PrincipalPermission Class

Allows checks against the active principal (see IPrincipal) using the language constructs defined for both declarative and imperative security actions. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

public ref class PrincipalPermission sealed : IPermission, IUnrestrictedPermission, ISecurityEncodable
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class PrincipalPermission implements IPermission, IUnrestrictedPermission, 
public final class PrincipalPermission implements IPermission, IUnrestrictedPermission, 

By passing identity information (user name and role) to the constructor, PrincipalPermission can be used to demand that the identity of the active principal matches this information.

To match the active IPrincipal and associated IIdentity, both the specified identity and role must match. If a null reference (Nothing in Visual Basic) identity string is used, it is interpreted as a request to match any identity. Use of a null reference (Nothing in Visual Basic) role string will match any role. By implication, passing a null reference (Nothing in Visual Basic) parameter for name or role to PrincipalPermission will match the identity and roles in any IPrincipal. It is also possible to construct a PrincipalPermission that only determines whether the IIdentity represents an authenticated or unauthenticated entity. In this case, name and role are ignored.

Unlike most other permissions, PrincipalPermission does not extend CodeAccessPermission. It does, however, implement the IPermission interface. This is because PrincipalPermission is not a code access permission; that is, it is not granted based on the identity of the executing assembly. Instead, it allows code to perform actions (Demand, Union, Intersect, and so on) against the current user identity in a manner consistent with the way those actions are performed for code access and code identity permissions.


Prior to a demand for principal permission it is necessary to set the current application domain's principal policy to the enumeration value WindowsPrincipal. By default, the principal policy is set to UnauthenticatedPrincipal. If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. The following code should be executed before the principal permission is demanded:


The following code example creates two PrincipalPermission objects representing two different administrative users, forms the union of the two, and makes a demand. Demand will succeed only if the active implementation of IPrincipal represents either user Bob in the role of Manager or user Louise in the role of Supervisor.

String^ id1 = "Bob";
String^ role1 = "Manager";
PrincipalPermission^ PrincipalPerm1 = gcnew PrincipalPermission( id1,role1 );

String^ id2 = "Louise";
String^ role2 = "Supervisor";
PrincipalPermission^ PrincipalPerm2 = gcnew PrincipalPermission( id2,role2 );

(PrincipalPerm1->Union( PrincipalPerm2 ))->Demand();

String id1 = "Bob";
String role1 = "Manager";
PrincipalPermission principalPerm1 = new PrincipalPermission(id1,
String id2 = "Louise";
String role2 = "Supervisor";
PrincipalPermission principalPerm2 = new PrincipalPermission(id2,


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0, 1.1, 1.0

Community Additions