Share via

Importing a Permission Set Using an XML File

  • Article

The XML file might contain a permission set (with or without a custom permission) that contains the permissions the application needs to run. You can import the permission set into security policy using the .NET Framework Configuration tool (Mscorcfg.msc).

The following example shows a permission set and a permission inside an XML file.

<PermissionSet class="NamedPermissionSet"
               version="1"
               Name="MyPermissionSet"
               Description="Permission set containing my custom permission">
   <IPermission class="myCustomNamespace.CustomPermission, customPerm,
                Version=0.0.0.0, Culture=neutral,
                PublicKeyToken=64a85a7d791b1a32"
                version="1"
                Unrestricted="True"/>
</PermissionSet>

The <PermissionSet> element can contain any number of <IPermission> elements, which represent the permissions in the permission set. The class attribute usually contains the value "NamedPermissionSet" or "System.Security.NamedPermissionSet". For this version of the .NET Framework, the version attribute is "1".   The Name attribute is the name of the permission set as it appears in the .NET Framework Configuration tool. The Description attribute provides a description of the permission set. You can modify both the Name and Description attributes.

**CAUTION   **Before you add the permission set to security policy, you might need to change the XML file so that the state of the permissions meets your needs. See the documentation for the application to learn about the specific attributes for the permission and how to change its state.

To import a permission set from an XML file using the .NET Framework Configuration tool

  1. Run the .NET Framework Configuration tool. At the command prompt, type:

    %systemroot%\Microsoft.NET\Framework\<runtime versionNumber>\mscorcfg.msc

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level you want to add a permission set to.

  4. Right-click Permission Sets and select New.

  5. Click Import and select the XML file that contains the information about the permission set.

  6. Associate the permission set with a code group. For details, see Configuring Code Groups Using the .NET Framework Configuration Tool.

Adding a Custom Permission Using the Code Access Security Policy Tool

The Code Access Security Policy tool (Caspol.exe) ships with the .NET Framework SDK and supports scripting to change security policy. You can use Caspol.exe to add new permission sets, but not to modify permission sets. If the XML file has only a permission — not a permission set — and you want to add the permission using Caspol.exe, you must wrap the permission in a permission set.

To add a permission set using Caspol.exe

  • Type the following command at the command prompt:

    caspol {-enterprise|-machine|-user} -addpset xmlFile

    In this command, xmlFile is the name of the file that contains the permission set and the permission.

See Also

Security Policy Management | .NET Framework Configuration Tool (Mscorcfg.msc) | Importing Security Components Using XML Files