NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Security targets

Security declarative targets may be on the Assembly, Class or Method. If the same action declared for both class and a particular method within, the more specific method declaration overrides the class declaration.

Assembly (mdAssembly): Security action applies to the entire assembly. This target is valid only for permission request actions.

Class (mdTypeDef): Security action applies to all methods and properties in the class. A class does not automatically inherit the security attributes of its parent class. Note: Security declarations may not be applied to an interface. Compilers should treat attributes placed on interfaces as an error and notify the user.

Method (mdMethodDef): Security action applies to the method.
A property may have (possibly different) security declarations on its get/set methods.
Also events support security actions, securing the method that corresponds to the event declaration.

There is no way to set declarative attributes on a field. Use accessor methods with to control field access.

If security declarations appearing at different levels (e.g. class and module) could apply to the same element then the most specific declaration alone applies. In other words, every method is contained in a class – where there is overlap in scope the more specific (i.e. method over class) is effective. Put another way, declarations apply to the element they are applied to or if none exist, any declaration from a superior containing element (if one exists) applies. An example should clarify:

Declaration Element Demand Precedence
  
  
  
  
   Class C1 – demand P2
C1
P2
C1
      Method X1 – demand P3
X1
P3
X1
      Method X2 (no declaration)
X2
P2
C1
   Class C2 (no declaration)
C2
(none)
  
      Method X3 – demand P4
X3
P4
X3
      Method X4 (no declaration)
X4
(none)
  
  
  
  
  
   Class C3 – demand P5
C3
P5
C3
      Method X5 – demand P6
X5
P6
X5
      Method X6 (no declaration)
X6
P5
C3
   Class C4 (no declaration)
C4
(none)
  
      Method X7 – demand P7
X7
P7
X7
      Method X8 (no declaration)
X8
(none)