NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Enforcing the permission

In order to actually enforce the new permission checks must be placed so as to protect access to the associated resource by code without the permission.

For example, the FileIOPermission protects access to files and directories, therefore all managed code that exposes these resources is responsible for demanding the corresponding FileIOPermission of its callers.

Note that protection is only necessary when the resource access is made based on that code’s permissions. For example, managed code system libraries that are highly trusted and access file resources via native code interfaces must strictly adhere to this rule. On the other hand, code that simply calls those same system libraries need not: the library will demand that the intermediary code and all its callers above that have the necessary permission. However, if the managed code calling the system library code asserts its file permissions then it needs to either demand appropriately of its callers or otherwise ensure that security is not compromised.