Understand how permission requests work
Background
The Microsoft .NET Framework uses code access security to protect secure
resources from malicious code. Code access security works by gathering evidence
from an assembly, placing that assembly into a code group based on its
evidence, and granting operations to the assembly based on the permissions that
are granted to the code group.
There are two types of actors involved in code access security configuration:
the developer and the system administrator. The developer is responsible for
requesting, demanding, asserting, and denying permissions within the
application. The system administrator is responsble for allowing certain
permissions to be granted.
Developers make permission requests by adding an assembly-level permission or
permission set attribute to an application's code, passing to it one of the
SecurityAction appropriate enumeration members. For example, the following
attribute is an assembly-level attribute for the FileIOPermission:
C#
[assembly: FileIOPermission(SecurityAction.RequestMinimum, Unrestricted=true)]
Visual Basic .NET
<assembly: FileIOPermission(SecurityAction.RequestMinimum, Unrestricted :=
True)]
SecurityAction Enumeration Members for Permission Requests
-
RequestMinimum This enumeration member indicates that the
associated permission or permission set must be granted to the assembly by the
code access security policy. If the code access security policy does not grant
the associated permission or permission set to the assembly, the assembly
loader will not load the assembly, and a PolicyException will be raised.
-
RequestRefuse This enumeration member indicates that the
associated permission or permission set must not be granted to the assembly by
the code access security policy. The assembly will load successfully if the
associated permission or permission set is granted to the assembly, but a
SecurityException will be raised whenever the assembly attempts to call an
operation that requires the permission or permission set to be granted.
-
RequestOptional This enumeration member indicates that the
associated permission or permission set can be used by the assembly, but it is
not required. For example, this can indicate to a system administrator that an
assembly might be able to provide more functionality or features if the
administrator trusts it enough to grant the optional permission or permission
set.
Restricted or Unrestricted
Permissions requests can either be all or none. To request all possible
operations for a particular permission, you should set the Unrestricted
property to True. This indicates that the permission is not restricted. For
example, setting the Unrestricted property to True on the FileIOPermission
attribute requests all access to the file system. Similarly, setting the
Unrestricted property to False on the FileIOPermission attribute requests no
access to the file system. If this property is set to False, you must
explicitly request access to individual paths.
Combining the SecurityAction Parameter and the Unrestricted
Property
Here is an example illustrating how combining the SecurityAction parameter and
the Unrestricted property affects operations allowed by the
FileIOPermission.
| SecurityAction |
Unrestricted |
Access |
| RequestMinimum |
True |
Access to the entire file system must be granted by the code access security
policy. If not the assembly will not load and a PolicyException will be raised. |
| RequestMinimum |
False |
Access to the entire file system is not required. You must add additional
requests to require access to individual paths. |
| RequestRefuse |
True |
Access to the entire file system will refused to be granted by the code access
security policy. If an attempt is made to access the file system, a
SecurityException will be raised. |
| RequestRefuse |
False |
No access to the file system should be refused. You must add additional
requests to refuse access to individual paths. |
| RequestOptional |
True |
Access to the entire file system does not need to be granted by the code access
security policy. However, the assembly might contain features that can benefit
from full file system access. |
| RequestOptional |
False |
No access to the file system is necessary. If an attempt is made to access the
file system, a SecurityException will be raised. You must add additional
requests for access to individual paths. |
Use Only Assembly-Level Permissions
To force only the permissions that you request to be granted to your code,
regardless of the permission set that is granted by the code access security
policy, you should add the following assembly-level attribute:
C#
[assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted=false)]
Visual Basic .NET
<assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted :=
False)>
This attribute makes an optional request for no permission set. This means that
no permission set will be granted to the code by the code access security
policy. All permissions that should be granted must be requested using
additional assembly-level attributes.
Conclusion
In conclusion, the best way to remember how permission requests work is as
follows:
SecurityAction.RequestMinimum = Code access security policy must grant the
permission
SecurityAction.RequestRefuse = Will not accept even if code access security
policy grants the permission
SecurityAction.RequestOptional = Do not grant the permission unless I request
it
PermissionState.Unrestricted = All operations should be enforced by the
permission
PermissionState.None = No operations should be enforced by the permission
Back to Tips and Tricks