A permission object must have a companion attribute class in order for it to be usable declaratively. Attribute classes are defined for the standard and identity permissions. Each custom permission that is to be used declaratively should also have an attribute class defined for it. Attributes are coded as object constructors. The syntax of each permission attribute class constructors is dependent on the specifics of the permission itself. The attribute need only support constructors that can represent the useful declarative forms – for link-time, run-time, and grant-time – of the permission, which is not necessarily the complete set of states of the permission object.
Declarative security attribute classes derive from SecurityAttribute class, which is a subclass of the Attribute class for declarative security attributes. Attribute classes should be in the same namespace as the corresponding permission object. Name the attribute class SomethingPermissionAttribute for a permission named SomethingPermission (PermissionSetAttribute is an exception).
The CodeAccessSecurityAttribute base class provides common functionality for all security declaration attributes. A get method for the security action as defined above. The CreatePermission () method on an attribute class creates an instance of the corresponding permission object for the declaration.
public class CodeAccessSecurityAttribute: Attribute { public CodeAccessSecurityAttribute(SecurityAction action); public SecurityAction Action; {get;set;} public SecurityAction Unrestricted; {get;set;} public IPermission CreatePermission; // create permission obj. } // a few common attribute classes are shown here [attribute(VOSElementType.All)] public class FileIOPermissionAttribute : SecurityAttribute { public FileIOPermissionAttribute (SecurityAction action); public String Read; {get;set;} // property forms public String Write; {get;set;} // property forms public String Append; {get;set;} // property forms public IPermission CreatePermissionInstance; // create permission obj. } [attribute(VOSElementType.All)] public class RefelctionPermissionAttribute : SecurityAttribute { public RefelctionPermissionAttribute (SecurityAction action); public IPermission CreatePermissionInstance; // create permission obj. } [attribute(VOSElementType.All)] public class SecurityPermissionAttribute : SecurityAttribute { public SecurityPermissionAttribute (SecurityAction action); public boolean Assertion; {get;set;} public boolean UnmanagedCode; {get;set;} public boolean Execution; {get;set;} public boolean SkipVerification; {get;set;} public boolean ThreadControl; {get;set;} public IPermission CreatePermissionInstance; // create permission obj. } [attribute(VOSElementType.All)] public class PermissionSetAttribute : SecurityAttribute { public PermissionSetAttribute (SecurityAction action, string nameOrFile); public PermissionSet PermissionInstance; {get;} }