Class | Description |
---|---|
CodeAccessSecurityAttribute | This is the base attribute class for declarative security using custom attributes. Attribute classes for code access security should derive from this class. |
EnvironmentPermission | Controls the ability to query and modify system and user environment variables. Variable names are designated by one or more case-insensitive name lists separated by semicolons, with separate lists for read and write access to the named variables. Write access includes the ability to create and delete environment variables as well as write existing values. |
EnvironmentPermissionAttribute | Custom attribute class for declarative security with EnvironmentPermission. |
FileDialogPermission | Permission to open files by means of a file dialog, where the user explicitly selects file(s) that the application may use. Files may only be opened for read-only access by means of this permission. |
FileDialogPermissionAttribute | Custom attribute class for declarative security with FileDialogPermission. |
FileIOPermission | This permission controls the ability to access files and folders. |
FileIOPermissionAttribute | Custom attribute class for declarative security with FileIOPermission. |
IsolatedStorageFilePermission | [To be supplied.] |
IsolatedStorageFilePermissionAttribute | Custom attribute class for declarative security with IsolatedStorageFilePermission. |
IsolatedStoragePermission | An abstract base class representing access to generic isolated storage capabilities. |
IsolatedStoragePermissionAttribute | Custom attribute class for declarative security with IsolatedStoragePermission. |
PermissionSetAttribute | Custom attribute class for declarative security with PermissionSet. Allows declarative security actions to be performed against permission sets rather than individual permissions. |
PrincipalPermission | Allows checks against the Active principal (see IPrincipal object) using the language constructs defined for both declarative and imperative security actions. By passing identity information (user name and role) to the constructor, the PrincipalPermission object can be used to demand that the identity of the active principal matches this information.
To match the active Principal object, and associated Identity object, both the specified identity and role must match. A NULL identity string is interpreted as a request to match any identity. A NULL role string will match any role. By implication, PrincipalPermission(NULL, NULL) will match the identity and roles in any Principal object. It is also possible to construct a PrincipalPermission that only checks for whether the Identity represents and authenticated or unauthenticated entity. In this case, the name and roles are ignored. |
PrincipalPermissionAttribute | Custom attribute class for declarative security with PrincipalPermission.
A PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a specified role or have been authenticated. |
PublisherIdentityPermission | Represents the identity of a software publisher. |
PublisherIdentityPermissionAttribute | Custom attribute class for declarative security with PublisherIdentityPermission. |
ReflectionPermission | Controls access to metadata through the reflection APIs. With ReflectionPermission, code may access all the types in its AppDomain, Assembly, and Module. It can find out all kinds of information about the public, family and even private members of any Type it can get to. At best this access reveals implementation details, at worst it exposes intellectual property. Even though private members of a class maybe exposed, they cannot be executed from semi-trusted code-- even if that code has ReflectionPermission. In order to call a private member, code must have full trust. We suggest ReflectionPermission not be granted to Internet code. |
ReflectionPermissionAttribute | Custom attribute class for declarative security with ReflectionPermission. |
RegistryPermission | This permission controls the ability to access registry keys and values. The permission distinguishes between the following three different types of registry access.
READ: Read-only access to the contents of the key or value. WRITE: Write access to the contents of the key or value. Also allows for deletion and overwriting. CREATE: Ability to create new keys or values. All of these permissions are independent, meaning that rights to one don't imply rights to another. If more than one permission is desired, they can be OR'd together as shown in the code sample below. For instance, write permission does not imply read and create. Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical path names. |
RegistryPermissionAttribute | [To be supplied.] |
SecurityAttribute | This is the base attribute class for declarative security from which CodeAccessSecurityAttribute is derived. |
SecurityPermission | This permission defines a collection of security permission flags used by the security system.
Assertion: Ability to assert any permission that has been granted. UnmanagedCode: Ability to call unmanaged code, such as calling native code via System.Runtime.InteropServices.PInvoke or via COM interop. SkipVerification: Allows code to run without doing verification on it. Execution: Code must have this permission in order to be run. ThreadControl: Ability to perform advanced operations with threads. |
SecurityPermissionAttribute | [To be supplied.] |
SiteIdentityPermission | Defines the web site from which code originates. For example, it is possible to ensure that callers are from a specific web site. |
SiteIdentityPermissionAttribute | Custom attribute class for declarative security with SiteIdentityPermission. |
StrongNameIdentityPermission | Defines the identity permission for strong names. |
StrongNameIdentityPermissionAttribute | Custom attribute class for declarative security with StrongNameIdentityPermission. |
StrongNamePublicKeyBlob | This type represents the public key information (called a blob) for a strong name. |
UIPermission | Controls the ability to use user interface (drawing and user input events in windows), and the ability to use the clipboard. |
UIPermissionAttribute | Custom attribute class for declarative security with UIPermission. |
URLIdentityPermission | Represents the identity of a software publisher. |
URLIdentityPermissionAttribute | Custom attribute class for declarative security with URLIdentityPermission. |
ZoneIdentityPermission | Defines the zone from which code originates. Using this permission code can check that calling code is from a certain zone. |
ZoneIdentityPermissionAttribute | Custom attribute class for declarative security with ZoneIdentityPermission. |
Interface | Description |
---|---|
IUnrestrictedPermission | An interface that represents the unrestricted state of a permission. All code access permission objects should implement IUnrestricted. |
Enumeration | Description |
---|---|
EnvironmentPermissionAccess | Describes the kind of access (read/write) for permission to use environment variables. |
FileIOPermissionAccess | Used with the FileIOPermission class. It is used to specify what type of file access is being requested. |
IsolatedStorageContainment | Isolated storage uses evidence to specify a unique storage area for use by an application or component. Isolated storage provides true isolation in that the identity of an application uniquely determines the root of a virtual file system that only that application can access. Thus, rather than many applications and components sharing a common resource like the file system or registry, each has its own file area inherently assigned to it that is fully isolated from other applications making it essentially private.
Three basic kinds of identity are used in scoping isolated storage User- authenticated user identity, or a unique "anonymous" user if none. Domain- domain isolation is based on evidence associated with the application domain. Web application identity is derived from the site's URL (e.g. |
PermissionState | The PermissionState enumeration has values indicating whether a permission should have all or no access at creation. |
ReflectionPermissionFlag | [To be supplied.] |
RegistryPermissionAccess | The RegistryPermissionAccess is to be used with the RegistryPermission object. It is used to specify what type of access is being requested. |
SecurityAction | The list of security actions that can be performed declaratively. |
SecurityPermissionFlag | Flags for the security permission object. |
UIPermissionClipboard | [To be supplied.] |
UIPermissionWindow | [To be supplied.] |