NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Protecting objects with permissions

Permissions are defined to protect specific resources, and any class library that performs operations of such protected resources needs to be responsible to enforce this protection. Before acting on any request on a protected resource such as delete a file, the code need to first check that the caller (and usually all callers, by means of a stack walk) has the appropriate delete permission for that resource. If so the action is considered authorized and may be done, or if not a security exception should be raised. In code, protection is typically implemented with either a declarative or imperative check of the appropriate permissions.

For example, use of files is protected by the FileIOPermission which grants separately the ability to create, read, write, and delete selected named groups of files. When the File class (or possibly any other class that exposes the same functionality) method to delete files is called to delete a specific file, the caller stack walk check for delete permission on that file must pass before the action delete operation will happen. The code of the File class is responsible for performing the necessary check that binds together the semantics of the permission object to the potential actions taken by the protected object itself.

It is important that classes protect all possible kinds of exposure of resources, not necessarily only direct access. For example, a cached file object is responsible for checking file read permission even if the actual data is only retrieved from a cache in memory and no actual file operation happens since the effect of handing the data to the caller is the same as an actual read.