Permission requests are the primary way to make your code security aware. You should include permission requests in applications that access protected resources. For more information, see Code Access Security Basics. Requests allow you to do two things:
- Request the minimum permissions your code must receive to run.
- Ensure that your code receives only the permissions that it actually needs.
The following code example demonstrates a basic permission request.
<assembly: FileIOPermissionAttribute(SecurityAction.RequestMinimum, Write := "C:\test.tmp"), _ assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted := False)> [C#][assembly:FileIOPermissionAttribute(SecurityAction.RequestMinimum, Write="C:\\test.tmp")] [assembly:PermissionSet(SecurityAction.RequestOptional,Unrestricted=false)]
This example tells the .NET Framework security system that the code should not run unless it receives permission to write to C:\test.tmp. If the code ever encounters security policy that does not grant this permission, a PolicyException is raised and the code does not run. Using this request, you can be sure that your code will run only if it is granted this permission, and you do not have to worry about errors caused by having too few permissions.
This example also tells the system that no additional permissions are wanted. Absent this, your code will be granted whatever permissions policy chooses to give it. While extra permissions do not cause harm, having fewer permissions could prevent some unforeseen security problems. Carrying permissions that your code does not need can lead to security problems.
Another way to limit the permissions your code receives to the fewest privileges is to list specific permissions you want to refuse. Permissions are typically refused when you ask that all permissions be optional and exclude specific permissions from that request. For more information, see Refusing Permissions.