Requesting permissions is the way you let the runtime know what your code needs to be allowed to do. You request permissions for your code by specifying the needed permissions when the assembly is created. The requested permissions are stored in the assembly manifest.
To request permissions, you must be aware of the resources and protected operations your code is using, and you need to know which permissions protect those resources and operations. You should keep track of the resources used by your components as well as the resources accessed by any class library methods that are called by your components. For a list of the code access permissions that the runtime supports, see the Permissions topic.
You can request the following three kinds of permissions for your code:
required permissions | Permissions your code must have in order to run. |
optional permissions | Permissions that your code could use, but will be able to run effectively without. |
refused permissions | Permissions that you want to ensure will never be granted to your code, even if security policy would have allowed them to be granted. |
Based on the permissions that your code requests, the runtime uses security policy to determine at load time which permissions to grant your code. If your code does not request permissions, it will be granted whatever permissions security policy allows, which might be different every time your code runs (or it might be no permissions at all). If required permissions are specified, the code will be granted each required permission that is allowed by security policy. The code will be allowed to run only if it is granted all the permissions it requires.
However, your code does not have to request permissions. If the code doesn’t access protected resources or perform protected operations, then it is not necessary to request any permissions. For example, permissions might not be necessary if the code simply computes a result without using any resources, based on inputs passed to it. If the code accesses resources but doesn't request the necessary permissions, the code will still be allowed to execute as long as security policy happens to allow sufficient permissions to be granted.
But there are important reasons why you might decide to request permissions for your code: