public abstract class CodeAccessPermission : IPermission
Object
CodeAccessPermissionThis type implements IPermission.
mscorlib
BCL
Serves as the base class for all code access permissions.
[Note: Classes derived from CodeAccessPermission are required to override the following methods of the CodeAccessPermission class:
In addition, classes derived from CodeAccessPermission are required to implement a constructor that takes a PermissionState as its only parameter.
- System.Security.CodeAccessPermission.Copy - Creates a IPermission object of the same type and containing the same values as the current instance.
- System.Security.CodeAccessPermission.FromXml(System.Security.SecurityElement) - Reconstructs the state of a CodeAccessPermission object using an XML encoding.
- System.Security.CodeAccessPermission.Intersect(System.Security.IPermission) - Returns a IPermission object that is the intersection of the current instance and the specified object.
- System.Security.CodeAccessPermission.IsSubsetOf(System.Security.IPermission) - Determines if the current instance is a subset of the specified object.
- System.Security.CodeAccessPermission.ToXml - Creates an XML encoding of the current instance.
- System.Security.CodeAccessPermission.Union(System.Security.IPermission) - Returns a IPermission object that is the union of the current instance and the specified object.
]
The XML encoding of a CodeAccessPermission instance is defined below in EBNF format. The following conventions are used:
The following meta-language symbols are used:
- All non-literals in the grammar below are shown in normal type.
- All literals are in bold font.
ClassName is the name of the class implementing the permission, such as EnvironmentPermission.
- '*' represents a meta-language symbol suffixing an expression that can appear zero or more times.
- '?' represents a meta-language symbol suffixing an expression that can appear zero or one time.
- '+' represents a meta-language symbol suffixing an expression that can appear one or more times.
- '(',')' is used to group literals, non-literals, or a mixture of literals and non-literals.
- '|' denotes an exclusive disjunction between two expressions.
- '::= ' denotes a production rule where a left hand non-literal is replaced by a right hand expression containing literals, non-literals, or both.
AssemblyName is the name of the assembly that contains the class implementing the permission, such as mscorlib.
Version is the three part version number indicating the version of the assembly implementing the permission, such as 1.0.1.
StrongNamePublicKeyToken is the strong name public key token constituting the strong name of the assembly that implements the permission.
PermissionAttributes is any attribute and attribute value on the IPermission element used by the permission to represent a particular permission state, for example, unrestricted="true".
PermissionXML is any valid XML used by the permission to represent permission state.
The XML encoding of a CodeAccessPermission instance is as follows:
CodeAccessPermissionXML::=
<IPermission class="
ClassName
,
AssemblyName
,
Version=
Version,
Culture=neutral,
PublicKeyToken=
StrongNamePublicKeyToken"
version="1"
(PermissionAttributes)*
>
(PermissionXML)?
</IPermission>
System.Security Namespace
CodeAccessPermission Constructors
CodeAccessPermission Constructor
CodeAccessPermission Methods
CodeAccessPermission.Assert Method
CodeAccessPermission.Copy Method
CodeAccessPermission.Demand Method
CodeAccessPermission.Deny Method
CodeAccessPermission.FromXml Method
CodeAccessPermission.Intersect Method
CodeAccessPermission.IsSubsetOf Method
CodeAccessPermission.ToString Method
CodeAccessPermission.ToXml Method
CodeAccessPermission.Union Method
protected CodeAccessPermission();
Constructs a new instance of the CodeAccessPermission class.
System.Security.CodeAccessPermission Class, System.Security Namespace
public void Assert();
Asserts that calling code can access the resource identified by the current instance through the code that calls this method, even if callers have not been granted permission to access the resource.
Exception Type Condition SecurityException The calling code does not have System.Security.Permissions.SecurityPermissionFlag.Assertion.
