Bewerken

Share via


IPermission Interface

Definition

Caution

Code Access Security is not supported or honored by the runtime.

Defines methods implemented by permission types.

public interface class IPermission : System::Security::ISecurityEncodable
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public interface IPermission : System.Security.ISecurityEncodable
public interface IPermission : System.Security.ISecurityEncodable
[System.Runtime.InteropServices.ComVisible(true)]
public interface IPermission : System.Security.ISecurityEncodable
[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type IPermission = interface
    interface ISecurityEncodable
type IPermission = interface
    interface ISecurityEncodable
[<System.Runtime.InteropServices.ComVisible(true)>]
type IPermission = interface
    interface ISecurityEncodable
Public Interface IPermission
Implements ISecurityEncodable
Derived
Attributes
Implements

Examples

This example shows how to define a permission class for use with code access security. All of the necessary permission interfaces are implemented.

using namespace System;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Reflection;

// Enumerated type for permission states.
[Serializable]
public enum class SoundPermissionState
{
    NoSound = 0,
    PlaySystemSounds = 1,
    PlayAnySound = 2
};

// Derive from CodeAccessPermission to gain implementations of the following
// sealed IStackWalk methods: Assert, Demand, Deny, and PermitOnly.
// Implement the following abstract IPermission methods: 
// Copy, Intersect, and IsSubSetOf.
// Implementing the Union method of the IPermission class is optional.
// Implement the following abstract ISecurityEncodable methods: 
// FromXml and ToXml.
// Making the class 'sealed' is optional.

public ref class SoundPermission sealed : public CodeAccessPermission, 
    public IPermission, public IUnrestrictedPermission, 
    public ISecurityEncodable, public ICloneable
{
private:
    bool specifiedAsUnrestricted;
private:
    SoundPermissionState stateFlags;

    // This constructor creates and initializes 
    // a permission with generic access.
public:
    SoundPermission(PermissionState^ state)
    {
        specifiedAsUnrestricted = (state == PermissionState::Unrestricted);
    }

    // This constructor creates and initializes 
    // a permission with specific access.
public:
    SoundPermission(SoundPermissionState flags)
    {
        if (flags < SoundPermissionState::NoSound ||
            flags > SoundPermissionState::PlayAnySound)
        {
            throw gcnew ArgumentException("The value of \"flags\" is not" +
                " valid for the SoundPermissionState enumerated type");
        }
        stateFlags = flags;
    }

    // For debugging, return the state of this object as XML.
public:
    virtual String^ ToString() override
    {
        return ToXml()->ToString();
    }

    // Private method to cast (if possible) an IPermission to the type.
private:
    SoundPermission^ VerifyTypeMatch(IPermission^ target)
    {
        if (GetType() != target->GetType())
        {
            throw gcnew ArgumentException(String::Format(
                "The variable \"target\" must be of the {0} type",
                GetType()->FullName));
        }
        return (SoundPermission^) target;
    }

    // This is the Private Clone helper method.
private:
    SoundPermission^ Clone(bool specifiedAsUnrestricted, 
        SoundPermissionState flags)
    {
        SoundPermission^ soundPerm = (SoundPermission^) Clone();
        soundPerm->specifiedAsUnrestricted = specifiedAsUnrestricted;
        soundPerm->stateFlags = specifiedAsUnrestricted ? 
            SoundPermissionState::PlayAnySound : flags;
        return soundPerm;
    }

    #pragma region IPermission^ Members
    // Return a new object that contains the intersection 
    // of 'this' and 'target'.
public:
    virtual IPermission^ Intersect(IPermission^ target) override
    {
        // If 'target' is null, return null.
        if (target == nullptr)
        {
            return nullptr;
        }

        // Both objects must be the same type.
        SoundPermission^ soundPerm = VerifyTypeMatch(target);

        // If 'this' and 'target' are unrestricted, 
        // return a new unrestricted permission.
        if (specifiedAsUnrestricted && soundPerm->specifiedAsUnrestricted)
        {
            return Clone(true, SoundPermissionState::PlayAnySound);
        }

