CodeAccessPermission Class

 

Defines the underlying structure of all code access permissions.

Namespace:   System.Security
Assembly:  mscorlib (in mscorlib.dll)

System::Object
  System.Security::CodeAccessPermission
    System.Configuration::ConfigurationPermission
    System.Data.Common::DBDataPermission
    System.Data.OracleClient::OraclePermission
    System.Drawing.Printing::PrintingPermission
    System.Messaging::MessageQueuePermission
    System.Net::DnsPermission
    System.Net.Mail::SmtpPermission
    System.Net.NetworkInformation::NetworkInformationPermission
    System.Net.PeerToPeer.Collaboration::PeerCollaborationPermission
    System.Net.PeerToPeer::PnrpPermission
    System.Net::SocketPermission
    System.Net::WebPermission
    System.Security.Permissions::DataProtectionPermission
    System.Security.Permissions::EnvironmentPermission
    System.Security.Permissions::FileDialogPermission
    System.Security.Permissions::FileIOPermission
    System.Security.Permissions::GacIdentityPermission
    System.Security.Permissions::IsolatedStoragePermission
    System.Security.Permissions::KeyContainerPermission
    System.Security.Permissions::MediaPermission
    System.Security.Permissions::PublisherIdentityPermission
    System.Security.Permissions::ReflectionPermission
    System.Security.Permissions::RegistryPermission
    System.Security.Permissions::ResourcePermissionBase
    System.Security.Permissions::SecurityPermission
    System.Security.Permissions::SiteIdentityPermission
    System.Security.Permissions::StorePermission
    System.Security.Permissions::StrongNameIdentityPermission
    System.Security.Permissions::TypeDescriptorPermission
    System.Security.Permissions::UIPermission
    System.Security.Permissions::UrlIdentityPermission
    System.Security.Permissions::WebBrowserPermission
    System.Security.Permissions::ZoneIdentityPermission
    System.Transactions::DistributedTransactionPermission
    System.Web::AspNetHostingPermission
    System.Xaml.Permissions::XamlLoadPermission

[SerializableAttribute]
[ComVisibleAttribute(true)]
[SecurityPermissionAttribute(SecurityAction::InheritanceDemand, 
	ControlEvidence = true, ControlPolicy = true)]
public ref class CodeAccessPermission abstract : IPermission, 
	ISecurityEncodable, IStackWalk

NameDescription
System_CAPS_protmethodCodeAccessPermission()

Initializes a new instance of the CodeAccessPermission class.

NameDescription
System_CAPS_pubmethodAssert()

Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using Assert can create security issues.

System_CAPS_pubmethodCopy()

When implemented by a derived class, creates and returns an identical copy of the current permission object.

System_CAPS_pubmethodDemand()

Forces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

System_CAPS_pubmethodDeny()

Obsolete.Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

System_CAPS_pubmethodEquals(Object^)

Determines whether the specified CodeAccessPermission object is equal to the current CodeAccessPermission.(Overrides Object::Equals(Object^).)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodFromXml(SecurityElement^)

When overridden in a derived class, reconstructs a security object with a specified state from an XML encoding.

System_CAPS_pubmethodGetHashCode()

Gets a hash code for the CodeAccessPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.(Overrides Object::GetHashCode().)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodIntersect(IPermission^)

When implemented by a derived class, creates and returns a permission that is the intersection of the current permission and the specified permission.

System_CAPS_pubmethodIsSubsetOf(IPermission^)

When implemented by a derived class, determines whether the current permission is a subset of the specified permission.

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodPermitOnly()

Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

System_CAPS_pubmethodSystem_CAPS_staticRevertAll()

Causes all previous overrides for the current frame to be removed and no longer in effect.

System_CAPS_pubmethodSystem_CAPS_staticRevertAssert()

Causes any previous Assert for the current frame to be removed and no longer in effect.

System_CAPS_pubmethodSystem_CAPS_staticRevertDeny()

Obsolete.Causes any previous Deny for the current frame to be removed and no longer in effect.

System_CAPS_pubmethodSystem_CAPS_staticRevertPermitOnly()

Causes any previous PermitOnly for the current frame to be removed and no longer in effect.

System_CAPS_pubmethodToString()

Creates and returns a string representation of the current permission object.(Overrides Object::ToString().)

System_CAPS_pubmethodToXml()

When overridden in a derived class, creates an XML encoding of the security object and its current state.

System_CAPS_pubmethodUnion(IPermission^)

When overridden in a derived class, creates a permission that is the union of the current permission and the specified permission.

Code access permissions use a stack walk to ensure that all callers of the code have been granted a permission. If a permission object is null, it is handled the same as a permission object with the state PermissionState::None.

The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

Inheritors of the CodeAccessPermission class must be granted full trust to function correctly as permissions extending the security infrastructure. To determine that the inheritors are fully trusted, CodeAccessPermission issues an InheritanceDemand for ControlEvidence = true and ControlPolicy = true.

Notes to Inheritors:

When you inherit from CodeAccessPermission, you must also implement the IUnrestrictedPermission interface.

The following CodeAccessPermission members must be overridden: Copy, Intersect, IsSubsetOf, ToXml, FromXml, and Union.

You must also define a constructor that takes a PermissionState as its only parameter.

You must apply the SerializableAttribute attribute to a class that inherits from CodeAccessPermission.

The following code example shows a permission derived from the CodeAccessPermission class.

//#define debug
// This custom permission is intended only for the purposes of illustration.
// The following code shows how to create a custom permission that inherits
// from CodeAccessPermission. The code implements all required overrides.
// A wildcard character ('*') is implemented for the Name property.

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Policy;
using namespace System::Collections;
using namespace System::Text;

[assembly:System::Reflection::AssemblyKeyFile("Key.snk")];
[assembly:System::Security::AllowPartiallyTrustedCallersAttribute];

[Serializable]
public ref class NameIdPermission: public CodeAccessPermission, public IUnrestrictedPermission
{
private:
   String^ m_Name;
   bool m_Unrestricted;

public:
   NameIdPermission( String^ name )
   {
      m_Name = name;
   }

   NameIdPermission( PermissionState state )
   {
      if ( state == PermissionState::None )
      {
         m_Name = "";
      }
      else if ( state == PermissionState::Unrestricted )
      {
         throw gcnew ArgumentException( "Unrestricted state is not allowed for identity permissions." );
      }
      else
      {
         throw gcnew ArgumentException( "Invalid permission state." );
      }
   }

   property String^ Name 
   {
      String^ get()
      {
         return m_Name;
      }
      void set( String^ value )
      {
         m_Name = value;
      }
   }

public:
   virtual IPermission^ Copy() override
   {
      String^ name = m_Name;
      return gcnew NameIdPermission( name );
   }

public:
   virtual bool IsUnrestricted()
   {
      // Always false, unrestricted state is not allowed.
      return m_Unrestricted;
   }

private:
   bool VerifyType( IPermission^ target )
   {
      return dynamic_cast<NameIdPermission^>(target) != nullptr;
   }

public:
   virtual bool IsSubsetOf( IPermission^ target ) override
   {
#if ( debug ) 
      Console::WriteLine( "************* Entering IsSubsetOf *********************" );
#endif

      if ( target == nullptr )
      {
         Console::WriteLine( "IsSubsetOf: target == null" );
         return false;
      }

#if ( debug ) 
      Console::WriteLine( "This is = {0}", ((NameIdPermission)this).Name );
      Console::WriteLine( "Target is {0}", ((NameIdPermission)target).m_Name );
#endif

      try
      {
         NameIdPermission^ operand = dynamic_cast<NameIdPermission^>(target);

         // The following check for unrestricted permission is only included as an example for
         // permissions that allow the unrestricted state. It is of no value for this permission.
         if ( true == operand->m_Unrestricted )
         {
            return true;
         }
         else if ( true == this->m_Unrestricted )
         {
            return false;
         }

         if ( this->m_Name != nullptr )
         {
            if ( operand->m_Name == nullptr )
            {
               return false;
            }
            if ( this->m_Name->Equals( "" ) )
            {
               return true;
            }
         }

         if ( this->m_Name->Equals( operand->m_Name ) )
         {
            return true;
         }
         else
         {
            // Check for wild card character '*'.
            int i = operand->m_Name->LastIndexOf( "*" );

            if ( i > 0 )
            {
               String^ prefix = operand->m_Name->Substring( 0, i );
               if ( this->m_Name->StartsWith( prefix ) )
               {
                  return true;
               }
            }
         }
         return false;
      }
      catch ( InvalidCastException^ ) 
      {
         throw gcnew ArgumentException( String::Format( "Argument_WrongType", this->GetType()->FullName ) );
      }
   }

public:
   virtual IPermission^ Intersect( IPermission^ target ) override
   {
      Console::WriteLine( "************* Entering Intersect *********************" );
      if ( target == nullptr )
      {
         return nullptr;
      }

#if ( debug ) 
      Console::WriteLine( "This is = {0}", ((NameIdPermission)this).Name );
      Console::WriteLine( "Target is {0}", ((NameIdPermission)target).m_Name );
#endif 

      if (  !VerifyType( target ) )
      {
         throw gcnew ArgumentException( String::Format( "Argument is wrong type.", this->GetType()->FullName ) );
      }

      NameIdPermission^ operand = dynamic_cast<NameIdPermission^>(target);

      if ( operand->IsSubsetOf( this ) )
      {
         return operand->Copy();
      }
      else if ( this->IsSubsetOf( operand ) )
      {
         return this->Copy();
      }
      else
      {
         return nullptr;
      }
   }

public:
   virtual IPermission^ Union( IPermission^ target ) override
   {
#if ( debug ) 
      Console::WriteLine( "************* Entering Union *********************" );
#endif 

      if ( target == nullptr )
      {
         return this;
      }

#if ( debug ) 
      Console::WriteLine( "This is = {0}", ((NameIdPermission)this).Name );
      Console::WriteLine( "Target is {0}", ((NameIdPermission)target).m_Name );
#endif 

      if (  !VerifyType( target ) )
      {
         throw gcnew ArgumentException( String::Format( "Argument_WrongType", this->GetType()->FullName ) );
      }

      NameIdPermission^ operand = dynamic_cast<NameIdPermission^>(target);

      if ( operand->IsSubsetOf( this ) )
      {
         return this->Copy();
      }
      else if ( this->IsSubsetOf( operand ) )
      {
         return operand->Copy();
      }
      else
      {
         return nullptr;
      }
   }

public:
   virtual void FromXml( SecurityElement^ e ) override
   {
      // The following code for unrestricted permission is only included as an example for
      // permissions that allow the unrestricted state. It is of no value for this permission.
      String^ elUnrestricted = e->Attribute("Unrestricted");
      if ( nullptr != elUnrestricted )
      {
         m_Unrestricted = Boolean::Parse( elUnrestricted );
         return;
      }

      String^ elName = e->Attribute("Name");
      m_Name = elName == nullptr ? nullptr : elName;
   }

public:
   virtual SecurityElement^ ToXml() override
   {
      // Use the SecurityElement class to encode the permission to XML.
      SecurityElement^ esd = gcnew SecurityElement( "IPermission" );
      String^ name = NameIdPermission::typeid->AssemblyQualifiedName;
      esd->AddAttribute( "class", name );
      esd->AddAttribute( "version", "1.0" );

      // The following code for unrestricted permission is only included as an example for
      // permissions that allow the unrestricted state. It is of no value for this permission.
      if ( m_Unrestricted )
      {
         esd->AddAttribute( "Unrestricted", true.ToString() );
      }

      if ( m_Name != nullptr )
      {
         esd->AddAttribute( "Name", m_Name );
      }

      return esd;
   }
};

InheritanceDemand

for the ability of inheritors to provide evidence and view and modify policy. Associated enumerations: SecurityPermissionFlag::ControlEvidence, SecurityPermissionFlag::ControlPolicy.

.NET Framework
Available since 1.1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: