NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

System.Security.Permissions Namespace

Classes

Class Description
CodeAccessSecurityAttribute This is the base attribute class for declarative security using custom attributes. Attribute classes for code access security should derive from this class.
EnvironmentPermission Controls the ability to query and modify system and user environment variables. Variable names are designated by one or more case-insensitive name lists separated by semicolons, with separate lists for read and write access to the named variables. Write access includes the ability to create and delete environment variables as well as write existing values.
EnvironmentPermissionAttribute Custom attribute class for declarative security with EnvironmentPermission.
FileDialogPermission Permission to open files by means of a file dialog, where the user explicitly selects file(s) that the application may use. Files may only be opened for read-only access by means of this permission.
FileDialogPermissionAttribute Custom attribute class for declarative security with FileDialogPermission.
FileIOPermission This permission controls the ability to access files and folders.
FileIOPermissionAttribute Custom attribute class for declarative security with FileIOPermission.
IsolatedStorageFilePermission [To be supplied.]
IsolatedStorageFilePermissionAttribute Custom attribute class for declarative security with IsolatedStorageFilePermission.
IsolatedStoragePermission An abstract base class representing access to generic isolated storage capabilities.
IsolatedStoragePermissionAttribute Custom attribute class for declarative security with IsolatedStoragePermission.
PermissionSetAttribute Custom attribute class for declarative security with PermissionSet. Allows declarative security actions to be performed against permission sets rather than individual permissions.
PrincipalPermission Allows checks against the Active principal (see IPrincipal object) using the language constructs defined for both declarative and imperative security actions. By passing identity information (user name and role) to the constructor, the PrincipalPermission object can be used to demand that the identity of the active principal matches this information.

To match the active Principal object, and associated Identity object, both the specified identity and role must match. A NULL identity string is interpreted as a request to match any identity. A NULL role string will match any role. By implication, PrincipalPermission(NULL, NULL) will match the identity and roles in any Principal object. It is also possible to construct a PrincipalPermission that only checks for whether the Identity represents and authenticated or unauthenticated entity. In this case, the name and roles are ignored.

PrincipalPermissionAttribute Custom attribute class for declarative security with PrincipalPermission.

A PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a specified role or have been authenticated.

PublisherIdentityPermission Represents the identity of a software publisher.
PublisherIdentityPermissionAttribute Custom attribute class for declarative security with PublisherIdentityPermission.
ReflectionPermission Controls access to metadata through the reflection APIs. With ReflectionPermission, code may access all the types in its AppDomain, Assembly, and Module. It can find out all kinds of information about the public, family and even private members of any Type it can get to. At best this access reveals implementation details, at worst it exposes intellectual property. Even though private members of a class maybe exposed, they cannot be executed from semi-trusted code-- even if that code has ReflectionPermission. In order to call a private member, code must have full trust. We suggest ReflectionPermission not be granted to Internet code.
ReflectionPermissionAttribute Custom attribute class for declarative security with ReflectionPermission.
RegistryPermission This permission controls the ability to access registry keys and values. The permission distinguishes between the following three different types of registry access.

READ: Read-only access to the contents of the key or value.

WRITE: Write access to the contents of the key or value. Also allows for deletion and overwriting.

CREATE: Ability to create new keys or values.

All of these permissions are independent, meaning that rights to one don't imply rights to another. If more than one permission is desired, they can be OR'd together as shown in the code sample below. For instance, write permission does not imply read and create. Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical path names.

RegistryPermissionAttribute [To be supplied.]
SecurityAttribute This is the base attribute class for declarative security from which CodeAccessSecurityAttribute is derived.
SecurityPermission This permission defines a collection of security permission flags used by the security system.

Assertion: Ability to assert any permission that has been granted.

UnmanagedCode: Ability to call unmanaged code, such as calling native code via System.Runtime.InteropServices.PInvoke or via COM interop.

SkipVerification: Allows code to run without doing verification on it.

Execution: Code must have this permission in order to be run.

ThreadControl: Ability to perform advanced operations with threads.

SecurityPermissionAttribute [To be supplied.]
SiteIdentityPermission Defines the web site from which code originates. For example, it is possible to ensure that callers are from a specific web site.
SiteIdentityPermissionAttribute Custom attribute class for declarative security with SiteIdentityPermission.
StrongNameIdentityPermission Defines the identity permission for strong names.
StrongNameIdentityPermissionAttribute Custom attribute class for declarative security with StrongNameIdentityPermission.
StrongNamePublicKeyBlob This type represents the public key information (called a blob) for a strong name.
UIPermission Controls the ability to use user interface (drawing and user input events in windows), and the ability to use the clipboard.
UIPermissionAttribute Custom attribute class for declarative security with UIPermission.
URLIdentityPermission Represents the identity of a software publisher.
URLIdentityPermissionAttribute Custom attribute class for declarative security with URLIdentityPermission.
ZoneIdentityPermission Defines the zone from which code originates. Using this permission code can check that calling code is from a certain zone.
ZoneIdentityPermissionAttribute Custom attribute class for declarative security with ZoneIdentityPermission.

Interfaces

Interface Description
IUnrestrictedPermission An interface that represents the unrestricted state of a permission. All code access permission objects should implement IUnrestricted.

Enumerations

Enumeration Description
EnvironmentPermissionAccess Describes the kind of access (read/write) for permission to use environment variables.
FileIOPermissionAccess Used with the FileIOPermission class. It is used to specify what type of file access is being requested.
IsolatedStorageContainment Isolated storage uses evidence to specify a unique storage area for use by an application or component. Isolated storage provides true isolation in that the identity of an application uniquely determines the root of a virtual file system that only that application can access. Thus, rather than many applications and components sharing a common resource like the file system or registry, each has its own file area inherently assigned to it that is fully isolated from other applications making it essentially private.

Three basic kinds of identity are used in scoping isolated storage

User- authenticated user identity, or a unique "anonymous" user if none.

Domain- domain isolation is based on evidence associated with the application domain. Web application identity is derived from the site's URL (e.g.

PermissionState The PermissionState enumeration has values indicating whether a permission should have all or no access at creation.
ReflectionPermissionFlag [To be supplied.]
RegistryPermissionAccess The RegistryPermissionAccess is to be used with the RegistryPermission object. It is used to specify what type of access is being requested.
SecurityAction The list of security actions that can be performed declaratively.
SecurityPermissionFlag Flags for the security permission object.
UIPermissionClipboard [To be supplied.]
UIPermissionWindow [To be supplied.]