All permission objects should implement IPermission, and most will implement IUnrestrictedPermission if they define an unrestricted state (permission allowing any operation on the protected resource). Nearly all permissions that protect resources are code access permission objects (see Types of Permissions for more about code access security and other kinds of permissions) and derive from CodeAccessPermission.
CheckDemand – Enforcement of the permission happens with this method (although almost any bug in the permission can compromise security with respect to the resource it protects). CheckDemand method is called on the granted permission for some code with the same-type permission object that is being demanded as an argument. If the granted permission does not satisfy the demand a security exception must be raised, otherwise the method returns indicating success. For a code access permission, CheckDemand is repetitively called during a stack walk.
For a complete description of CheckDemand, see the section on the CheckDemand method.
Set operations – permissions must implement Intersect and Union methods that are required by the IPermission interface. These set operations must be defined to operate consistently with CheckDemand, specifically:
For a complete description of IPermission and its methods, see Permission object section.