This documentation is archived and is not being maintained.

SecurityManager.SavePolicy Method

Saves the modified security policy state.

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

public static void SavePolicy ()
public static void SavePolicy ()
public static function SavePolicy ()

Exception typeCondition

SecurityException

The code that calls this method does not have SecurityPermissionFlag.ControlPolicy.

This method saves the policy as exposed by PolicyHierarchy, PolicyLevel, and other classes that represent configuration of the security policy. Unless this method is called, changes made to the policy objects will not be saved and will not affect subsequent application runs.

For the complete example, see the SecurityManager class topic.

// Create new code groups using the custom named permission sets previously created.
private static void CreateCodeGroups()
{
    // Create instances of the named permission sets created earlier to establish the
    // permissions for the new code groups.
    NamedPermissionSet companyCodeSet = new NamedPermissionSet("MyCompany",PermissionState.Unrestricted);
    NamedPermissionSet departmentCodeSet = new NamedPermissionSet("MyDepartment",PermissionState.Unrestricted);
    // Create new code groups using the named permission sets.
    PolicyStatement policyMyCompany = new PolicyStatement(companyCodeSet,PolicyStatementAttribute.LevelFinal);
    PolicyStatement policyMyDepartment = new PolicyStatement(departmentCodeSet,PolicyStatementAttribute.Exclusive);
    // Create new code groups using UnionCodeGroup.
    CodeGroup myCompanyZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Intranet), policyMyCompany);
    myCompanyZone.Name = "MyCompanyCodeGroup";

    byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 230, 152, 218, 8, 206, 206, 170,84, 111, 145, 26, 208, 158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180};
    StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);

    CodeGroup myDepartmentZone = new UnionCodeGroup(new StrongNameMembershipCondition(blob,null , null ), policyMyDepartment);
    myDepartmentZone.Name = "MyDepartmentCodeGroup";

    // Move through the policy levels looking for the Machine policy level.
    // Create two new code groups at that level.
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
    while(policyEnumerator.MoveNext())
    {
        // At the Machine level delete already existing copies of the custom code groups,
        // then create the new code groups.
        PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
        if (currentLevel.Label == "Machine")
        {

            // Remove old instances of the custom groups.
            DeleteCustomCodeGroups();
            // Add the new code groups.
            //*******************************************************
            // To add a child code group, add the child to the parent prior to adding
            // the parent to the root.
            myCompanyZone.AddChild(myDepartmentZone);
            // Add the parent to the root code group.
            currentLevel.RootCodeGroup.AddChild(myCompanyZone);
            SecurityManager.SavePolicy();
        }
    }
    // Save the security policy.
    SecurityManager.SavePolicy();
    Console.WriteLine("Security policy modified.");
    Console.WriteLine("New code groups added at the Machine policy level.");
}

// Create new code groups using the custom named permission sets previously
// created.
private static void CreateCodeGroups()
{
    // Create instances of the named permission sets created earlier to
    // establish the permissions for the new code groups.
    NamedPermissionSet companyCodeSet = new NamedPermissionSet
        ("MyCompany", PermissionState.Unrestricted);
    NamedPermissionSet departmentCodeSet = new NamedPermissionSet
        ("MyDepartment", PermissionState.Unrestricted);

    // Create new code groups using the named permission sets.
    PolicyStatement policyMyCompany = new PolicyStatement
        (companyCodeSet, PolicyStatementAttribute.LevelFinal);
    PolicyStatement policyMyDepartment = new PolicyStatement
        (departmentCodeSet, PolicyStatementAttribute.Exclusive);

    // Create new code groups using UnionCodeGroup.
    CodeGroup myCompanyZone = new UnionCodeGroup
        (new ZoneMembershipCondition(SecurityZone.Intranet),
        policyMyCompany);

    myCompanyZone.set_Name("MyCompanyCodeGroup");

    ubyte b1[] =  { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0,
                    0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 
                    1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174,
                    41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 
                    230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208,
                    158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199,
                    111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 
                    189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59,
                    9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66,
                    66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108,
                    210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19,
                    227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245,
                    104, 252, 87, 109, 190, 56, 34, 180 };
    
    StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
    CodeGroup myDepartmentZone =
        new UnionCodeGroup(new StrongNameMembershipCondition
        (blob, null, null), policyMyDepartment);

    myDepartmentZone.set_Name("MyDepartmentCodeGroup");

    // Move through the policy levels looking for the Machine policy level.
    // Create two new code groups at that level.
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
    
    while (policyEnumerator.MoveNext()) {
        // At the Machine level delete already existing copies of the
        // custom code groups,then create the new code groups.
        PolicyLevel currentLevel = 
            ((PolicyLevel)(policyEnumerator.get_Current()));
        if (currentLevel.get_Label().equalsIgnoreCase("Machine")) {
            // Remove old instances of the custom groups.
            DeleteCustomCodeGroups();

            // Add the new code groups.
            //*******************************************************
            // To add a child code group, add the child to the parent
            // prior to adding the parent to the root.
            myCompanyZone.AddChild(myDepartmentZone);

            // Add the parent to the root code group.
            currentLevel.get_RootCodeGroup().AddChild(myCompanyZone);
            SecurityManager.SavePolicy();
        }
    }
    // Save the security policy.
    SecurityManager.SavePolicy();
    Console.WriteLine("Security policy modified.");
    Console.WriteLine("New code groups added at the Machine"
        + " policy level.");
} //CreateCodeGroups


  • SecurityPermission  for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0, 1.1, 1.0
Show: