Expand Minimize

SecurityPermissionFlag Enumeration

Specifies access flags for the security permission object.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:  System.Security.Permissions
Assembly:  mscorlib (in mscorlib.dll)

[SerializableAttribute]
[ComVisibleAttribute(true)]
[FlagsAttribute]
public enum class SecurityPermissionFlag

Member nameDescription
AllFlagsThe unrestricted state of the permission.
AssertionAbility to assert that all this code's callers have the requisite permission for the operation.
BindingRedirectsPermission to perform explicit binding redirection in the application configuration file. This includes redirection of .NET Framework assemblies that have been unified as well as other assemblies found outside the .NET Framework.
ControlAppDomainAbility to create and manipulate an AppDomain.
ControlDomainPolicyAbility to specify domain policy.
ControlEvidenceAbility to provide evidence, including the ability to alter the evidence provided by the common language runtime.

This is a powerful permission that should only be granted to highly trusted code.

ControlPolicyAbility to view and modify policy.

This is a powerful permission that should only be granted to highly trusted code.

ControlPrincipalAbility to manipulate the principal object.
ControlThreadAbility to use certain advanced operations on threads.
ExecutionPermission for the code to run. Without this permission, managed code will not be executed.

This flag has no effect when used dynamically with stack modifiers such as Deny, Assert, and PermitOnly.

InfrastructurePermission to plug code into the common language runtime infrastructure, such as adding Remoting Context Sinks, Envoy Sinks and Dynamic Sinks.
NoFlagsNo security access.
RemotingConfigurationPermission to configure Remoting types and channels.
SerializationFormatterAbility to provide serialization services. Used by serialization formatters.
SkipVerificationAbility to skip verification of code in this assembly. Code that is unverifiable can be run if this permission is granted.

This is a powerful permission that should be granted only to highly trusted code.

This flag has no effect when used dynamically with stack modifiers such as Deny, Assert, and PermitOnly.

UnmanagedCodeAbility to call unmanaged code.

Since unmanaged code potentially allows other permissions to be bypassed, this is a dangerous permission that should only be granted to highly trusted code. It is used for such applications as calling native code using PInvoke or using COM interop.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

This enumeration is used by SecurityPermission.

Caution noteCaution

Many of these flags are powerful and should only be granted to highly trusted code.

The following code example shows the use of the SecurityPermissionFlag enumeration to deny and demand security permissions.

// This sample demonstrates the use of the SecurityPermissionAttribute. 
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Security;
class MyClass
{
public:
   static void PermissionDemo()
   {
      try
      {
         DenySecurityPermissions();
         DenyAllSecurityPermissions();
         DoNotDenySecurityPermissions();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( e->Message );
      }

   }


   // This method demonstrates the use of the SecurityPermissionAttribute to deny individual security permissions. 
   // Set the Assertion property.
   [SecurityPermissionAttribute(SecurityAction::Deny,Assertion=true)]
   // Set the ControlAppDomain property.
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlAppDomain=true)]
   // Set the ControlDomainPolicy property.
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlDomainPolicy=true)]
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlEvidence=true)]
   // Set the ControlEvidence property.
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlPolicy=true)]
   // Set the ControlPolicy property.
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlPrincipal=true)]
   // Set the ControlPrincipal property. 
   // Set the ControlThread property.
   [SecurityPermissionAttribute(SecurityAction::Deny,ControlThread=true)]
   // Set the Execution property.
   [SecurityPermissionAttribute(SecurityAction::Deny,Execution=true)]
   // Set the Flags property.
   [SecurityPermissionAttribute(SecurityAction::Deny,Flags=SecurityPermissionFlag::NoFlags)]
   // Set the Infrastructure property.
   [SecurityPermissionAttribute(SecurityAction::Deny,Infrastructure=true)]
   // Set the RemotingConfiguration property.
   [SecurityPermissionAttribute(SecurityAction::Deny,RemotingConfiguration=true)]
   // Set the SerializationFormatter property.
   [SecurityPermissionAttribute(SecurityAction::Deny,SerializationFormatter=true)]
   // Set the SkipVerification property.
   [SecurityPermissionAttribute(SecurityAction::Deny,SkipVerification=true)]
   // Set the UnmanagedCode property.
   [SecurityPermissionAttribute(SecurityAction::Deny,UnmanagedCode=true)]

   static void DenySecurityPermissions()
   {
      Console::WriteLine( "Executing DenySecurityPermissions." );
      Console::WriteLine( "Denied all permissions individually." );
      TestSecurityPermissions();
   }


   // This method demonstrates the use of SecurityPermissionFlag::AllFlags to deny all security permissions.

