This documentation is archived and is not being maintained.

Code Access Permissions

Code access permissions are permission objects that are used to help protect resources and operations from unauthorized use. They are a fundamental part of the common language runtime's mechanism for enforcing security restrictions on managed code.

Each code access permission represents one of the following rights:

  • The right to access a protected resource, such as files or environment variables.
  • The right to perform a protected operation, such as accessing unmanaged code.

All code access permissions can be requested or demanded by code, and the runtime decides which permissions, if any, to grant the code.

Each code access permission derives from the CodeAccessPermission class, which means that all code access permissions have methods in common, such as Demand, Assert, Deny, PermitOnly, IsSubsetOf, Intersect, and Union.

The .NET Framework provides the following code access permissions.

Permission class nameRight represented
AspNetHostingPermissionAccess resources in ASP.NET-hosted environments.
DirectoryServicesPermissionAccess to the System.DirectoryServices classes.
DnsPermissionAccess to Domain Name System (DNS).
EnvironmentPermissionRead or write environment variables.
EventLogPermissionRead or write access to event log services.
FileDialogPermissionAccess files that have been selected by the user in an Open dialog box.
FileIOPermissionRead, append, or write files or directories.
IsolatedStorageFilePermissionAccess isolated storage, which is storage that is associated with a specific user and with some aspect of the code's identity, such as its Web site, publisher, or signature.
MessageQueuePermissionAccess message queues through the managed Microsoft Message Queuing (MSMQ) interfaces.
OdbcPermissionAccess an ODBC data source.
OleDbPermissionAccess databases using OLE DB.
OraclePermissionAccess an Oracle database.
PerformanceCounterPermissionAccess performance counters.
PrintingPermissionAccess printers.
ReflectionPermissionDiscover information about a type at run time.
RegistryPermissionRead, write, create, or delete registry keys and values.
SecurityPermissionExecute, assert permissions, call into unmanaged code, skip verification, and other rights.
ServiceControllerPermissionAccess running or stopped services.
SocketPermissionMake or accept connections on a transport address.
SqlClientPermissionAccess SQL databases.
UIPermissionAccess user interface functionality.
WebPermissionMake or accept connections on a Web address.

Additionally, the .NET Framework provides the following abstract classes that you can use to create your own custom permissions.

Permission class nameRight represented
DBDataPermissionAccess a database.
IsolatedStoragePermissionAccess isolated storage.
ResourcePermissionBaseAccess system resources.

See Also

Permissions | CodeAccessPermission")