This documentation is archived and is not being maintained.

StorePermission Class

Controls access to stores containing X.509 certificates. This class cannot be inherited.

Namespace:  System.Security.Permissions
Assembly:  System (in System.dll)

public sealed class StorePermission : CodeAccessPermission, 

StorePermission controls the access that code is granted to X.509 stores. The permission is based on flags representing the access levels that apply to every store.

The following code example demonstrates the behavior of the StorePermission methods.

The example is intended to show how the methods perform if you execute the methods from your code. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications.

using System;
using System.Security.Permissions;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security;
using System.IO;
StorePermission(SecurityAction.RequestMinimum, Flags = StorePermissionFlags.DeleteStore)]
public class X509store2
    public static void Main(string[] args)
        Console.WriteLine("Creating a permission with Flags = OpenStore.");
        StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
        //Create a new X509 store named teststore from the local certificate store. 
        //You must put in a valid path to a certificate in the following constructor.
        X509Certificate2 certificate = new X509Certificate2("c:\\certificates\\*****.cer");
        //      Deny the permission to open a store.
        // The following code results in an exception due to an attempt to open a store.
        // Remove the deny for opening a store.
        // The following code results in an exception due to an attempt to add a certificate. 
        // The exception is thrown due to a StorePermissionAttribute on the method denying AddToStore permission.
        // The current code is not affected by the attribute in the previously called method, so the following 
        // intructions execute without an exception.
        X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);

        // Demonstrate the behavior of the class members.

        Console.WriteLine("Press the Enter key to exit.");
    //Deny the permission the ability to add to a store.
    [StorePermission(SecurityAction.Deny, Flags = StorePermissionFlags.AddToStore)]
    private static void AddToStore(X509Certificate2 cert)
            X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);


            // The following attempt to add a certificate results in an exception being thrown.
        catch (SecurityException e)
            Console.WriteLine("Security exception thrown when attempting: " + 

    // The following method is intended to demonstrate only the behavior of  
    // StorePermission class members,and not their practical usage.  Most properties  
    // and methods in this class are used for the resolution and enforcement of 
    // security policy by the security infrastructure code. 
    private static void ShowMembers()
        Console.WriteLine("Creating first permission with Flags = OpenStore.");

        StorePermission sp1 = new StorePermission(StorePermissionFlags.OpenStore);

        Console.WriteLine("Creating second permission with Flags = AllFlags.");

        StorePermission sp2 = new StorePermission(StorePermissionFlags.AllFlags);

        Console.WriteLine("Creating third permission as Unrestricted.");
        StorePermission sp3 = new StorePermission(PermissionState.Unrestricted);
        Console.WriteLine("Creating fourth permission with a permission state of none.");

        StorePermission sp4 = new StorePermission(PermissionState.None);
        bool rc = sp2.IsSubsetOf(sp3);
        Console.WriteLine("Is the permission with complete store access (AllFlags) a subset of \n" +
            "\tthe permission with an Unrestricted permission state? " + (rc ? "Yes" : "No"));
        rc = sp1.IsSubsetOf(sp2);
        Console.WriteLine("Is the permission with OpenStore access a subset of the permission with \n" +
            "\tcomplete store access (AllFlags)? " + (rc ? "Yes" : "No"));
        rc = sp3.IsUnrestricted();
        Console.WriteLine("Is the third permission unrestricted? " + (rc ? "Yes" : "No"));
        Console.WriteLine("Copying the second permission to the fourth permission.");
        sp4 = (StorePermission)sp2.Copy();
        rc = sp4.Equals(sp2);
        Console.WriteLine("Is the fourth permission equal to the second permission? " + (rc ? "Yes" : "No"));

        Console.WriteLine("Creating the intersection of the second and first permissions.");
        sp4 = (StorePermission)sp2.Intersect(sp1);
        Console.WriteLine("Value of the Flags property is: " + sp4.Flags.ToString());

        Console.WriteLine("Creating the union of the second and first permissions.");
        sp4 = (StorePermission)sp2.Union(sp1);
        Console.WriteLine("Result of the union of the second permission with the first:  " + sp4.Flags);

        Console.WriteLine("Using an XML roundtrip to reset the fourth permission.");
        rc = sp4.Equals(sp2);
        Console.WriteLine("Does the XML roundtrip result equal the original permission? " + (rc ? "Yes" : "No"));


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0