Share via


How to: Request Optional Permissions by Using the RequestOptional FlagĀ 

The SecurityAction.RequestOptional flag allows you to request a set of permissions while refusing all other permissions the runtime otherwise might have been willing to give. By contrast, the RequestRefuse flag allows you to refuse permissions by explicitly specifying which ones your code should not be granted.

In contrast to using the RequestMinimum flag, your application will execute if it does not receive all the permissions that you request using the RequestOptional flag, and a SecurityException will be thrown when your application attempts to access a protected resource. If you use this type of request, you must enable your code to catch any exceptions that will be thrown if your code is not granted the optional permission.

The following example requests FileIOPermission using the SecurityAction.RequestOptional flag, indirectly refusing all other permissions. This example assumes that a hypothetical class Log exists in LogNameSpace. The Log class contains the MakeLog method that creates a new log file on the local computer. This application creates a new instance of the Log class and executes the MakeLog method in the try block. Using the catch keyword, it intercepts any SecurityException thrown and displays a message.

Example

Imports System
Imports System.Security
'The hypothetical class log is in this namespace.
Imports LogNameSpace
Imports System.Security.Permissions
'The request is placed at the assembly level.
<assembly: FileIOPermission(SecurityAction.RequestOptional, Unrestricted := True)>

Namespace MyNamespace
   Public Class MyClass1
      
      Public Sub New()

      End Sub
      
      'Entry point that delegates to C-style main Private Function.
      Public Overloads Shared Sub Main()
         Main(System.Environment.GetCommandLineArgs())
      End Sub
      
      Overloads Public Shared Sub Main(args() As String)
         'Put any code that requires optional permissions in the try block. 
         Try
            Dim MyLog As New Log()
            MyLog.MakeLog()
            Console.WriteLine("The Log has been created.")
         'Catch the security exception and inform the user that the 
         'application was not granted FileIOPermission.
         Catch
            Console.WriteLine("This application does not have permission to write to the disk.")
         End Try
      End Sub
   End Class
End Namespace     
//The request is placed at the assembly level.
using System.Security.Permissions;
[assembly:FileIOPermission(SecurityAction.RequestOptional, Unrestricted = true)]

namespace MyNamespace {
   using System;
   using System.Security;
   //The hypothetical class log is in this namespace.
   using LogNameSpace;

   public class MyClass {
      public MyClass() {
      }

      public static void Main(string[] args) {
         //Put any code that requires optional permissions in the try block. 
         try {
            Log MyLog = new Log();
            MyLog.MakeLog();
            Console.WriteLine("The Log has been created.");
         }
         //Catch the security exception and inform the user that the 
         //application was not granted FileIOPermission.
         catch(SecurityException) {
            Console.WriteLine("This application does not have permission to write to the disk.");
         }
      }
   }
}

The previous code creates the log file and displays the following message to the console if it has sufficient permissions:

The Log has been created.

If the code is run from a share and the local security settings do not allow such code to have FileIOPermission, the code is not granted sufficient permission and displays the following message:

This application does not have permission to write to the disk.

See Also

Reference

SecurityAction Enumeration
FileIOPermission Class
UIPermission Class

Concepts

Requesting Permissions

Other Resources

Extending Metadata Using Attributes
Code Access Security