Code Access Permissions

Code access permissions are permission objects that are used to help protect resources and operations from unauthorized use. They are a fundamental part of the common language runtime's mechanism for enforcing security restrictions on managed code.

Each code access permission represents one of the following rights:

  • The right to access a protected resource, such as files or environment variables.

  • The right to perform a protected operation, such as accessing unmanaged code.

All code access permissions can be requested or demanded by code, and the runtime decides which permissions, if any, to grant the code.

Each code access permission derives from the CodeAccessPermission class, which means that all code access permissions have methods in common, such as Demand, Assert, Deny, PermitOnly, IsSubsetOf, Intersect, and Union.

Important noteImportant

In the .NET Framework version 4, runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. These requests should not be used in code that is based on .NET Framework 4 or later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

The .NET Framework provides the following code access permissions.

Permission class name

Right represented

AspNetHostingPermission

Access resources in ASP.NET-hosted environments.

DirectoryServicesPermission

Access to the System.DirectoryServices classes.

DnsPermission

Access to Domain Name System (DNS).

EnvironmentPermission

Read or write environment variables.

EventLogPermission

Read or write access to event log services.

FileDialogPermission

Access files that have been selected by the user in an Open dialog box.

FileIOPermission

Read, append, or write files or directories.

IsolatedStorageFilePermission

Access isolated storage, which is storage that is associated with a specific user and with some aspect of the code's identity, such as its Web site, publisher, or signature.

MessageQueuePermission

Access message queues through the managed Microsoft Message Queuing (MSMQ) interfaces.

OdbcPermission

Access an ODBC data source.

OleDbPermission

Access databases using OLE DB.

OraclePermission

Access an Oracle database.

PerformanceCounterPermission

Access performance counters.

PrintingPermission

Access printers.

ReflectionPermission

Discover information about a type at run time.

RegistryPermission

Read, write, create, or delete registry keys and values.

SecurityPermission

Execute, assert permissions, call into unmanaged code, skip verification, and other rights.

ServiceControllerPermission

Access running or stopped services.

SocketPermission

Make or accept connections on a transport address.

SqlClientPermission

Access SQL databases.

UIPermission

Access user interface functionality.

WebPermission

Make or accept connections on a Web address.

Additionally, the .NET Framework provides the following abstract classes that you can use to create your own custom permissions.

Permission class name

Right represented

DBDataPermission

Access a database.

IsolatedStoragePermission

Access isolated storage.

ResourcePermissionBase

Access system resources.

See Also

Reference

CodeAccessPermission

Concepts

Security Permissions