NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Identity permissions in depth

Identity permissions are based on tests against granted identity permissions derived from evidence to determine the identity of caller or callers. Security policy makes decisions based on code evidence that controls what code runs and what permissions are to be granted. For the standard permissions, the grant determines the set of protected operations the code is allowed; identity permissions are granted to identify the code based on evidence. For example, if a given piece of code has evidence associated with it including a digital signature, a strong name, a zone and site of origin, then identity permissions corresponding to these will be granted by policy. Where policy uses code groups based on evidence to grant standard permissions, the identity permission grant is independent of any policy configuration and only a function of the evidence and identities it contains. (See policy specification for more detail on policy.)

It is worth noting the semantics of identity permissions as code access permissions. A stack walk check of an identity permission tests the identity of all callers and succeeds only if all callers have matching identity. Overrides work as with other code access permissions: asserting an identity will cause a subsequent check to succeed even if callers above do not have the necessary identity. For example, some component may require all its callers have a certain identity to use it, however, in some special case it may be desired to expose the functionality to any caller – to do this, a method with the necessary identity should assert its identity and then call the component (the assert allows the component check to succeed even though above the immediate caller is other code without the proper identity). Denying an identity effectively hides it so that subsequent checks will fail to match the identity (this allows code to hide its trusted identity and call code in an anonymous way).

The following sections describe the basic identity permissions: for complete details see class specifications.