Using the PermitOnly Method
Calling PermitOnly has essentially the same effect as calling Deny but is a different way of specifying the conditions under which the security check should fail. Instead of saying that a specified resource cannot be accessed, as Deny does, PermitOnly says that only the resources you specify can be accessed. Therefore, calling PermitOnly on permission X is the same as calling Deny on all permissions except permission X. If you call PermitOnly, your code can be used to access only the resources protected by the permissions that you specify when you call PermitOnly. You use PermitOnly instead of Deny when it is more convenient to describe resources that can be accessed instead of resources that cannot be accessed.
In the .NET Framework version 4, runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. These requests should not be used in code that is based on the .NET Framework 4 or later. For more information about this and other changes, see Security Changes in the .NET Framework 4.
If your code calls PermitOnly on a permission P1, and downstream callers then demand permission P2, the PermitOnly call affects the result of the stack walk only if P1 and P2 are of different types and if P2 is not a subset of P1.
The following code fragments show declarative syntax for overriding security checks using PermitOnly. Callers cannot use this code to access any protected resources except user interface resources. .
Option Explicit Option Strict Imports System Imports System.Security.Permissions Public Class MyClass1 Public Sub New() End Sub <UIPermissionAttribute(SecurityAction.PermitOnly, Unrestricted := True)> Public Sub ReadRegistry() 'Access a UI resource. End Sub End Class
The following code example shows imperative syntax for overriding security checks using the PermitOnly method. The UIPermission constructor is passed a PermissionState object that specifies the user interface resources to which access is to be granted. Once the PermitOnly method is called, the code and all callers can be used only to access user interface resources.