|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
How to: Refuse Permissions by Using the RequestRefuse Flag
If you are concerned that your code might be used to access system resources maliciously, you can request that it never be granted a particular permission. For example, an application that browses data in a file but never modifies the data might refuse any file-write permissions. In the event of a bug or a malicious attack, this code cannot damage the data on which it operates.
RequestRefuse allows a large set of permissions to be requested as optional permissions, while ensuring that certain specific permissions are not in the grant.
The following example uses RequestRefuse to refuse FileIOPermission from the common language runtime security system:
The previous example is not granted permission to create the file and generates a security exception. The catch statement intercepts the exception and the application displays the following message to the console:
This application does not have permission to write to the disk.