A named permission set in C#


This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.

A named permission set is a set of permissions that security administrators associate with code groups-in other words, a group of permissions given a unique name. A named permission set consists of one or more permissions and a name and description for the permission set. Administrators can establish or modify the security policy for code groups by using named permission sets. Of course, more than one code group can be associated with the same named permission set. 

The .NET Security Framework has built-in named permission sets that the system administrator cannot modify. The administrator can create custom named permission sets and modify security policy to use these customized sets in lieu of the built-in ones. When naming the custom permission sets, you must ensure that the names do not conflict with those of the built-ins. 

The CLR provides the following permission set flags:

  • Nothing-gives no permissions or prevents code from running.
  • Execution-gives permission to run or execute but does not give permission to use protected resources.
  • Internet-the default policy permission set for content from unknown origin.
  • LocalIntranet-the default policy permission set within an enterprise.
  • Everything-gives all standard built-in permissions but does not include permission to skip verification.
  • FullTrust-gives full access to all resources protected by permissions. It can be unrestricted.

You can modify only the Internet, LocalInternet, and Everything permission sets. 

Listing 22.1 contains code extracted from a typical policy configuration file that sets Internet permissions, the default rights given to Internet applications. 

Listing 22.1: Internet Permission Set 

<PermissionSet class="NamedPermissionSet"
version="1"
Name="Internet"
Description="Default rights given to internet applications">
  <IPermission class="FileDialogPermission"
  version="1"
  Access="Open"/>
  <IPermission class="IsolatedStorageFilePermission"
  version="1"
  Allowed="DomainIsolationByUser"
  UserQuota="10240"/>
  <IPermission class="SecurityPermission"
  version="1"
  Flags="Execution"/>
  <IPermission class="UIPermission"
  version="1"
  Window="SafeTopLevelWindows"
  Clipboard="OwnClipboard"/>
  <IPermission class="PrintingPermission"
  version="1"
  Level="SafePrinting"/>
</PermissionSet>

Listing 22.2 generates output that lists all known policy levels and named permission sets at all policy levels. 

Listing 22.2: Output Named Permission Sets 

using System;
using System.Collections;
using System.Security;
using System.Security.Policy;

class testsecurity
{
    public static void Main(string[] args)
    {
        IEnumerator ienum1 = SecurityManager.PolicyHierarchy();

        while (ienum1.MoveNext())
        {
            PolicyLevel pol = (PolicyLevel)ienum1.Current;
            Console.WriteLine(pol.Label);
            IEnumerator ienum2 =
            pol.NamedPermissionSets.GetEnumerator();

            while (ienum2.MoveNext())
            {
                NamedPermissionSet permset =
                (NamedPermissionSet)ienum2.Current;
                Console.WriteLine(permset.Name
                + ", " + permset.Description);
            }
        }
    }
}

Conclusion

Hope this article would have helped you in understanding a named permission set in C#. See other articles on the website on .NET and C#.

visual C-sharp.jpg
The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer.


Similar Articles