Calling System.Security.CodeAccessPermission.Assert stops the permission check on callers that are after the code performing the assert. An assertion is effective only if the code that calls System.Security.CodeAccessPermission.Assert passes the security check for the permission that it is asserting.[Note: Even if the callers that are after the code performing the assert do not have the requisite permissions, they can still access resources through the code that calls this method. Because the assertion only applies to the callers of the code performing the assert, a security check for the asserted permission may still fail if the code calling System.Security.CodeAccessPermission.Assert has not itself been granted that permission.
A call to System.Security.CodeAccessPermission.Assert is effective until the code containing the call returns to its caller.
Caution: Because calling System.Security.CodeAccessPermission.Assert removes the requirement that all code be granted permission to access the specified resource, it can open up security vulnerabilities if used incorrectly or inappropriately.
]
System.Security.CodeAccessPermission Class, System.Security Namespace
public abstract IPermission Copy();
Returns a CodeAccessPermission containing the same values as the current instance.
A new CodeAccessPermission instance that is value equal to the current instance.
[Note: This method is implemented to support the IPermission interface.]
[Behaviors: The object returned by this method is required be the same type as the current instance and to represent the same access to resources as the current instance.]
[Overrides: Override this method to create a copy an instance in a type derived from CodeAccessPermission. ]
[Usage: Use this method to obtain a copy of the current instance that has values identical to those of the current instance.]
System.Security.CodeAccessPermission Class, System.Security Namespace
public void Demand();
Forces a SecurityException if all callers do not have the permission specified by the current instance.
Exception Type Condition SecurityException A caller does not have the permission specified by the current instance. A caller has called System.Security.CodeAccessPermission.Deny for the resource protected by the current instance.
The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and continues until all callers have been checked, one of the callers invokes System.Security.CodeAccessPermission.Assert , or a caller has been found that is not granted the demanded permission, in which case a SecurityException is thrown.[Note: System.Security.CodeAccessPermission.Demand is typically used by shared libraries to ensure that callers have permission to access a resource. For example, a method in a shared library calls System.Security.CodeAccessPermission.Demand for the necessary FileIOPermission before performing a file operation requested by the caller.
This method is implemented to support the IPermission interface.
]
System.Security.CodeAccessPermission Class, System.Security Namespace
public void Deny();
Denies access to the resources specified by the current instance through the code that calls this method.
This method prevents callers from accessing the protected resource through the code that calls this method, even if those callers have been granted permission to access it.The call to System.Security.CodeAccessPermission.Deny is effective until the calling code returns.
[Note: System.Security.CodeAccessPermission.Deny is ignored for a permission not granted because a demand for that permission will not succeed.
System.Security.CodeAccessPermission.Deny can limit the liability of the programmer or prevent accidental security vulnerabilities because it prevents the method that calls System.Security.CodeAccessPermission.Deny from being used to access the resource protected by the denied permission.
]
System.Security.CodeAccessPermission Class, System.Security Namespace
public abstract void FromXml(SecurityElement elem);
Reconstructs the state of a CodeAccessPermission object using the specified XML encoding.
- elem
- A SecurityElement instance containing the XML encoding to use to reconstruct the state of a CodeAccessPermission object.
Exception Type Condition ArgumentException elem does not contain the XML encoding for a instance of the same type as the current instance. The version number of elem is not valid.
[Behaviors: The values of the current instance are set to the values of the permission object encoded in elem .]
[Overrides: Override this method to reconstruct subclasses of CodeAccessPermission .]
[Usage: This method is called by the system.]
[Note: For the XML encoding for this class, see the CodeAccessPermission class page.]
System.Security.CodeAccessPermission Class, System.Security Namespace
public abstract IPermission Intersect(IPermission target);
Returns a CodeAccessPermission object that is the intersection of the current instance and the specified object.
- target
- A CodeAccessPermission instance to intersect with the current instance.
A new CodeAccessPermission instance that represents the intersection of the current instance and target . If the intersection is empty or target isnull
, returnsnull
. If the current instance is unrestricted, returns a copy of target. If target is unrestricted, returns a copy of the current instance.
