Assert, deny, and permit-only (collectively overrides) may be used to alter the effective granted permissions of code at the current stack frame. Assert a permission to stop stack walk check and succeed if the demand reaches the frame. Deny a permission to stop stack walk and fail. Permit-only is a form of deny where the set of permissions that should only succeed is specified – it is equivalent to deny of all permissions not specified.
void CodeAccessPermission.Assert (); void CodeAccessPermission.Deny (); void CodeAccessPermission.PermitOnly ();
Overrides are effective until the invoking method returns and the stack frame is freed. Only one assert, one deny, one permit-only can be effective at a time for a given stack frame, however an override with a permission set may assert (deny, etc.) many permission types at the same time. Subsequent assert, deny, permit-only will replace any previous. To remove the effect or an override, do an override on an empty permission set (or in case of permit-only, a permission set of all permissions granted the code).
While rare in practice, up to one assert, one deny, one permit-only may co-exist on a stack frame. The following rules describe the aggregate effect. Consider the case of a demand for permission P on a stack frame with assert A, deny D, and permit-only O: here is how the permission demand happens at each frame.