The NGWS runtime allows code to perform only those operations that the code has "permission" to perform. To implement its mechanism for enforcing restrictions on managed code, the runtime uses objects called permissions. The primary uses of permissions are as follows: code can request the permissions it needs to access resources or perform operations; the runtime can grant permissions to code, based on characteristics of the code's identity, on what permissions were requested, and on how much the code is trusted; and code can demand that its callers have specific permissions. For more information about how the runtime decides which permissions to grant, see Security Policy and Permission Grants.
There are three kinds of permissions, each of which has a specific purpose:
Permission Class Name | Right represented |
---|---|
EnvironmentPermission | Read or write environment variables. |
FileDialogPermission | Access files that have been selected by the user in an Open dialog box. |
FileIOPermission | Read, append, or write files or directories. |
IsolatedStoragePermission | Access temporary, publisher-specific files on a client's disk. |
ReflectionPermission | Discover information about a type at run time. |
RegistryPermission | Read, write, create, or delete registry keys and values. |
SecurityPermission | Execute, assert permissions, call into unmanaged code, skip verification, as well as other rights. |
UIPermission | Access user interface functionality. |
Class Name | Identity represented |
---|---|
PublisherIdentityPermission | The software publisher's digital signature. |
SiteIdentityPermission | The web site from which the code originated. |
StrongNameIdentityPermission | The strong (shared) name of the assembly (for more information, see What is a shared name?). |
ZoneIdentityPermission | The zone from which the code originated. |
URLIdentityPermission | The URL from which the code originated (including the protocol prefix—http, https, ftp, etc.). |
The runtime provides built-in permission classes in the System.Security.Permissions namespace and also supplies support for designing and implementing custom permission classes.