This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
Security
Reflection provides the means to discover, bind to, and invoke members at run time. The different levels of trust control which members code is allowed to discover, bind to, and invoke. Allowing access to private information on a type potentially exposes information and access to code and data to untrusted users. This document describes the security that is built into the Reflection services and how it is used. Access to information through reflection is controlled at three levels:
- Untrusted code can inspect the metadata for public types, invoke public members, invoke family access members of the calling code’s base classes, invoke assembly access members of the calling code’s assembly, and the logical combination of these in FamilyAndAssembly and FamilyOrAssembly accessibility.
- In addition to the functionality described above, code with ReflectionPermission can view the metadata for a nonpublic types, inspect the metadata for nonpublic types, and walk up and back down the containment chain to access other types in the calling code’s module or its assembly.
- The SerializationPermissions offers the ability to get and set any nontransient data members of serializable types. This permission allows code to discover and alter the private state of an instance.
The following topics describe each of the above in greater detail: