This documentation is archived and is not being maintained.

FileCodeGroup Class

Grants permission to manipulate files located in the code assemblies to code assemblies that match the membership condition. This class cannot be inherited.

System::Object
  System.Security.Policy::CodeGroup
    System.Security.Policy::FileCodeGroup

Namespace:  System.Security.Policy
Assembly:  mscorlib (in mscorlib.dll)

[SerializableAttribute]
[ComVisibleAttribute(true)]
public ref class FileCodeGroup sealed : public CodeGroup

The FileCodeGroup type exposes the following members.

  NameDescription
Public methodFileCodeGroupInitializes a new instance of the FileCodeGroup class.
Top

  NameDescription
Public propertyAttributeStringGets a string representation of the attributes of the policy statement for the code group. (Overrides CodeGroup::AttributeString.)
Public propertyChildrenGets or sets an ordered list of the child code groups of a code group. (Inherited from CodeGroup.)
Public propertyDescriptionGets or sets the description of the code group. (Inherited from CodeGroup.)
Public propertyMembershipConditionGets or sets the code group's membership condition. (Inherited from CodeGroup.)
Public propertyMergeLogicGets the merge logic. (Overrides CodeGroup::MergeLogic.)
Public propertyNameGets or sets the name of the code group. (Inherited from CodeGroup.)
Public propertyPermissionSetNameGets the name of the named permission set for the code group. (Overrides CodeGroup::PermissionSetName.)
Public propertyPolicyStatementGets or sets the policy statement associated with the code group. (Inherited from CodeGroup.)
Top

  NameDescription
Public methodAddChildAdds a child code group to the current code group. (Inherited from CodeGroup.)
Public methodCopyMakes a deep copy of the current code group. (Overrides CodeGroup::Copy().)
Protected methodCreateXmlWhen overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement. (Inherited from CodeGroup.)
Public methodEquals(Object)Determines whether the specified code group is equivalent to the current code group. (Overrides CodeGroup::Equals(Object).)
Public methodEquals(CodeGroup, Boolean)Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified. (Inherited from CodeGroup.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodFromXml(SecurityElement)Reconstructs a security object with a given state from an XML encoding. (Inherited from CodeGroup.)
Public methodFromXml(SecurityElement, PolicyLevel)Reconstructs a security object with a given state and policy level from an XML encoding. (Inherited from CodeGroup.)
Public methodGetHashCodeGets the hash code of the current code group. (Overrides CodeGroup::GetHashCode().)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Protected methodParseXmlWhen overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement. (Inherited from CodeGroup.)
Public methodRemoveChildRemoves the specified child code group. (Inherited from CodeGroup.)
Public methodResolveResolves policy for the code group and its descendants for a set of evidence. (Overrides CodeGroup::Resolve(Evidence).)
Public methodResolveMatchingCodeGroupsResolves matching code groups. (Overrides CodeGroup::ResolveMatchingCodeGroups(Evidence).)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Public methodToXml()Creates an XML encoding of the security object and its current state. (Inherited from CodeGroup.)
Public methodToXml(PolicyLevel)Creates an XML encoding of the security object, its current state, and the policy level within which the code exists. (Inherited from CodeGroup.)
Top

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups. Each child code group can have their own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.

FileCodeGroup has the same child matching semantics as UnionCodeGroup. However, FileCodeGroup returns a permission set containing a dynamically-calculated FileIOPermission that grants file access to the directory from which the code is run; UnionCodeGroup only returns a static permission set. The type of file access granted is passed as a parameter to the constructor.

This code group only matches assemblies run over a file protocol, that is, assemblies that have URLs that point to a file or UNC path.

The following example shows the use of members of the FileCodeGroup class.


using namespace System;
using namespace System::Security;
using namespace System::Security::Policy;
using namespace System::Security::Permissions;
using namespace System::Reflection;

ref class Members
{
public:
   [STAThread]
   static void Main()
   {
      FileCodeGroup^ fileCodeGroup = constructDefaultGroup();

      // Create a deep copy of the FileCodeGroup.
      FileCodeGroup^ copyCodeGroup =
         dynamic_cast<FileCodeGroup^>(fileCodeGroup->Copy());

