NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

ICodeGroup Interface

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that may have child code groups and so on forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it or not based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their children apply policy.

When resolving policy code groups use their membership condition to test evidence for an assembly. For matching assemblies code groups then propagate policy evaluation to their child code groups according to rules of the specific type of code group.

[Visual Basic]
Public Interface ICodeGroup
   Implements ISecurityEncodable, ISecurityPolicyEncodable
[C#]
public interface ICodeGroup : ISecurityEncodable,
   ISecurityPolicyEncodable
[C++]
public __gc __interface ICodeGroup : public ISecurityEncodable,
   ISecurityPolicyEncodable

[JScript] In JScript, you can use the interfaces in the NGWS frameworks, but you cannot define your own.

Classes that Implement ICodeGroup

Class Description
FirstMatchCodeGroup FirstMatchCodeGroup allows security policy to be defined that works similar to a switch {case 1: ...; case 2: ...; ... default: ...; } conditional structure.
UnionCodeGroup Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that may have child code groups and so on forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it or not based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their children apply policy.

UnionCodeGroup is the most common type of code group, the policy statement of all matching child code groups (and by extension their children) are unioned together with the permission set of the matching parent code group. Thus, if its membership condition matches this code group will union its policy statement with those of all its children that also match the evidence.

Remarks

See UnionCodeGroup and FirstMatchCodeGroup classes for specific code group implementations.

Requirements

Namespace: System.Security.Policy

Assembly: mscorlib.dll

See Also

ICodeGroup Members | System.Security.Policy Namespace