        // Calculate the intersected permissions. 
        // If there are none, return null.
        SoundPermissionState minimumPermission = (SoundPermissionState)
            Math::Min((int) stateFlags, (int) soundPerm->stateFlags);
        if ((int)minimumPermission == 0)
        {
            return nullptr;
        }

        // Return a new object with the intersected permission value.
        return Clone(false, minimumPermission);
    }

    // Called by the Demand method: returns true 
    // if 'this' is a subset of 'target'.
public:
    virtual bool IsSubsetOf(IPermission^ target) override
    {
        // If 'target' is null and this permission allows nothing, 
        // return true.
        if (target == nullptr)
        {
            return (int)stateFlags == 0;
        }

        // Both objects must be the same type.
        SoundPermission^ soundPerm = VerifyTypeMatch(target);

        // Return true if the permissions of 'this' 
        // is a subset of 'target'.
        return stateFlags <= soundPerm->stateFlags;
    }

    // Return a new object that matches 'this' object's permissions.
public:
    virtual IPermission^ Copy () override sealed
    {
        return (IPermission^) Clone();
    }

    // Return a new object that contains the union of 'this' and 'target'.
    // Note: You do not have to implement this method. 
    // If you do not, the version
    // in CodeAccessPermission does this:
    //    1. If target is not null, a NotSupportedException is thrown.
    //    2. If target is null, then Copy is called and 
    //       the new object is returned.
public:
    virtual IPermission^ Union(IPermission^ target) override
    {
        // If 'target' is null, then return a copy of 'this'.
        if (target == nullptr)
        {
            return Copy();
        }

        // Both objects must be the same type.
        SoundPermission^ soundPerm = VerifyTypeMatch(target);

        // If 'this' or 'target' are unrestricted, 
        // return a new unrestricted permission.
        if (specifiedAsUnrestricted || soundPerm->specifiedAsUnrestricted)
        {
            return Clone(true, SoundPermissionState::PlayAnySound);
        }

        // Return a new object with the calculated, unioned permission value.
        return Clone(false, (SoundPermissionState)
            Math::Max((int) stateFlags, (int) soundPerm->stateFlags));
    }
    #pragma endregion

    #pragma region ISecurityEncodable^ Members
    // Populate the permission's fields from XML.
public:
    virtual void FromXml(SecurityElement^ element) override
    {
        specifiedAsUnrestricted = false;
        stateFlags = (SoundPermissionState)0;

        // If XML indicates an unrestricted permission, 
        // make this permission unrestricted.
        String^ attributeString = 
            (String^) element->Attributes["Unrestricted"];
        if (attributeString != nullptr)
        {
            specifiedAsUnrestricted = Convert::ToBoolean(attributeString);
            if (specifiedAsUnrestricted)
            {
                stateFlags = SoundPermissionState::PlayAnySound;
            }
        }

        // If XML indicates a restricted permission, parse the flags.
        if (!specifiedAsUnrestricted)
        {
            attributeString = (String^) element->Attributes["Flags"];
            if (attributeString != nullptr)
            {
                stateFlags = (SoundPermissionState) Convert::ToInt32(
                    Enum::Parse(SoundPermissionState::typeid, 
                    attributeString, true));
            }
        }
    }

    // Produce XML from the permission's fields.
public:
    virtual SecurityElement^ ToXml() override
    {
        // These first three lines create an element with the required format.
        SecurityElement^ element = gcnew SecurityElement("IPermission");
        // Replace the double quotation marks () 
        // with single quotation marks ()
        // to remain XML compliant when the culture is not neutral.
        element->AddAttribute("class", 
            GetType()->AssemblyQualifiedName->Replace('\"', '\''));
        element->AddAttribute("version", "1");

        if (!specifiedAsUnrestricted)
        {
            element->AddAttribute("Flags", 
                Enum::Format(SoundPermissionState::typeid, stateFlags, "G"));
        }   
        else
        {
            element->AddAttribute("Unrestricted", "true");
        }
        return element;
    }
    #pragma endregion

    #pragma region IUnrestrictedPermission^ Members
    // Returns true if permission is effectively unrestricted.
public:
    virtual bool IsUnrestricted()
    {
        // This means that the object is unrestricted at runtime.
        return stateFlags == SoundPermissionState::PlayAnySound;
    }
    #pragma endregion