   [SecurityPermissionAttribute(SecurityAction::Deny,Flags=SecurityPermissionFlag::AllFlags)]
   static void DenyAllSecurityPermissions()
   {
      Console::WriteLine( "\nExecuting DenyAllSecurityPermissions." );
      Console::WriteLine( "Denied all permissions using SecurityPermissionFlag::AllFlags." );
      TestSecurityPermissions();
   }


   // This method demonstrates the effect of not denying security permissions. 
   static void DoNotDenySecurityPermissions()
   {
      Console::WriteLine( "\nExecuting DoNotDenySecurityPermissions." );
      Console::WriteLine( "No permissions have been denied." );
      DemandSecurityPermissions();
   }

   static void TestSecurityPermissions()
   {
      Console::WriteLine( "\nExecuting TestSecurityPermissions.\n" );
      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Assertion );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Assertion" );

         // This demand should cause an exception.
         sp->Demand();

         // The TestFailed method is called if an exception is not thrown.
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Assertion failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlAppDomain );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlAppDomain" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlAppDomain failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlDomainPolicy );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlDomainPolicy" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlDomainPolicy failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlEvidence );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlEvidence" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlEvidence failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlPolicy );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlPolicy" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPolicy failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlPrincipal );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlPrincipal" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPrincipal failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlThread );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlThread" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlThread failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Execution );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Execution" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Execution failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Infrastructure );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Infrastructure" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Infrastructure failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::RemotingConfiguration );
         Console::WriteLine( "Demanding SecurityPermissionFlag::RemotingConfiguration" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::RemotingConfiguration failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::SerializationFormatter );
         Console::WriteLine( "Demanding SecurityPermissionFlag::SerializationFormatter" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::SerializationFormatter failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::SkipVerification );
         Console::WriteLine( "Demanding SecurityPermissionFlag::SkipVerification" );
         sp->Demand();
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::SkipVerification failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::UnmanagedCode );
         Console::WriteLine( "Demanding SecurityPermissionFlag::UnmanagedCode" );

         // This demand should cause an exception.
         sp->Demand();

         // The TestFailed method is called if an exception is not thrown.
         TestFailed();
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::UnmanagedCode failed: {0}", e->Message );
      }

   }

   static void TestFailed()
   {
      Console::WriteLine( "In TestFailed method." );
      Console::WriteLine( "Throwing an exception." );
      throw gcnew Exception;
   }

   static void DemandSecurityPermissions()
   {
      Console::WriteLine( "\nExecuting DemandSecurityPermissions.\n" );
      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Assertion );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Assertion" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::Assertion succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Assertion failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlAppDomain );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlAppDomain" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlAppDomain succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlAppDomain failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlDomainPolicy );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlDomainPolicy" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlDomainPolicy succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlDomainPolicy failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlEvidence );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlEvidence" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlEvidence succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlEvidence failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlPolicy );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlPolicy" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPolicy succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPolicy failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlPrincipal );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlPrincipal" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPrincipal succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlPrincipal failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::ControlThread );
         Console::WriteLine( "Demanding SecurityPermissionFlag::ControlThread" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlThread succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::ControlThread failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Execution );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Execution" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::Execution succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Execution failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::Infrastructure );
         Console::WriteLine( "Demanding SecurityPermissionFlag::Infrastructure" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::Infrastructure succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::Infrastructure failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::RemotingConfiguration );
         Console::WriteLine( "Demanding SecurityPermissionFlag::RemotingConfiguration" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::RemotingConfiguration succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::RemotingConfiguration failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::SerializationFormatter );
         Console::WriteLine( "Demanding SecurityPermissionFlag::SerializationFormatter" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::SerializationFormatter succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::SerializationFormatter failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::SkipVerification );
         Console::WriteLine( "Demanding SecurityPermissionFlag::SkipVerification" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::SkipVerification succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::SkipVerification failed: {0}", e->Message );
      }

      try
      {
         SecurityPermission^ sp = gcnew SecurityPermission( SecurityPermissionFlag::UnmanagedCode );
         Console::WriteLine( "Demanding SecurityPermissionFlag::UnmanagedCode" );
         sp->Demand();
         Console::WriteLine( "Demand for SecurityPermissionFlag::UnmanagedCode succeeded." );
      }
      catch ( Exception^ e ) 
      {
         Console::WriteLine( "Demand for SecurityPermissionFlag::UnmanagedCode failed: {0}", e->Message );
      }

   }

};

int main()
{
   MyClass::PermissionDemo();
}

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

.NET for Windows Phone apps

Obsolete (compiler warning) in Windows Phone 8.1
Obsolete (compiler warning) in Windows Phone Silverlight 8.1
Obsolete (compiler warning) in Windows Phone Silverlight 8

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft