The runtime supplies a set of code access permission classes that are designed to protect a set of specific resources and operations. These permission classes are described briefly in the Permissions topic and in detail in the reference documentation for each class. For most environments, the built-in permissions are adequate. However, if you are defining a class library that accesses a resource that is not covered by the built-in permission classes but needs to be protected from unauthorized code, you should consider creating a custom permission class. If you want to be able to make declarative demands for your custom permission, you must also define an Attribute class for the permission. Providing these classes and making demands for the permission from within your class library will enable the runtime to prevent unauthorized code from accessing that resource.
To create your own code access permission class, you should derive a class from the System.Security.CodeAccessPermission class, which contains methods and properties that implement IPermission functionality, among others. The abstract methods, such as Copy, need to be implemented appropriately for the permission you are creating. To create an attribute class, you derive a class from the System.SecurityAttribute class.
Custom permissions require some special considerations with respect to packaging and security policy. For example, when you are deciding which assembly to place your custom permission class in, you must remember that you cannot place the custom permission in an assembly that requests that custom permission. Also, the default security policy does not "know" about the existence of your custom permission. Therefore, you should create a file for a named permission set that includes the custom permission and then use the caspol utility to add this file to the security policy on the computer where the code is to run. Then, you should associate the new permission set with the appropriate code groups so that security policy can grant the custom permission to the code that should have it.
You need to be aware that the named permission set called "Everything" contains all the built-in code access permissions that the runtime provides, but it does not include any custom permissions.