NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Imperative Demands

With imperative demands, you cause a security check to occur by creating a permission object that represents the permission you want your callers to have and then calling the Demand method on that permission object.

When you create the permission object, you must initialize the state data of the permission object so that it represents the particular form of that permission that you need. For example, when creating a FileIOPermission object, you can pass parameters to the FileIOPermission constructor, indicating what type of access you want the object to represent (i.e., read, append, or write) and what files you want the object to represent access to. Or, you can use the default constructor to create a FileIOPermission object that represents unrestricted access to all files. You can then use the unrestricted FileIOPermission object to make a security demand to ensure all callers have been granted unrestricted access to all files, or you can call methods of the permission class to initialize the FileIOPermission object to represent only certain types of access to files that you specify.

The imperative demand that you place in your code effectively protects all of the remaining code in the block where the Demand method is called. The security check is performed when the Demand is executed; if the security check fails, a SecurityException is thrown and the rest of the code in that method or member is never executed unless the SecurityException is caught and dealt with.

You might use an imperative demand instead of a declarative one when you only know at run time some information that you need to specify the permission. For example, if you want to ensure that callers have permission to read a certain file, but you don't know the name of the file that will be read until run time, an imperative demand is called for. You might also choose to use imperative checks instead of declarative checks when you need to determine at runtime whether a condition holds, and based on the result of the test, make a security demand (or not).