A permission check ensures that all callers have been granted necessary permission. A demand requires that caller(s) have the permission, or if not a security exception is raised. Typically a demand of a permission is made in response to a request to perform a protected operation, checking either granted permission or identity.
The most common form of demand applies to all callers: a stack walk checks the permission working up the stack frame by frame, starting with the immediate caller. A variant kind of demand walks the stack to the first caller above ourside the code’s own assembly and app domain – that is, the first level that could possibly have different grant or identity. Note: load-time declarative security demands apply to the immediate caller only – that is, the first stack frame above the code with the declaration; there is no imperative API exposing this, however it is mentioned to contrast the semantics.
To perform a permission demand granted permissions of all callers, use the Demand().
void CodeAccessPermission.Demand ();
Note that checking begins with the immediate caller of the method that calls Demand() – it does not check against the granted permissions of the method itself. (Example: Main calls X which calls Y; Y does a Demand(). The first permission check is against the granted permissions of X, then of Main, succeeding if both pass; the check can pass even if Y is not granted the permission being checked for.)
This method must be implemented by each permission class as the fundamental underlying test of a code access permission against a given demand. This method is called by Demand(),and DemandImmediate(), to perform the basic permission check at each level of a stack walk, however it is never called directly by application code to perform a permission check.
When a demand happens, the CheckDemand() method is called with the grant permission set of each caller on the stack (according to the particular type of demand) as argument: if the grant satisfies the demand then the method succeeds and returns, otherwise the check fails and a SecurityException is raised.
void CheckDemand (CodeAccessPermission demand);
For many permissions CheckDemand() will succeed if and only if IsSubsetOf() is true, however there may be an important difference. CheckDemand() actually is the method that decides if a check will succeed, which in turn will typically mean a protected operation will be allowed -- IsSubsetOf() simply compares two permissions to test subset relationship. If the decision to allow the operation is only a function of the grant, then the two are essentially the same. However, if the decision depends on additional conditions other than the grant then the result of CheckDemand() may sometimes differ from IsSubsetOf().
For example, a hypothetical code access permission might give access to certain data but only during certain hours. In which case the subset relationship would be time-invariant yet the result of a permission check would be different depending on the current time.
It is noteworthy that identity permissions often check the subset relationship opposite from the way other permissions do. For example, a demand of site “*.Microsoft.com” is satisfied by a granted identity of “www.microsoft.com” because the latter is a subset of the former identity set, however a file demand on C:\TEMP\FILE is satisfied by a grant of C:\TEMP because the former is a subset of the latter.
The IsGranted() method returns Boolean true if the calling method itself has been granted the permission. Code that requests optional permissions may use this method to test what permissions it was granted by policy so as to adjust its functionality appropriately. Granted permissions may only be tested against specific permissions and cannot be inspected directly. Inspection of grant set may reveal private information or knowledge of details of its grant set could be used to may exploit easier by malicious code. For identity permissions, this method allows code to test its own identity.
bool IsGranted ();