NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

SecurityManager.ResolvePolicy

Decides what permissions to grant to code. This method performs the basic security decision of what permissions to grant to code based on evidence about it and what it requests. This method invokes the security policy engine providing it with evidence and code request permission sets, resulting in a grant set determined by security policy consisting of a granted permission set return value and a denied permission set as an output parameter. The effective granted permissions are those permissions in the granted set but not in the denied set.

[Visual Basic]
Public Shared Function ResolvePolicy( _
   ByVal evidence As Evidence, _
   ByVal reqdPset As PermissionSet, _
   ByVal optPset As PermissionSet, _
   ByVal denyPset As PermissionSet, _
   ByRef denied As PermissionSet _
) As PermissionSet
[C#]
public static PermissionSet ResolvePolicy(
   Evidence evidence,
   PermissionSet reqdPset,
   PermissionSet optPset,
   PermissionSet denyPset,
   ref PermissionSet denied
);
[C++]
public: static PermissionSet* ResolvePolicy(
   Evidence* evidence,
   PermissionSet* reqdPset,
   PermissionSet* optPset,
   PermissionSet* denyPset,
   PermissionSet** denied
);
[JScript]
public static function ResolvePolicy(
   evidence : Evidence,
   reqdPset : PermissionSet,
   optPset : PermissionSet,
   denyPset : PermissionSet,
   denied : PermissionSet
) : PermissionSet;

Parameters

evidence
Evidence set used to evaluate policy.
reqdPset
Required permissions the code must have to run.
optPset
Optional permissions that may or may not be granted.
denyPset
Denied permissions that must never be granted to the code even if policy would otherwise permit it.
denied
Output: resultant denied permission set explicitly not granted by policy per denied permission request

Return Value

Granted permission set.

Exceptions

Exception Type Condition
PolicyException raised if policy fails to grant the minimum required permissions specified by reqdPset parameter.

Remarks

To grant permissions to an assembly the security system collects evidence from the assembly and its host, and also the code request as the three Pset arguments and passes them to ResolvePolicy. The result is returned as the granted permission set and a denied permission set as out parameter.

See Also

SecurityManager Class | SecurityManager Members | System.Security Namespace