How to: Import a Code Group by Using an XML File
An application might require that you add an application-specific code group to security policy. The application might ship with an assembly that implements the new code group and an XML file that contains a serialization of the new code group. The XML file can be imported into security policy using the Caspol.exe (Code Access Security Policy Tool). The XML file might also contain information about the membership condition and permission set associated with the code group. Usually, the application meets the specified membership condition and needs the associated permission set.
The following example shows how information for a code group and its associated membership condition and permission set might appear in an XML file.
<CodeGroup class="System.Security.Policy.UnionCodeGroup, mscorlib, Version=1.0.2411.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Name="myCodeGroup" Description="test code group"> <IMembershipCondition class="MyCustomMembershipCondition, myAssembly, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Url="http://www.microsoft.com/"/> <PermissionSet class="NamedPermissionSet" version="1" Name="MyPermissionSet" Description="Permission set containing my custom permission"> <IPermission class="myCustomNamespace.CustomPermission, customPerm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=64a85a7d791b1a32" version="1" Unrestricted="True"/> </PermissionSet> </CodeGroup>
The <CodeGroup> element contains information for a new code group. The class and version attributes are required for the <CodeGroup> element. The class attribute points to the class and assembly that implements the new code group. The class attribute's value can be in any format discussed in Specifying Fully Qualified Type Names, but will usually be in the form shown in the example. For this version of the .NET Framework, the version attribute is "1". The Name and Description attributes can be any valid string and can be edited. The Name attribute is the name of the permission set as it appears in the .NET Framework Configuration tool.
The <IMembershipCondition> element contains attributes or child elements that specify the condition that assemblies must meet to become a member of the code group and receive its associated permissions. The class attribute for <IMembershipCondition> is in the same format as the class attribute for <CodeGroup>.
If a <CodeGroup> element contains an <IMembershipCondition> element and a <PermissionSet> element, the membership condition and permission set are automatically associated with the code group when it is imported. If either of these elements are missing, you must use the Caspol.exe (Code Access Security Policy Tool) to associate the missing item with the new code group. For details, see How to: View Code Groups Using Caspol.exe.