Declarative Permission demo
using System;
using System.IO;
using System.Security;
using System.Security.Permissions;
using System.Collections.Generic;
using System.Text;
class Program
{
[FileIOPermission(SecurityAction.Demand, AllLocalFiles=FileIOPermissionAccess.Write)]
static void Main(string[] args)
{
FileStream fs = new FileStream("myfile.txt", FileMode.Create);
fs.WriteByte(65);
fs.Close();
}
}Demanding permissions
using System;
using System.IO;
using System.Security.Permissions;
[FileIOPermissionAttribute(SecurityAction.Demand,All=@"c:\\temp")]
class MainClass
{
public static void Main()
{
FileStream fsOut = File.Create(@"c:\\temp\\test.txt");
StreamWriter sw = new StreamWriter(fsOut);
sw.WriteLine("str");
sw.Flush();
sw.Close();
}
}Permission sets
using System;
using System.Collections.Generic;
using System.IO;
using System.IO.IsolatedStorage;
using System.Net;
using System.Net.Sockets;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using System.Security.Policy;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
public class MainClass
{
public static void Main()
{
NamedPermissionSet ps = new NamedPermissionSet("SamplePermissionSet", PermissionState.None);
ps.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, @"C:\test\"));
ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
Console.WriteLine(ps.ToXml().ToString());
}
}<PermissionSet class="System.Security.NamedPermissionSet"
version="1"
Name="SamplePermissionSet">
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture
=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Read="C:\test\"
Write="C:\test\"
Append="C:\test\"
PathDiscovery="C:\test\"/>
<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Cul
ture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Cultu
re=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"/>
</PermissionSet>
Refusing permissions
using System;
using System.IO;
using System.Security.Permissions;
[assembly:FileIOPermissionAttribute(SecurityAction.RequestRefuse,Unrestricted=true)]
class MainClass
{
public static void Main()
{
FileStream fsOut = File.Create(@"c:\\temp\\test.txt");
StreamWriter sw = new StreamWriter(fsOut);
sw.WriteLine("str");
sw.Flush();
sw.Close();
}
}Unhandled Exception: System.Security.SecurityException: Request for the permission of type "System.S
ecurity.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77
a5c561934e089" failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boole
an isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean
useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, St
ring msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int
32 bufferSize, FileOptions options)
at MainClass.Main()
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture
=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Read="c:\temp\test.txt"
Write="c:\temp\test.txt"/>
The demand was for:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture
=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Read="c:\temp\test.txt"
Write="c:\temp\test.txt"/>
The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>
The refused set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture
=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
</PermissionSet>
The assembly or AppDomain that failed was:
main, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
The method that caused the failure was:
Void Main()
The Zone of the assembly that failed was:
MyComputer
The Url of the assembly that failed was:
file:///C:/Java_Dev/WEB/dev/CSharp/main.exe
Requesting a permission set
using System;
using System.IO;
using System.Security.Permissions;
[assembly:PermissionSetAttribute(SecurityAction.RequestMinimum,Name="FullTrust")]
class MainClass
{
public static void Main()
{
FileStream fsOut = File.Create(@"c:\\temp\\test.txt");
StreamWriter sw = new StreamWriter(fsOut);
sw.WriteLine("str");
sw.Flush();
sw.Close();
}
}Requesting minimum permissions
using System;
using System.IO;
using System.Security.Permissions;
[assembly:FileIOPermissionAttribute(SecurityAction.RequestMinimum,All=@"c:\\temp")]
class MainClass
{
public static void Main()
{
FileStream fsOut = File.Create(@"c:\\temp\\test.txt");
StreamWriter sw = new StreamWriter(fsOut);
sw.WriteLine("str");
sw.Flush();
sw.Close();
}
}Requesting optional permissions
using System;
using System.IO;
using System.Security.Permissions;
[assembly:FileIOPermissionAttribute(SecurityAction.RequestOptional,All=@"c:\\temp")]
class MainClass
{
public static void Main()
{
FileStream fsOut = File.Create(@"c:\\temp\\test.txt");
StreamWriter sw = new StreamWriter(fsOut);
sw.WriteLine("str");
sw.Flush();
sw.Close();
}
}
