RE: SecurityAction RequestOptional, RequestRefuse, & more

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: v-phuang@xxxxxxxxxxxxxxxxxxxx ("Peter Huang" [MSFT])
• Date: Fri, 10 Jun 2005 06:20:51 GMT

---

Hi

Here is some information about the SecurityAction.

the RequestMinimum the give your dll the permission.

RequestMinimum
You can use SecurityAction.RequestMinimum method along with declarative
permission attributes to specify the minimum set of permissions your
assembly needs to run. For example, if your assembly needs to access the
registry, but only needs to retrieve configuration data from a specific
key, use an attribute similar to the following:

[assembly: RegistryPermissionAttribute(
SecurityAction.RequestMinimum,
Read=@"HKEY_LOCAL_MACHINE\SOFTWARE\YourApp")]

If you know up front that your code will run in a full trust environment
and will be granted the full set of unrestricted permissions, using
RequestMinimum is less important. However, it is good practice to specify
your assembly's permission requirements.

Note Permission attributes accept a comma-delimited list of properties
and property values after the mandatory constructor arguments. These are
used to initialize the underlying permission object. A quick way to find
out what property names are supported is to use Ildasm.exe on the assembly
that contains the permission attribute type.
RequestOptional
If you use SecurityAction.RequestOptional method, no other permissions
except those specified with SecurityAction.RequestMinimum and
SecurityAction.RequestOptional will be granted to your assembly, even if
your assembly would otherwise have been granted additional permissions by
code access security policy.

RequestRefused
SecurityAction.RequestRefuse allows you to make sure that your assembly
cannot be granted permissions by code access security policy that it does
not require. For example, if your assembly does not call unmanaged code,
you could use the following attribute to ensure code access security policy
does not grant your assembly the unmanaged code permission.

[assembly: SecurityPermissionAttribute(SecurityAction.RequestRefuse,
UnmanagedCode=true)]

......
If you use RequestOptional, the set of permissions that are specified with
RequestOptional and RequestMinimum are INTERSECTED with the permission
grant given to your assembly by policy.

For detailed information, you may try to take a look at the link below.
Code Access Security in Practice
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html
/secmod81.asp

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Follow-Ups:
  • Re: SecurityAction RequestOptional, RequestRefuse, & more
    • From: Nicole Calinoiu

• References:
  • SecurityAction RequestOptional, RequestRefuse, & more
    • From: David Thielen

• Prev by Date: RE: assembly security/permission question
• Next by Date: Re: How to get Drive Volume Name
• Previous by thread: SecurityAction RequestOptional, RequestRefuse, & more
• Next by thread: Re: SecurityAction RequestOptional, RequestRefuse, & more
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Trying to run in partial trust (getting a PolicyException) ... RequestMinimum and the two items below were the only uses in all of my code. ... class="System.Security.Permissions.EnvironmentPermission, mscorlib, ... I think you can check the permission ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet.security) Re: SecurityAction RequestOptional, RequestRefuse, & more ... > event that other DLLs can register with and when that event fires, ... > So it looks like I should only declare RequestMinimum and leave the ... your existing assembly-level permission attributes. ... (microsoft.public.dotnet.framework) Re: trying to figure out code permissions ... RequestMinimum makes sure you have this permission. ... MyObj obj = new MyObj; ... public override string ToString() ... (microsoft.public.dotnet.framework.aspnet.security) Re: StrongNameIdentityPermission at Assembly level? ... RequestMinimum will make sure the current assembly has the permission in ... question before allowing it to execute. ... Demand and LinkDemand examine the permissions of callers which is what you ... > permission will verify that your assembly will execute ONLY if it is ... (microsoft.public.dotnet.security) Re: Article : Code Access Security Part - 1 (.Net FrameWork Tools Series) ... > Today we are going to look at Code Access Security. ... the code execution depends on the permission provided to the ... > Code access security is based upon Code Groups and Permissions. ... > CAS policy levels exists either at enterprise, ... (microsoft.public.dotnet.framework.setup)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework  > 2005-06