNetCodeGroupAccess()
{
    const string userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel level = null;
    System.Collections.IEnumerator ph = 
        System.Security.SecurityManager.PolicyHierarchy();
    while(ph.MoveNext())
    {
        level = (PolicyLevel)ph.Current;
        if( level.Label == userPolicyLevel )
        {
            break;
        }
    }
    if (level.Label != userPolicyLevel)
        throw new ApplicationException("Could not find User policy level.");

    IMembershipCondition membership =
        new UrlMembershipCondition(@"http://www.contoso.com/*");
    NetCodeGroup codeGroup = new NetCodeGroup(membership);
    // Delete default settings.
    codeGroup.ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and default port.
    CodeConnectAccess a1 = new CodeConnectAccess(Uri.UriSchemeFtp, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the HTTPS scheme and default port.
    CodeConnectAccess a2 = new CodeConnectAccess(Uri.UriSchemeHttps, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the origin scheme and port.
    CodeConnectAccess a3 = CodeConnectAccess.CreateOriginSchemeAccess(CodeConnectAccess.OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a1);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a2);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a3);
    // Provide name and description information for caspol.exe tool.
    codeGroup.Name = "ContosoHttpCodeGroup";
    codeGroup.Description = "Code originating from contoso.com can connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level.RootCodeGroup.AddChild(codeGroup);
    // Save the changes to the policy level.
    System.Security.SecurityManager.SavePolicy();
}

Visual C++

static void SetNetCodeGroupAccess()
{
    String^ userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel^ level = nullptr;
    System::Collections::IEnumerator^ ph = 
        System::Security::SecurityManager::PolicyHierarchy();
    while(ph->MoveNext())
    {
        level = (PolicyLevel^)ph->Current;
        if (level->Label == userPolicyLevel)
        {
            break;       
        }
    }
    if (level->Label != userPolicyLevel)
        throw gcnew ApplicationException("Could not find User policy level.");

    IMembershipCondition^ membership =
        gcnew UrlMembershipCondition("http://www.contoso.com/*");
    NetCodeGroup^ codeGroup = gcnew NetCodeGroup(membership);
    // Delete default settings.
    codeGroup->ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and 
    // default port.
    CodeConnectAccess^ CodeAccessFtp = 
        gcnew CodeConnectAccess(Uri::UriSchemeFtp, 
        CodeConnectAccess::DefaultPort);
    // Create an object that represents access to the HTTPS scheme 
    // and default port.
    CodeConnectAccess^ CodeAccessHttps = 
        gcnew CodeConnectAccess(Uri::UriSchemeHttps, 
        CodeConnectAccess::DefaultPort);
    // Create an object that represents access to the origin 
    // scheme and port.
    CodeConnectAccess^ CodeAccessOrigin = 
        CodeConnectAccess::CreateOriginSchemeAccess
        (CodeConnectAccess::OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessFtp);
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessHttps);
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessOrigin);
    // Provide name and description information for caspol.exe tool.
    codeGroup->Name = "ContosoHttpCodeGroup";
    codeGroup->Description = "Code originating from contoso.com can" +
        " connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level->RootCodeGroup->AddChild(codeGroup);
    // Save the changes to the policy level.
    System::Security::SecurityManager::SavePolicy();
}

Inheritance Hierarchy

System..::.Object
System.Security.Policy..::.CodeGroup
System.Security.Policy..::.NetCodeGroup

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Reference

NetCodeGroup Members

System.Security.Policy Namespace

Other Resources

Code Groups