Inheritance Demands

Inheritance demands applied to classes have a different meaning than inheritance demands applied to methods. You can place inheritance demands at the class level to ensure that only code with the specified permission can inherit from your class. Inheritance demands placed on methods require that code have the specified permission to override the method.


A new transparency model has been introduced in the .NET Framework version 4. The Security-Transparent Code, Level 2 model identifies secure code with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute. Security-critical code requires both callers and inheritors to be fully trusted. Any type or member that inherits from a security-critical type or member must be security-critical or security-safe-critical. Assemblies that use earlier code access security rules (level 1) can call level 2 security-critical types and members if they are full trusted. However, the level 2 types and members must specifically identify inheritance demands, because level 2 implicit inheritance rules do not apply to level 1 callers.

Class Inheritance Demands

An inherited demand applied to a class has the effect of demanding that all classes derived from the parent class have the specified permission. For example, if class B is to inherit from class A and class A is protected by an inheritance demand, then B must be granted that permission in order to run. If class B is granted that permission and derives from class A, then class C must also have the permission demanded by A, if it is to derive from B. This demand can be applied only declaratively.

The following code example uses an inheritance demand to require that any class that inherits from the MyClass1 class must have the custom permission CustomPermissionAttribute. This permission is a hypothetical custom permission and does not exist in the .NET Framework. The demand is made by passing the CustomPermissionAttribute a SecurityAction.InheritanceDemand enumeration value.

<CustomPermissionAttribute(SecurityAction.InheritanceDemand)> _
Public Class MyClass1
    Public Sub New()
    End Sub 
    Public Overridable Function ReadData() As String
        ' Access a custom resource.
    End Function
End Class    
public class MyClass
    public MyClass()

    public virtual string ReadData()
        // Access a custom resource.

Method Inheritance Demands

Placing an inheritance demand on a static method in the base class has no impact on derived classes because the static methods are unrelated. However, placing an inheritance demand on any nonstatic method in the base class has the same effect as an inheritance demand on the class. All methods in the derived class, including the constructor for the class, must meet the inheritance demand.

See Also


Security Demands

Creating Your Own Code Access Permissions

Adding Declarative Security Support

Other Resources

Extending Metadata Using Attributes

Code Access Security