Allows checks against the Active principal (see IPrincipal object) using the language constructs defined for both declarative and imperative security actions. By passing identity information (user name and role) to the constructor, the PrincipalPermission object can be used to demand that the identity of the active principal matches this information.
To match the active Principal object, and associated Identity object, both the specified identity and role must match. A NULL identity string is interpreted as a request to match any identity. A NULL role string will match any role. By implication, PrincipalPermission(NULL, NULL) will match the identity and roles in any Principal object. It is also possible to construct a PrincipalPermission that only checks for whether the Identity represents and authenticated or unauthenticated entity. In this case, the name and roles are ignored.
Object
PrincipalPermission
[Visual Basic] NotInheritable Public Class PrincipalPermission Implements IPermission, ISecurityEncodable, _ IUnrestrictedPermission [C#] public sealed class PrincipalPermission : IPermission, ISecurityEncodable, IUnrestrictedPermission [C++] public __gc __sealed class PrincipalPermission : public IPermission, ISecurityEncodable, IUnrestrictedPermission [JScript] public class PrincipalPermission implements IPermission, ISecurityEncodable, IUnrestrictedPermission
Unlike most other permission objects, PrincipalPermission does not extend the CodeAccessPermission class. It does, however, implement the IPermission interface. This is because PrincipalPermission is not a code access permission- it does not protect or control access to any system resource. Instead it allows code to perform actions (Demand, Union, Intersect, etc.) against the current user identity (see IPrincipal object) in a manner consistent with how those actions are performed for code access and code identity permissions.
Namespace: System.Security.Permissions
Assembly: mscorlib.dll
The following example creates two PrincipalPermission objects representing two different administrative users, unions the two together, and makes a demand. The Demand will succeed only if the active Principal object represents either user Bob in the role of Administrator or user Louise in the role of Administrator.
[C#]
String id1 = "Bob"; String role1 = "Administrator"; PrincipalPermission PrincipalPerm1 = new PrincipalPermission(id1, role1); String id2 = "Louise"; String role2 = "Administrator"; PrincipalPermission PrincipalPerm2 = new PrincipalPermission(id2, role2); (PrincipalPerm1.Union(PrincipalPerm2)).Demand();
PrincipalPermission Members | System.Security.Permissions Namespace