SecurityManager.SavePolicy Method

Saves the modified security policy state.

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

public static void SavePolicy ()
public static void SavePolicy ()
public static function SavePolicy ()
Not applicable.

Exception typeCondition

SecurityException

The code that calls this method does not have SecurityPermissionFlag.ControlPolicy.

This method saves the policy as exposed by PolicyHierarchy, PolicyLevel, and other classes that represent configuration of the security policy. Unless this method is called, changes made to the policy objects will not be saved and will not affect subsequent application runs.

For the complete example, see the SecurityManager class topic.

// Create new code groups using the custom named permission sets previously created.
private static void CreateCodeGroups()
{
    // Create instances of the named permission sets created earlier to establish the
    // permissions for the new code groups.
    NamedPermissionSet companyCodeSet = new NamedPermissionSet("MyCompany",PermissionState.Unrestricted);
    NamedPermissionSet departmentCodeSet = new NamedPermissionSet("MyDepartment",PermissionState.Unrestricted);
    // Create new code groups using the named permission sets.
    PolicyStatement policyMyCompany = new PolicyStatement(companyCodeSet,PolicyStatementAttribute.LevelFinal);
    PolicyStatement policyMyDepartment = new PolicyStatement(departmentCodeSet,PolicyStatementAttribute.Exclusive);
    // Create new code groups using UnionCodeGroup.
    CodeGroup myCompanyZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Intranet), policyMyCompany);
    myCompanyZone.Name = "MyCompanyCodeGroup";

    byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 230, 152, 218, 8, 206, 206, 170,84, 111, 145, 26, 208, 158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180};
    StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);

    CodeGroup myDepartmentZone = new UnionCodeGroup(new StrongNameMembershipCondition(blob,null , null ), policyMyDepartment);
    myDepartmentZone.Name = "MyDepartmentCodeGroup";

    // Move through the policy levels looking for the Machine policy level.
    // Create two new code groups at that level.
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
    while(policyEnumerator.MoveNext())
    {
        // At the Machine level delete already existing copies of the custom code groups,
        // then create the new code groups.
        PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
        if (currentLevel.Label == "Machine")
        {

            // Remove old instances of the custom groups.
            DeleteCustomCodeGroups();
            // Add the new code groups.
            //*******************************************************
            // To add a child code group, add the child to the parent prior to adding
            // the parent to the root.
            myCompanyZone.AddChild(myDepartmentZone);
            // Add the parent to the root code group.
            currentLevel.RootCodeGroup.AddChild(myCompanyZone);
            SecurityManager.SavePolicy();
        }
    }
    // Save the security policy.
    SecurityManager.SavePolicy();
    Console.WriteLine("Security policy modified.");
    Console.WriteLine("New code groups added at the Machine policy level.");
}

// Create new code groups using the custom named permission sets previously
// created.
private static void CreateCodeGroups()
{
    // Create instances of the named permission sets created earlier to
    // establish the permissions for the new code groups.
    NamedPermissionSet companyCodeSet = new NamedPermissionSet
        ("MyCompany", PermissionState.Unrestricted);
    NamedPermissionSet departmentCodeSet = new NamedPermissionSet
        ("MyDepartment", PermissionState.Unrestricted);

    // Create new code groups using the named permission sets.
    PolicyStatement policyMyCompany = new PolicyStatement
        (companyCodeSet, PolicyStatementAttribute.LevelFinal);
    PolicyStatement policyMyDepartment = new PolicyStatement
        (departmentCodeSet, PolicyStatementAttribute.Exclusive);

    // Create new code groups using UnionCodeGroup.
    CodeGroup myCompanyZone = new UnionCodeGroup
        (new ZoneMembershipCondition(SecurityZone.Intranet),
        policyMyCompany);

    myCompanyZone.set_Name("MyCompanyCodeGroup");

    ubyte b1[] =  { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0,
                    0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 
                    1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174,
                    41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 
                    230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208,
                    158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199,
                    111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 
                    189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59,
                    9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66,
                    66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108,
                    210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19,
                    227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245,
                    104, 252, 87, 109, 190, 56, 34, 180 };
    
    StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
    CodeGroup myDepartmentZone =
        new UnionCodeGroup(new StrongNameMembershipCondition
        (blob, null, null), policyMyDepartment);

    myDepartmentZone.set_Name("MyDepartmentCodeGroup");

    // Move through the policy levels looking for the Machine policy level.
    // Create two new code groups at that level.
    IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
    
    while (policyEnumerator.MoveNext()) {
        // At the Machine level delete already existing copies of the
        // custom code groups,then create the new code groups.
        PolicyLevel currentLevel = 
            ((PolicyLevel)(policyEnumerator.get_Current()));
        if (currentLevel.get_Label().equalsIgnoreCase("Machine")) {
            // Remove old instances of the custom groups.
            DeleteCustomCodeGroups();

            // Add the new code groups.
            //*******************************************************
            // To add a child code group, add the child to the parent
            // prior to adding the parent to the root.
            myCompanyZone.AddChild(myDepartmentZone);

            // Add the parent to the root code group.
            currentLevel.get_RootCodeGroup().AddChild(myCompanyZone);
            SecurityManager.SavePolicy();
        }
    }
    // Save the security policy.
    SecurityManager.SavePolicy();
    Console.WriteLine("Security policy modified.");
    Console.WriteLine("New code groups added at the Machine"
        + " policy level.");
} //CreateCodeGroups


  • SecurityPermission  for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0
Show: