SiteIdentityPermission Class
Collapse the table of content
Expand the table of content

SiteIdentityPermission Class

Defines the identity permission for the Web site from which the code originates. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

public ref class SiteIdentityPermission sealed : public CodeAccessPermission
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class SiteIdentityPermission extends CodeAccessPermission
public final class SiteIdentityPermission extends CodeAccessPermission
Not applicable.

Using this class, it is possible to ensure that callers are from a specific Web site. Site identity is only defined for code from URLs with the protocols of HTTP, HTTPS, and FTP. A site is the string between the "//" after the protocol of a URL and the following "/", if present, for example, in the URL This excludes port numbers. If a given URL is, the site is, not

Sites can be matched exactly, or by a wildcard ("*") prefix at the dot delimiter. For example, the site name string * matches as well as Without a wildcard, the site name must be a precise match. The site name string * will match any site, but will not match code that has no site evidence.


In the .NET Framework versions 1.0 and 1.1, demands on the identity permissions are effective, even when the calling assembly is fully trusted. That is, although the calling assembly has full trust, a demand for an identity permission fails if the assembly does not meet the demanded criteria. In the .NET Framework version 2.0, demands for identity permissions are ineffective if the calling assembly has full trust. This assures consistency for all permissions, eliminating the treatment of identity permissions as a special case.

Caution noteCaution:

SiteIdentityPermission grants permission for all paths to the site, including both the URL and the IP address. To Deny access to a site, you must Deny all possible paths to the site. For example, if is located at IP address, to Deny access to, you must Deny, and any other path that you can use to access the site. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see Canonicalization Problems Using Deny in the [<topic://cpcondeny>] topic.


In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0, identity permissions can have any permission state value. This means that in version 2.0, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. For information on executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy>.

The following code example shows the behavior of the SiteIdentityPermission class methods.


The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

No code example is currently available or this language may not be supported.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0

Community Additions

© 2015 Microsoft