      CompareTwoCodeGroups( fileCodeGroup, copyCodeGroup );
      addPolicy(  &fileCodeGroup );
      addXmlMember(  &fileCodeGroup );
      updateMembershipCondition(  &fileCodeGroup );
      addChildCodeGroup(  &fileCodeGroup );
      Console::Write( L"Comparing the resolved code group " );
      Console::WriteLine( L"with the initial code group." );
      FileCodeGroup^ resolvedCodeGroup =
         ResolveGroupToEvidence( fileCodeGroup );
      if ( CompareTwoCodeGroups( fileCodeGroup, resolvedCodeGroup ) )
      {
         PrintCodeGroup( resolvedCodeGroup );
      }
      else
      {
         PrintCodeGroup( fileCodeGroup );
      }

      Console::WriteLine( L"This sample completed successfully; press Enter to exit." );
      Console::ReadLine();
   }

private:
   // Construct a new FileCodeGroup with Read, Write, Append
   // and PathDiscovery access.
   static FileCodeGroup^ constructDefaultGroup()
   {
      // Construct a new file code group that has complete access to
      // files in the specified path.
      FileCodeGroup^ fileCodeGroup = gcnew FileCodeGroup(
         gcnew AllMembershipCondition,FileIOPermissionAccess::AllAccess );

      // Set the name of the file code group.
      fileCodeGroup->Name = L"TempCodeGroup";

      // Set the description of the file code group.
      fileCodeGroup->Description = L"Temp folder permissions group";

      // Retrieve the string representation of the  fileCodeGroup�s
      // attributes. FileCodeGroup does not use AttributeString, so the
      // value should be null.
      if ( fileCodeGroup->AttributeString != nullptr )
      {
         throw gcnew NullReferenceException(
            L"The AttributeString property should be null." );
      }

      return fileCodeGroup;
   }

   // Add file permission to restrict write access to all files on the
   // local machine.
   static void addPolicy( interior_ptr<FileCodeGroup^> fileCodeGroup )
   {
      // Set the PolicyStatement property to a policy with read access to
      // the root directory of drive C.
      FileIOPermission^ rootFilePermissions =
         gcnew FileIOPermission( PermissionState::None );
      rootFilePermissions->AllLocalFiles =
         FileIOPermissionAccess::Read;
      rootFilePermissions->SetPathList(
         FileIOPermissionAccess::Read, L"C:\\" );
      NamedPermissionSet^ namedPermissions =
         gcnew NamedPermissionSet( L"RootPermissions" );
      namedPermissions->AddPermission( rootFilePermissions );
      ( *fileCodeGroup )->PolicyStatement =
         gcnew PolicyStatement( namedPermissions );
   }

   // Set the membership condition of the specified FileCodeGroup
   // to the Intranet zone.
   static void updateMembershipCondition( interior_ptr<FileCodeGroup^> fileCodeGroup )
   {
      ZoneMembershipCondition^ zoneCondition =
         gcnew ZoneMembershipCondition( SecurityZone::Intranet );
      ( *fileCodeGroup )->MembershipCondition = zoneCondition;
   }

   // Add a child group with read-access file permission to the specified
   // code group.
   static void addChildCodeGroup( interior_ptr<FileCodeGroup^> fileCodeGroup )
   {
      // Create a file code group with read-access permission.
      FileCodeGroup^ tempFolderCodeGroup = gcnew FileCodeGroup(
         gcnew AllMembershipCondition,FileIOPermissionAccess::Read );

      // Set the name of the child code group and add it to
      // the specified code group.
      tempFolderCodeGroup->Name = L"Read-only group";
      ( *fileCodeGroup )->AddChild( tempFolderCodeGroup );
   }

   // Compare the two specified file code groups for equality.
   static bool CompareTwoCodeGroups( FileCodeGroup^ firstCodeGroup,
      FileCodeGroup^ secondCodeGroup )
   {
      if ( firstCodeGroup->Equals( secondCodeGroup ) )
      {
         Console::WriteLine( L"The two code groups are equal." );
         return true;
      }
      else
      {
         Console::WriteLine( L"The two code groups are not equal." );
         return false;
      }
   }

   // Retrieve the resolved policy based on Evidence from the executing
   // assembly found in the specified code group.
   static String^ ResolveEvidence( CodeGroup^ fileCodeGroup )
   {
      String^ policyString = L"";

