PolicyLevel.AddNamedPermissionSet Method
.NET Framework 3.0
Adds a NamedPermissionSet to the current policy level.
Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)
Assembly: mscorlib (in mscorlib.dll)
public void AddNamedPermissionSet ( NamedPermissionSet permSet )
public function AddNamedPermissionSet ( permSet : NamedPermissionSet )
Not applicable.
Parameters
- permSet
The NamedPermissionSet to add to the current policy level.
| Exception type | Condition |
|---|---|
| The permSet parameter is a null reference (Nothing in Visual Basic). | |
| The permSet parameter has the same name as an existing NamedPermissionSet in the PolicyLevel. |
The following code shows how to add a named permission set to a policy level. This code example is part of a larger example provided for the PolicyLevel class.
// Create a custom named permission set based on the LocalIntranet permission set. private static void CreateCompanyPermission() { IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy(); // Move through the policy levels to the Machine policy level. while(policyEnumerator.MoveNext()) { PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current; if(currentLevel.Label == "Machine") { // Enumerate the permission sets in the Machine policy level. IList namedPermissions = currentLevel.NamedPermissionSets; IEnumerator namedPermission = namedPermissions.GetEnumerator(); // Locate the LocalIntranet permission set. while(namedPermission.MoveNext()) { if(((NamedPermissionSet)namedPermission.Current).Name == "LocalIntranet") { // The current permission set is a copy of the LocalIntranet permission set. // It can be modified to provide the permissions for the new permission set. // Rename the copy to the name chosen for the new permission set. ((NamedPermissionSet)namedPermission.Current).Name = "MyCompany"; IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator(); // Remove the current security permission from the permission set and replace it // with a new security permission that does not have the right to assert permissions. while(permissions.MoveNext()) { if(permissions.Current.GetType().ToString() == "System.Security.Permissions.SecurityPermission") { // Remove the current security permission. ((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType()); // Add a new security permission that only allows execution. ((NamedPermissionSet)namedPermission.Current).AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); break; } } try { // If you run this application twice, the following instruction throws // an exception because the named permission set is already present. // You can remove the custom named permission set using Caspole.exe or the // .NET Framework Configuration tool currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current)); SecurityManager.SavePolicy(); } // Catch the exception for a duplicate permission set. catch ( System.ArgumentException e) { Console.WriteLine(e.Message); return; } Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString()); break; } } } } }
// Create a custom named permission set based on the LocalIntranet
// permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while (policyEnumerator.MoveNext()) {
PolicyLevel currentLevel =
((PolicyLevel)(policyEnumerator.get_Current()));
if (currentLevel.get_Label().equalsIgnoreCase("Machine")) {
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions =
currentLevel.get_NamedPermissionSets();
IEnumerator namedPermission =
namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while (namedPermission.MoveNext()) {
if (((NamedPermissionSet)(namedPermission.get_Current()))
.get_Name().equalsIgnoreCase("LocalIntranet")) {
// The current permission set is a copy of the
// LocalIntranet permission set.It can be modified
// to provide the permissions for the new permission
// set.Rename the copy to the name chosen for the new
// permission set.
((NamedPermissionSet)(namedPermission.get_Current())).
set_Name("MyCompany");
IEnumerator permissions = ((NamedPermissionSet)
(namedPermission.get_Current())).GetEnumerator();
// Remove the current security permission from the
// permission set and replace it with a new security
// permission that does not have the right to assert
// permissions.
while (permissions.MoveNext()) {
if (
permissions.get_Current().GetType().ToString()
.equalsIgnoreCase("System.Security."
+ "Permissions.SecurityPermission")) {
// Remove the current security permission.
((NamedPermissionSet)
(namedPermission.get_Current()))
.RemovePermission(permissions.get_Current()
.GetType());
// Add a new security permission that only
// allows execution.
((NamedPermissionSet)
(namedPermission.get_Current()))
.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
break;
}
}
try {
// If you run this application twice, the following
// instruction throws an exception because the
// named permission set is already present.You can
// remove the custom named permission set using
// Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(
((NamedPermissionSet)
(namedPermission.get_Current())));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch (System.ArgumentException e) {
Console.WriteLine(e.get_Message());
return;
}
Console.WriteLine(((NamedPermissionSet)
(namedPermission.get_Current())).ToString());
break;
}
}
}
}
} //CreateCompanyPermission
Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.