Exception Type Condition ArgumentException target is not null
and is not a CodeAccessPermission object.
[Note: This method is implemented to support the IPermission interface.]
[Behaviors: As described above.]
[Overrides: Override this method to provide a mechanism for creating an intersection of two IPermission objects that are of the same type and are derived from CodeAccessPermission .]
[Usage: The intersection of two permissions is a permission that secures the resources and operations secured by both permissions. Specifically, it represents the minimum permission such that any demand that passes both permissions will also pass their intersection.]
System.Security.CodeAccessPermission Class, System.Security Namespace
public abstract bool IsSubsetOf(IPermission target);
Determines whether the current instance is a subset of the specified object.
- target
- A CodeAccessPermission instance that is to be tested for the subset relationship.
true
if the current instance is a subset of target; otherwise,false
. If the current instance is unrestricted, and target is not, returnsfalse
. If target is unrestricted, returnstrue
.
Exception Type Condition ArgumentException target is not null
and is not of type CodeAccessPermission .
[Note: This method is implemented to support the IPermission interface.]
[Behaviors: As described above.]
[Overrides: Override this method to implement the test for the subset relationship in types derived from CodeAccessPermission .]
[Usage: The current instance is a subset of target if the current instance specifies a set of accesses to resources that is wholly contained by target. For example, a permission that represents read access to a file is a subset of a permission that represents read and write access to the file.
If this method returns
true
, the current instance does not describe a level of access to a set of resources that is not already described by target.]
System.Security.CodeAccessPermission Class, System.Security Namespace
public override string ToString();
Returns the XML representation of the state of the current instance.
A String containing the XML representation of the state of the current instance.
[Note: The XML representation of the current instance is obtained by first calling System.Security.CodeAccessPermission.ToXml, then calling System.Object.ToString on the object returned by that method.This method overrides System.Object.ToString.
]
System.Security.CodeAccessPermission Class, System.Security Namespace
public abstract SecurityElement ToXml();
Returns the XML encoding of the current instance.
A SecurityElement containing an XML encoding of the state of the current instance.
[Behaviors: The object returned by this method is required to use the XML encoding for the CodeAccessPermission class as defined on the class page. The state of the current instance is required to be reproducible by invoking System.Security.CodeAccessPermission.FromXml(System.Security.SecurityElement) on an instance of CodeAccessPermission using the object returned by this method.]
[Overrides: Override this method to return an object containing the XML encoding for types derived from CodeAccessPermission .]
[Usage: This method is called by the system.]
System.Security.CodeAccessPermission Class, System.Security Namespace
public virtual IPermission Union(IPermission other);
Returns a CodeAccessPermission object that is the union of the current instance and the specified object.
- other
- A IPermission object of the same type as the current instance to be combined with the current instance.
If other isnull
, returns a copy of the current instance using the System.Security.IPermission.Copy method.
Exception Type Condition ArgumentException other is not of type CodeAccessPermission . NotSupportedException other is not null
.
[Note: This method is implemented to support the IPermission interface.]
[Behaviors: This method returns a new CodeAccessPermission instance that represents the union of the current instance and other. If the current instance or other is unrestricted, returns a CodeAccessPermission instance that is unrestricted. If other is
null
, returns a copy of the current instance using the System.Security.IPermission.Copy method.]
[Default: If other is not
null
, this method throws a NotSupportedException exception; otherwise, returns a copy of the current instance.]
[Overrides: Override this method to provide a mechanism for creating the union of two IPermission objects that are of the same type and are derived from CodeAccessPermission .]
[Usage: The result of a call to System.Security.CodeAccessPermission.Union(System.Security.IPermission) is a permission that represents all of the access to resources represented by both the current instance and other . Any demand that passes either permission passes their union.]
System.Security.CodeAccessPermission Class, System.Security Namespace