|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
Code Access Permissions
Code access permissions are permission objects that are used to help protect resources and operations from unauthorized use. They are a fundamental part of the common language runtime's mechanism for enforcing security restrictions on managed code.
Each code access permission represents one of the following rights:
The right to access a protected resource, such as files or environment variables.
The right to perform a protected operation, such as accessing unmanaged code.
All code access permissions can be requested or demanded by code, and the runtime decides which permissions, if any, to grant the code.
Each code access permission derives from the CodeAccessPermission class, which means that all code access permissions have methods in common, such as Demand, Assert, Deny, PermitOnly, IsSubsetOf, Intersect, and Union.
The .NET Framework provides the following code access permissions.
Permission class name
Access resources in ASP.NET-hosted environments.
Access to the System.DirectoryServices classes.
Access to Domain Name System (DNS).
Read or write environment variables.
Read or write access to event log services.
Access files that have been selected by the user in an Open dialog box.
Read, append, or write files or directories.
Access isolated storage, which is storage that is associated with a specific user and with some aspect of the code's identity, such as its Web site, publisher, or signature.
Access message queues through the managed Microsoft Message Queuing (MSMQ) interfaces.
Access an ODBC data source.
Access databases using OLE DB.
Access an Oracle database.
Access performance counters.
Discover information about a type at run time.
Read, write, create, or delete registry keys and values.
Execute, assert permissions, call into unmanaged code, skip verification, and other rights.
Access running or stopped services.
Make or accept connections on a transport address.
Access SQL databases.
Access user interface functionality.
Make or accept connections on a Web address.
Additionally, the .NET Framework provides the following abstract classes that you can use to create your own custom permissions.