Code Access Permissions
Code access permissions are permission objects that are used to help protect resources and operations from unauthorized use. They are a fundamental part of the common language runtime's mechanism for enforcing security restrictions on managed code.
Each code access permission represents one of the following rights:
The right to access a protected resource, such as files or environment variables.
The right to perform a protected operation, such as accessing unmanaged code.
All code access permissions can be requested or demanded by code, and the runtime decides which permissions, if any, to grant the code.
Each code access permission derives from the CodeAccessPermission class, which means that all code access permissions have methods in common, such as Demand, Assert, Deny, PermitOnly, IsSubsetOf, Intersect, and Union.
Important
In the .NET Framework 4, runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. These requests should not be used in code that is based on .NET Framework 4 or later. For more information about this and other changes, see Security Changes in the .NET Framework.
The .NET Framework provides the following code access permissions.
Permission class name |
Right represented |
|---|---|
Access resources in ASP.NET-hosted environments. |
|
Access to the System.DirectoryServices classes. |
|
Access to Domain Name System (DNS). |
|
Read or write environment variables. |
|
Read or write access to event log services. |
|
Access files that have been selected by the user in an Open dialog box. |
|
Read, append, or write files or directories. |
|
Access isolated storage, which is storage that is associated with a specific user and with some aspect of the code's identity, such as its Web site, publisher, or signature. |
|
Access message queues through the managed Microsoft Message Queuing (MSMQ) interfaces. |
|
Access an ODBC data source. |
|
Access databases using OLE DB. |
|
Access an Oracle database. |
|
Access performance counters. |
|
Access printers. |
|
Discover information about a type at run time. |
|
Read, write, create, or delete registry keys and values. |
|
Execute, assert permissions, call into unmanaged code, skip verification, and other rights. |
|
Access running or stopped services. |
|
Make or accept connections on a transport address. |
|
Access SQL databases. |
|
Access user interface functionality. |
|
Make or accept connections on a Web address. |
Additionally, the .NET Framework provides the following abstract classes that you can use to create your own custom permissions.
Permission class name |
Right represented |
|---|---|
Access a database. |
|
Access isolated storage. |
|
Access system resources. |