HostProtectionAttribute Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Allows the use of declarative security actions to determine host protection requirements. This class cannot be inherited.

Namespace:   System.Security.Permissions
Assembly:  mscorlib (in mscorlib.dll)


[AttributeUsageAttribute(AttributeTargets::Assembly | AttributeTargets::Class | AttributeTargets::Struct | AttributeTargets::Constructor | AttributeTargets::Method | AttributeTargets::Delegate, 
	AllowMultiple = true, Inherited = false)]
public ref class HostProtectionAttribute sealed : CodeAccessSecurityAttribute


Initializes a new instance of the HostProtectionAttribute class with default values.


Initializes a new instance of the HostProtectionAttribute class with the specified SecurityAction value.


Gets or sets a security action.(Inherited from SecurityAttribute.)


Gets or sets a value indicating whether external process management is exposed.


Gets or sets a value indicating whether external threading is exposed.


Gets or sets a value indicating whether resources might leak memory if the operation is terminated.


Gets or sets flags specifying categories of functionality that are potentially harmful to the host.


Gets or sets a value indicating whether the security infrastructure is exposed.


Gets or sets a value indicating whether self-affecting process management is exposed.


Gets or sets a value indicating whether self-affecting threading is exposed.


Gets or sets a value indicating whether shared state is exposed.


Gets or sets a value indicating whether synchronization is exposed.


When implemented in a derived class, gets a unique identifier for this Attribute.(Inherited from Attribute.)


Gets or sets a value indicating whether the user interface is exposed.


Gets or sets a value indicating whether full (unrestricted) permission to the resource protected by the attribute is declared.(Inherited from SecurityAttribute.)


Creates and returns a new host protection permission.(Overrides SecurityAttribute::CreatePermission().)


This API supports the product infrastructure and is not intended to be used directly from your code. Returns a value that indicates whether this instance is equal to a specified object.(Inherited from Attribute.)


Returns the hash code for this instance.(Inherited from Attribute.)


Gets the Type of the current instance.(Inherited from Object.)


When overridden in a derived class, indicates whether the value of this instance is the default value for the derived class.(Inherited from Attribute.)


When overridden in a derived class, returns a value that indicates whether this instance equals a specified object.(Inherited from Attribute.)


Returns a string that represents the current object.(Inherited from Object.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute::GetIDsOfNames(Guid%, IntPtr, UInt32, UInt32, IntPtr)

Maps a set of names to a corresponding set of dispatch identifiers.(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute::GetTypeInfo(UInt32, UInt32, IntPtr)

Retrieves the type information for an object, which can be used to get the type information for an interface.(Inherited from Attribute.)


Retrieves the number of type information interfaces that an object provides (either 0 or 1).(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute::Invoke(UInt32, Guid%, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr)

Provides access to properties and methods exposed by an object.(Inherited from Attribute.)

This attribute affects only unmanaged applications that host the common language runtime and implement host protection, such as SQL Server. If the code is run in a client application or on a server that is not host-protected, the attribute "evaporates"; it is not detected and therefore not applied. When applied, the security action results in the creation of a link demand based on the host resources the class or method exposes.


The purpose of this attribute is to enforce host-specific programming model guidelines, not security behavior. Although a link demand is used to check for conformance to programming model requirements, the HostProtectionAttribute is not a security permission.

If the host does not have programming model requirements, the link demands do not occur.

This attribute identifies the following:

  • Methods or classes that do not fit the host programming model, but are otherwise benign.

  • Methods or classes that do not fit the host programming model and could lead to destabilizing server-managed user code.

  • Methods or classes that do not fit the host programming model and could lead to a destabilization of the server process itself.


If you are creating a class library that is to be called by applications that may execute in a host protected environment, you should apply this attribute to members that expose HostProtectionResource resource categories. The .NET Framework class library members with this attribute cause only the immediate caller to be checked. Your library member must also cause a check of its immediate caller in the same manner.


Do not use the Ngen.exe (Native Image Generator) to create a native image of assemblies that are protected by the HostProtectionAttribute. In a full-trust environment, the image is always loaded, without regard to the HostProtectionAttribute, and in a partial-trust environment the image is not loaded.

The following code example illustrates the use of the HostProtectionAttribute attribute with a variety of HostProtectionResource values.

#using <System.dll>
#using <System.Windows.Forms.dll>
#using <System.Drawing.dll>

using namespace System;
using namespace System::IO;
using namespace System::Threading;
using namespace System::Security;
using namespace System::Security::Policy;
using namespace System::Security::Principal;
using namespace System::Security::Permissions;
using namespace System::Diagnostics;
using namespace System::ComponentModel;
using namespace System::Windows::Forms;
using namespace System::Security::Permissions;

// The following class is an example of code that exposes external process management.
// Add the LicenseProviderAttribute to the control.

public ref class MyControl: public System::Windows::Forms::Control

   // Create a new, null license.
   License^ license;

      license = nullptr;

      // Determine if a valid license can be granted.
      bool isValid = LicenseManager::IsValid( MyControl::typeid );
      Console::WriteLine( "The result of the IsValid method call is {0}", isValid );


// If this application is run on a server that implements host protection, the HostProtection attribute  
// is applied. If the application is run on a server that is not host-protected, the attribute 
// evaporates; it is not detected and therefore not applied. HostProtection can be configured with 
// members of the HostProtectionResource enumeration to customize the protection offered. 
// The primary intent of this sample is to show situations in which the HostProtection attribute
// might be meaningfully used.  The environment required to demonstrate a particular HostProtection is
// too complex to invoke within the scope of this sample.
public ref class HostProtectionExample
   static int Success = 100;


   // Use the enumeration flags to indicate that this method exposes shared state and 
   // self-affecting process management.
   // Either of the following attribute statements can be used to set the 
   // resource flags.
   // Exit the sample when an exception is thrown.

   static void Exit( String^ Message, int Code )
      Console::WriteLine( "\nFAILED: {0} {1}", Message, Code );
      Environment::ExitCode = Code;
      Environment::Exit( Code );

   // Use the enumeration flags to indicate that this method exposes shared state, 
   // self-affecting process management, and self-affecting threading.
   // This method allows the user to quit the sample.

   static void ExecuteBreak()
      Console::WriteLine( "Executing Debugger.Break." );
      Debugger::Log( 1, "info", "test message" );

   // Use the enumeration flags to indicate that this method exposes shared state, 
   // self-affecting threading and the security infrastructure.
   // ApplyIdentity sets the current identity.

   static int ApplyIdentity()
      array<String^>^roles = {"User"};
         AppDomain^ mAD = AppDomain::CurrentDomain;
         GenericPrincipal^ mGenPr = gcnew GenericPrincipal( WindowsIdentity::GetCurrent(),roles );
         mAD->SetPrincipalPolicy( PrincipalPolicy::WindowsPrincipal );
         mAD->SetThreadPrincipal( mGenPr );
         return Success;
      catch ( Exception^ e ) 
         Exit( e->ToString(), 5 );

      return 0;


   // The following method is started on a separate thread.
   [PermissionSet(SecurityAction::Demand, Name="FullTrust")]
   static void WatchFileEvents()
         Console::WriteLine( "In the child thread." );
         FileSystemWatcher^ watcher = gcnew FileSystemWatcher;
         watcher->Path = "C:\\Temp";

         // Watch for changes in LastAccess and LastWrite times, and 
         // name changes to files or directories. 
         watcher->NotifyFilter = static_cast<NotifyFilters>(NotifyFilters::LastAccess | NotifyFilters::LastWrite | NotifyFilters::FileName | NotifyFilters::DirectoryName);

         // Watch only text files.
         watcher->Filter = "*.txt";

         // Add event handlers.
         watcher->Changed += gcnew FileSystemEventHandler( OnChanged );
         watcher->Created += gcnew FileSystemEventHandler( OnChanged );
         watcher->Deleted += gcnew FileSystemEventHandler( OnChanged );

         // Begin watching.
         watcher->EnableRaisingEvents = true;

         // Wait for the user to quit the program.
         Console::WriteLine( "Event handlers have been enabled." );
         while ( Console::Read() != 'q' )
      catch ( Exception^ e ) 
         Console::WriteLine( e->Message );



   // Use the enumeration flags to indicate that this method exposes synchronization 
   //  and external threading.

   static void StartThread()
      Thread^ t = gcnew Thread( gcnew ThreadStart( WatchFileEvents ) );

      // Start the new thread.  On a uniprocessor, the thread is not given 
      // any processor time until the main thread yields the processor.  

      // Give the new thread a chance to execute.
      Thread::Sleep( 1000 );


   // Call methods that show the use of the HostProtectionResource enumeration.
   static int Main()

         // Show use of the HostProtectionResource.SharedState,
         //   HostProtectionResource.SelfAffectingThreading, and
         //   HostProtectionResource.Security enumeration values.
         Directory::CreateDirectory( "C:\\Temp" );

         // Show use of the HostProtectionResource.Synchronization and
         //   HostProtectionResource.ExternalThreading enumeration values.
         Console::WriteLine( "In the main thread." );
         Console::WriteLine( "Deleting and creating 'MyTestFile.txt'." );
         if ( File::Exists( "C:\\Temp\\MyTestFile.txt" ) )
            File::Delete( "C:\\Temp\\MyTestFile.txt" );
         StreamWriter^ sr = File::CreateText( "C:\\Temp\\MyTestFile.txt" );
         sr->WriteLine( "This is my file." );
         Thread::Sleep( 1000 );

         // Show use of the HostProtectionResource.SharedState,
         //   HostProtectionResource.SelfProcessMgmt,
         //   HostProtectionResource.SelfAffectingThreading, and
         //   HostProtectionResource.UI enumeration values.

         // Show the use of the HostProtectionResource.ExternalProcessManagement enumeration value.
         MyControl^ myControl = gcnew MyControl;
         Console::WriteLine( "Enter 'q' to quit the sample." );
         return 100;
      catch ( Exception^ e ) 
         Exit( e->ToString(), 0 );
         return 0;

   // Define the event handlers.
   static void OnChanged( Object^ /*source*/, FileSystemEventArgs^ e )

      // Specify whether a file is changed, created, or deleted.
      Console::WriteLine( "In the OnChanged event handler." );
      Console::WriteLine( "File: {0} {1}", e->FullPath, e->ChangeType );


int main()
   return HostProtectionExample::Main();

.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top