      // Resolve the policy based on evidence in the executing assembly.
      Assembly^ assembly = Assembly::GetExecutingAssembly();
      Evidence^ executingEvidence = assembly->Evidence;
      PolicyStatement^ policy = fileCodeGroup->Resolve( executingEvidence );

      if ( policy != nullptr )
      {
         policyString = policy->ToString();
      }

      return policyString;
   }

   // Retrieve the resolved code group based on the Evidence from
   // the executing assembly found in the specified code group.
   static FileCodeGroup^ ResolveGroupToEvidence( FileCodeGroup^ fileCodeGroup )
   {
      // Resolve matching code groups to the executing assembly.
      Assembly^ assembly = Assembly::GetExecutingAssembly();
      Evidence^ evidence = assembly->Evidence;
      CodeGroup^ codeGroup = fileCodeGroup->ResolveMatchingCodeGroups( evidence );

      return dynamic_cast<FileCodeGroup^>(codeGroup);
   }

   // If a domain attribute is not found in the specified FileCodeGroup,
   // add a child XML element identifying a custom membership condition.
   static void addXmlMember( interior_ptr<FileCodeGroup^> fileCodeGroup )
   {
      SecurityElement^ xmlElement = ( *fileCodeGroup )->ToXml();

      SecurityElement^ rootElement = gcnew SecurityElement( L"CodeGroup" );
      if ( xmlElement->Attribute(L"domain") == nullptr )
      {
         SecurityElement^ newElement = gcnew SecurityElement(
            L"CustomMembershipCondition" );
         newElement->AddAttribute( L"class", L"CustomMembershipCondition" );
         newElement->AddAttribute( L"version", L"1" );
         newElement->AddAttribute( L"domain", L"contoso.com" );
         rootElement->AddChild( newElement );
         ( *fileCodeGroup )->FromXml( rootElement );
      }

      Console::WriteLine( L"Added a custom membership condition:" );
      Console::WriteLine( rootElement );
   }

   // Print the properties of the specified code group to the console.
   static void PrintCodeGroup( CodeGroup^ codeGroup )
   {
      // Compare the type of the specified object with the FileCodeGroup
      // type.
      if (  !codeGroup->GetType()->Equals( FileCodeGroup::typeid ) )
      {
         throw gcnew ArgumentException( L"Expected the FileCodeGroup type." );
      }

      String^ codeGroupName = codeGroup->Name;
      String^ membershipCondition = codeGroup->MembershipCondition->ToString();

      String^ permissionSetName = codeGroup->PermissionSetName;

      int hashCode = codeGroup->GetHashCode();

      String^ mergeLogic = L"";

      if ( codeGroup->MergeLogic->Equals( L"Union" ) )
      {
         mergeLogic = L" with Union merge logic";
      }

      // Retrieve the class path for FileCodeGroup.
      String^ fileGroupClass = codeGroup->ToString();

      // Write summary to the console window.
      Console::WriteLine( L"\n*** {0} summary ***", fileGroupClass );
      Console::Write( L"A FileCodeGroup named " );
      Console::Write( L"{0}{1}", codeGroupName, mergeLogic );
      Console::Write( L" has been created with hash code{0}.", hashCode );
      Console::Write( L"This code group contains a {0}", membershipCondition );
      Console::Write( L" membership condition with the " );
      Console::Write( L"{0} permission set. ", permissionSetName );
      Console::Write( L"The code group has the following security policy: " );
      Console::WriteLine( ResolveEvidence( codeGroup ) );
      int childCount = codeGroup->Children->Count;
      if ( childCount > 0 )
      {
         Console::Write( L"There are {0}", childCount );
         Console::WriteLine( L" child code groups in this code group." );

         // Iterate through the child code groups to display their names
         // and remove them from the specified code group.
         for ( int i = 0; i < childCount; i++ )
         {
            // Get child code group as type FileCodeGroup.
            FileCodeGroup^ childCodeGroup =
               dynamic_cast<FileCodeGroup^>(codeGroup->Children->default[ i ]);

            Console::Write( L"Removing the {0}.", childCodeGroup->Name );
            // Remove child code group.

            codeGroup->RemoveChild( childCodeGroup );
         }
         Console::WriteLine();
      }
      else
      {
         Console::Write( L"There are no child code groups" );
         Console::WriteLine( L" in this code group." );
      }
   }
};

int main()
{
   Members::Main();
}

//
// This sample produces the following output:
//
// The two code groups are equal.
// Added a custom membership condition:
// <CodeGroup>
// <CustomMembershipCondition class="CustomMembershipCondition"
//                                version="1"
//                                domain="contoso.com"/>
//                                </CodeGroup>
// Comparing the resolved code group with the initial code group.
// The two code groups are not equal.
//
// *** System.Security.Policy.FileCodeGroup summary ***
// A FileCodeGroup named  with Union merge logic has been created with hash
// code 113151473. This code group contains a Zone - Intranet membership
// condition with the Same directory FileIO - NoAccess permission set. The
// code group has the following security policy:
// There are 1 child code groups in this code group.
// Removing the Read-only group.
// This sample completed successfully; press Enter to exit.


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show: