NetCodeGroup Class
Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.
Assembly: mscorlib (in mscorlib.dll)
| Name | Description | |
|---|---|---|
 | NetCodeGroup(IMembershipCondition^) | Initializes a new instance of the NetCodeGroup class. |
| Name | Description | |
|---|---|---|
 | AttributeString | Gets a string representation of the attributes of the policy statement for the code group.(Overrides CodeGroup::AttributeString.) |
| Children | Gets or sets an ordered list of the child code groups of a code group.(Inherited from CodeGroup.) |
| Description | Gets or sets the description of the code group.(Inherited from CodeGroup.) |
| MembershipCondition | Gets or sets the code group's membership condition.(Inherited from CodeGroup.) |
| MergeLogic | Gets the logic to use for merging groups.(Overrides CodeGroup::MergeLogic.) |
| Name | Gets or sets the name of the code group.(Inherited from CodeGroup.) |
| PermissionSetName | Gets the name of the NamedPermissionSet for the code group.(Overrides CodeGroup::PermissionSetName.) |
| PolicyStatement | Gets or sets the policy statement associated with the code group.(Inherited from CodeGroup.) |
| Name | Description | |
|---|---|---|
| AddChild(CodeGroup^) | Adds a child code group to the current code group.(Inherited from CodeGroup.) |
| AddConnectAccess(String^, CodeConnectAccess^) | Adds the specified connection access to the current code group. |
| Copy() | Makes a deep copy of the current code group.(Overrides CodeGroup::Copy().) |
| Equals(CodeGroup^, Boolean) | Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified.(Inherited from CodeGroup.) |
| Equals(Object^) | Determines whether the specified code group is equivalent to the current code group.(Overrides CodeGroup::Equals(Object^).) |
| FromXml(SecurityElement^) | Reconstructs a security object with a given state from an XML encoding.(Inherited from CodeGroup.) |
| FromXml(SecurityElement^, PolicyLevel^) | Reconstructs a security object with a given state and policy level from an XML encoding.(Inherited from CodeGroup.) |
| GetConnectAccessRules() | Gets the connection access information for the current code group. |
| GetHashCode() | Gets the hash code of the current code group.(Overrides CodeGroup::GetHashCode().) |
| GetType() | |
| RemoveChild(CodeGroup^) | Removes the specified child code group.(Inherited from CodeGroup.) |
| ResetConnectAccess() | Removes all connection access information for the current code group. |
| Resolve(Evidence^) | Resolves policy for the code group and its descendants for a set of evidence.(Overrides CodeGroup::Resolve(Evidence^).) |
| ResolveMatchingCodeGroups(Evidence^) | Resolves matching code groups.(Overrides CodeGroup::ResolveMatchingCodeGroups(Evidence^).) |
| ToString() | Returns a string that represents the current object.(Inherited from Object.) |
| ToXml() | Creates an XML encoding of the security object and its current state.(Inherited from CodeGroup.) |
| ToXml(PolicyLevel^) | Creates an XML encoding of the security object, its current state, and the policy level within which the code exists.(Inherited from CodeGroup.) |
| Name | Description | |
|---|---|---|
  | AbsentOriginScheme | Contains a value used to specify connection access for code with an unknown or unrecognized origin scheme. |
| AnyOtherOriginScheme | Contains a value used to specify any other unspecified origin scheme. |
Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have one or more child code groups. Each child code group can have its own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to the group, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly, along with their child code groups, apply code access security policy.
NetCodeGroup has the same merge semantics as that of UnionCodeGroup; it forms the union of the PolicyStatement objects of all matching child code groups and the PolicyStatement it generates from the input Url evidence. However, NetCodeGroup returns a permission containing a dynamically calculated WebPermission that grants connect access to the site from which the code is run; UnionCodeGroup simply returns a static permission set.
When a NetCodeGroup is created, it contains the default connection access rules shown in the following table.
URI Scheme | Rule |
|---|---|
file | No connection access to the origin server is permitted. |
http | HTTP and HTTPS access is permitted using the origin port. |
https | HTTPS access is permitted using the origin port. |
You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a CodeConnectAccess object with the appropriate Scheme and Port property values to the AddConnectAccess method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying AbsentOriginScheme ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying AnyOtherOriginScheme ("*") as the scheme.
 Note |
|---|
If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site. |
The following code example demonstrates creating a NetCodeGroup and adding CodeConnectAccess objects for code downloaded using the HTTP scheme.
static void SetNetCodeGroupAccess() { String^ userPolicyLevel = "User"; // Locate the User policy level. PolicyLevel^ level = nullptr; System::Collections::IEnumerator^ ph = System::Security::SecurityManager::PolicyHierarchy(); while(ph->MoveNext()) { level = (PolicyLevel^)ph->Current; if (level->Label == userPolicyLevel) { break; } } if (level->Label != userPolicyLevel) throw gcnew ApplicationException("Could not find User policy level."); IMembershipCondition^ membership = gcnew UrlMembershipCondition("http://www.contoso.com/*"); NetCodeGroup^ codeGroup = gcnew NetCodeGroup(membership); // Delete default settings. codeGroup->ResetConnectAccess(); // Create an object that represents access to the FTP scheme and // default port. CodeConnectAccess^ CodeAccessFtp = gcnew CodeConnectAccess(Uri::UriSchemeFtp, CodeConnectAccess::DefaultPort); // Create an object that represents access to the HTTPS scheme // and default port. CodeConnectAccess^ CodeAccessHttps = gcnew CodeConnectAccess(Uri::UriSchemeHttps, CodeConnectAccess::DefaultPort); // Create an object that represents access to the origin // scheme and port. CodeConnectAccess^ CodeAccessOrigin = CodeConnectAccess::CreateOriginSchemeAccess (CodeConnectAccess::OriginPort); // Add connection access objects to the NetCodeGroup object. codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessFtp); codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessHttps); codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessOrigin); // Provide name and description information for caspol.exe tool. codeGroup->Name = "ContosoHttpCodeGroup"; codeGroup->Description = "Code originating from contoso.com can" + " connect back using the FTP or HTTPS."; // Add the code group to the User policy's root node. level->RootCodeGroup->AddChild(codeGroup); // Save the changes to the policy level. System::Security::SecurityManager::SavePolicy(); }
Available since 1.1
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.