System.Security.Permissions

System.Security.Permissions

A permission is an object that specifies security rules for access to a protected resource. Permissions come in two flavors, programmatic and declarative. In the former case, the permission class (e.g., ReflectionPermission) derives from CodeAccessPermission. You write code that creates these objects, sets their properties, and calls their methods in the usual way. You will need this technique when your security operations can vary dynamically at runtime.

Alternatively, many programmers like to specify their permissions declaratively by marking their code with attributes. The attributes tell the CLR which security permissions the code needs to do its job, in the same way that calling methods on a permission object would do. When a caller attempts to access the marked code, the CLR checks if the caller has the permissions that the code requires and throws an exception if it doesn't. This allows security permission failures (say, your caller doesn't have permission to use the file system) to be detected when code is first loaded instead of later in the runtime session (say, after the user has done a lot of work and needs to save it in a file). Specifying security requirements declaratively also allows an administrator using a viewer program to see which permissions your code requires, so she can either a) grant them ahead of time and avoid the fuss, or b) refuse to grant them and understand why the code, or at least certain portions of it, won't work. Specifying permissions declaratively is usually easier than doing it programmatically provided that you know your permission needs at development time.

Significant portions of this namepace are covered in Volume 1 of the .NET Framework Standard Library Annotated Reference.

The permission classes covered in this volume of the the .NET Framework Standard Library Annotated Reference, their corresponding attribute classes, and the protected resources to which they control access are listed in Figure.

A permission object can contain its own fine-grained subdivisions of permissions. Each permission class has its own enumeration specifying the sub-privileges that a piece of code may ask for, as listed in Figure.