Assembly: mscorlib (in mscorlib.dll)
[SerializableAttribute] [ComVisibleAttribute(true)] [AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple=true, Inherited=false)] public sealed class PrincipalPermissionAttribute : CodeAccessSecurityAttribute
/** @attribute SerializableAttribute() */ /** @attribute ComVisibleAttribute(true) */ /** @attribute AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple=true, Inherited=false) */ public final class PrincipalPermissionAttribute extends CodeAccessSecurityAttribute
PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a specified role or have been authenticated. Use of Unrestricted creates a PrincipalPermission with Authenticated set to true and Name and Role set to a null reference (Nothing in Visual Basic).
The scope of the declaration that is allowed depends on the SecurityAction that is used. PrincipalPermissionAttribute cannot be applied at the assembly level.
The security information declared by a security attribute is stored in the metadata of the attribute target and is accessed by the system at run time. Security attributes are used only for declarative security. For imperative security, use the corresponding permission class.
Important Prior to a demand for principal permission it is necessary to set the current application domain's principal policy to the enumeration value WindowsPrincipal. By default, the principal policy is set to UnauthenticatedPrincipal. If you do not set the principal policy to WindowsPrincipal, a demand for principal permission will fail. The following code should be executed before the principal permission is demanded: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).
The following example demonstrates how PrincipalPermission can be used declaratively to demand that the current user is Bob and belongs to the Supervisor role.
/** @attribute PrincipalPermissionAttribute(SecurityAction.Demand, Name = "Bob", Role = "Supervisor") */
The following example demonstrates how to demand that the current user's identity is Bob, regardless of role membership.
The following example demonstrates how to demand only that the user is authenticated.
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition