Allows checks against the active principal (see IPrincipal) using the language constructs defined for both declarative and imperative security actions. This class cannot be inherited.
Assembly: mscorlib (in mscorlib.dll)
Thetype exposes the following members.
|PrincipalPermission(PermissionState)||Initializes a new instance of the class with the specified PermissionState.|
|PrincipalPermission(String, String)||Initializes a new instance of the class for the specified name and role.|
|PrincipalPermission(String, String, Boolean)||Initializes a new instance of the class for the specified name, role, and authentication status.|
|Copy||Creates and returns an identical copy of the current permission.|
|Demand||Determines at run time whether the current principal matches the principal specified by the current permission.|
|Equals||Determines whether the specified object is equal to the current . (Overrides Object.Equals(Object).)|
|FromXml||Reconstructs a permission with a specified state from an XML encoding.|
|GetHashCode||Gets a hash code for the object that is suitable for use in hashing algorithms and data structures such as a hash table. (Overrides Object.GetHashCode.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|Intersect||Creates and returns a permission that is the intersection of the current permission and the specified permission.|
|IsSubsetOf||Determines whether the current permission is a subset of the specified permission.|
|IsUnrestricted||Returns a value indicating whether the current permission is unrestricted.|
|ToString||Creates and returns a string representing the current permission. (Overrides Object.ToString.)|
|ToXml||Creates an XML encoding of the permission and its current state.|
|Union||Creates a permission that is the union of the current permission and the specified permission.|
By passing identity information (user name and role) to the constructor, can be used to demand that the identity of the active principal matches this information.
To match the active IPrincipal and associated IIdentity, both the specified identity and role must match. If Nothing identity string is used, it is interpreted as a request to match any identity. Use of Nothing role string will match any role. By implication, passing Nothing parameter for name or role to will match the identity and roles in any IPrincipal. It is also possible to construct a that only determines whether the IIdentity represents an authenticated or unauthenticated entity. In this case, name and role are ignored.
Unlike most other permissions, does not extend CodeAccessPermission. It does, however, implement the IPermission interface. This is because is not a code access permission; that is, it is not granted based on the identity of the executing assembly. Instead, it allows code to perform actions (Demand, Union, Intersect, and so on) against the current user identity in a manner consistent with the way those actions are performed for code access and code identity permissions.
Prior to a demand for principal permission it is necessary to set the current application domain's principal policy to the enumeration value WindowsPrincipal. By default, the principal policy is set to UnauthenticatedPrincipal. If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. The following code should be executed before the principal permission is demanded:
The following example requires the active principal to be an administrator. The name parameter is Nothing, which enables any user who is an administrator to pass the demand.
In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that requires you to be an administrator, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.
Imports System Imports System.Threading Imports System.Security.Permissions Imports System.Security.Principal Class SecurityPrincipalDemo Public Shared Sub Main() AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) Dim principalPerm As New PrincipalPermission(Nothing, "Administrators") principalPerm.Demand() Console.WriteLine("Demand succeeded.") End Sub 'Main End Class 'SecurityPrincipalDemo