    #pragma region ICloneable^ Members

    // Return a copy of the permission.
public:
    virtual Object^ Clone()
    {
        return MemberwiseClone();
    }

    #pragma endregion
};
using System;
using System.Security;
using System.Security.Permissions;
using System.Reflection;

// Enumerated type for permission states.
[Serializable]
public enum SoundPermissionState
{
    NoSound = 0,
    PlaySystemSounds = 1,
    PlayAnySound = 2
}

// Derive from CodeAccessPermission to gain implementations of the following
// sealed IStackWalk methods: Assert, Demand, Deny, and PermitOnly.
// Implement the following abstract IPermission methods: Copy, Intersect, and IsSubSetOf.
// Implementing the Union method of the IPermission class is optional.
// Implement the following abstract ISecurityEncodable methods: FromXml and ToXml.
// Making the class 'sealed' is optional.

public sealed class SoundPermission : CodeAccessPermission, IPermission,
    IUnrestrictedPermission, ISecurityEncodable, ICloneable
{
    private Boolean m_specifiedAsUnrestricted = false;
    private SoundPermissionState m_flags = SoundPermissionState.NoSound;

    // This constructor creates and initializes a permission with generic access.
    public SoundPermission(PermissionState state)
    {
        m_specifiedAsUnrestricted = (state == PermissionState.Unrestricted);
    }

    // This constructor creates and initializes a permission with specific access.
    public SoundPermission(SoundPermissionState flags)
    {
        if (!Enum.IsDefined(typeof(SoundPermissionState), flags))
            throw new ArgumentException
                ("flags value is not valid for the SoundPermissionState enuemrated type");
        m_specifiedAsUnrestricted = false;
        m_flags = flags;
    }

    // For debugging, return the state of this object as XML.
    public override String ToString() { return ToXml().ToString(); }

    // Private method to cast (if possible) an IPermission to the type.
    private SoundPermission VerifyTypeMatch(IPermission target)
    {
        if (GetType() != target.GetType())
            throw new ArgumentException(String.Format("target must be of the {0} type",
                GetType().FullName));
        return (SoundPermission)target;
    }

    // This is the Private Clone helper method.
    private SoundPermission Clone(Boolean specifiedAsUnrestricted, SoundPermissionState flags)
    {
        SoundPermission soundPerm = (SoundPermission)Clone();
        soundPerm.m_specifiedAsUnrestricted = specifiedAsUnrestricted;
        soundPerm.m_flags = specifiedAsUnrestricted ? SoundPermissionState.PlayAnySound : m_flags;
        return soundPerm;
    }

    #region IPermission Members
    // Return a new object that contains the intersection of 'this' and 'target'.
    public override IPermission Intersect(IPermission target)
    {
        // If 'target' is null, return null.
        if (target == null) return null;

        // Both objects must be the same type.
        SoundPermission soundPerm = VerifyTypeMatch(target);

        // If 'this' and 'target' are unrestricted, return a new unrestricted permission.
        if (m_specifiedAsUnrestricted && soundPerm.m_specifiedAsUnrestricted)
            return Clone(true, SoundPermissionState.PlayAnySound);

        // Calculate the intersected permissions. If there are none, return null.
        SoundPermissionState val = (SoundPermissionState)
            Math.Min((Int32)m_flags, (Int32)soundPerm.m_flags);
        if (val == 0) return null;

        // Return a new object with the intersected permission value.
        return Clone(false, val);
    }

    // Called by the Demand method: returns true if 'this' is a subset of 'target'.
    public override Boolean IsSubsetOf(IPermission target)
    {
        // If 'target' is null and this permission allows nothing, return true.
        if (target == null) return m_flags == 0;

        // Both objects must be the same type.
        SoundPermission soundPerm = VerifyTypeMatch(target);

        // Return true if the permissions of 'this' is a subset of 'target'.
        return m_flags <= soundPerm.m_flags;
    }

    // Return a new object that matches 'this' object's permissions.
    public sealed override IPermission Copy()
    {
        return (IPermission)Clone();
    }

    // Return a new object that contains the union of 'this' and 'target'.
    // Note: You do not have to implement this method. If you do not, the version
    // in CodeAccessPermission does this:
    //    1. If target is not null, a NotSupportedException is thrown.
    //    2. If target is null, then Copy is called and the new object is returned.
    public override IPermission Union(IPermission target)
    {
        // If 'target' is null, then return a copy of 'this'.
        if (target == null) return Copy();

        // Both objects must be the same type.
        SoundPermission soundPerm = VerifyTypeMatch(target);

        // If 'this' or 'target' are unrestricted, return a new unrestricted permission.
        if (m_specifiedAsUnrestricted || soundPerm.m_specifiedAsUnrestricted)
            return Clone(true, SoundPermissionState.PlayAnySound);

        // Return a new object with the calculated, unioned permission value.
        return Clone(false, (SoundPermissionState)
            Math.Max((Int32)m_flags, (Int32)soundPerm.m_flags));
    }
    #endregion

    #region ISecurityEncodable Members
    // Populate the permission's fields from XML.
    public override void FromXml(SecurityElement e)
    {
        m_specifiedAsUnrestricted = false;
        m_flags = 0;

        // If XML indicates an unrestricted permission, make this permission unrestricted.
        String s = (String)e.Attributes["Unrestricted"];
        if (s != null)
        {
            m_specifiedAsUnrestricted = Convert.ToBoolean(s);
            if (m_specifiedAsUnrestricted)
                m_flags = SoundPermissionState.PlayAnySound;
        }

        // If XML indicates a restricted permission, parse the flags.
        if (!m_specifiedAsUnrestricted)
        {
            s = (String)e.Attributes["Flags"];
            if (s != null)
            {
                m_flags = (SoundPermissionState)
                Convert.ToInt32(Enum.Parse(typeof(SoundPermission), s, true));
            }
        }
    }

    // Produce XML from the permission's fields.
    public override SecurityElement ToXml()
    {
        // These first three lines create an element with the required format.
        SecurityElement e = new SecurityElement("IPermission");
        // Replace the double quotation marks ("") with single quotation marks ('')
        // to remain XML compliant when the culture is not neutral.
        e.AddAttribute("class", GetType().AssemblyQualifiedName.Replace('\"', '\''));
        e.AddAttribute("version", "1");

        if (!m_specifiedAsUnrestricted)
            e.AddAttribute("Flags", Enum.Format(typeof(SoundPermissionState), m_flags, "G"));
        else
            e.AddAttribute("Unrestricted", "true");
        return e;
    }
    #endregion

    #region IUnrestrictedPermission Members
    // Returns true if permission is effectively unrestricted.
    public Boolean IsUnrestricted()
    {
        // This means that the object is unrestricted at runtime.
        return m_flags == SoundPermissionState.PlayAnySound;
    }
    #endregion

    #region ICloneable Members

    // Return a copy of the permission.
    public Object Clone() { return MemberwiseClone(); }

    #endregion
}
Imports System.Security
Imports System.Security.Permissions
Imports System.Reflection


' Enumerated type for permission states.
<Serializable()>  _
Public Enum SoundPermissionState
    NoSound = 0
    PlaySystemSounds = 1
    PlayAnySound = 2
End Enum 'SoundPermissionState

' Derive from CodeAccessPermission to gain implementations of the following
' sealed IStackWalk methods: Assert, Demand, Deny, and PermitOnly.
' Implement the following abstract IPermission methods: Copy, Intersect, and IsSubSetOf.
' Implementing the Union method of the IPermission class is optional.
' Implement the following abstract ISecurityEncodable methods: FromXml and ToXml.
' Making the class 'sealed' is optional.

NotInheritable Public Class SoundPermission
    Inherits CodeAccessPermission
    Implements IPermission, IUnrestrictedPermission, ISecurityEncodable, ICloneable
    Private m_specifiedAsUnrestricted As [Boolean] = False
    Private m_flags As SoundPermissionState = SoundPermissionState.NoSound
    ' This constructor creates and initializes a permission with generic access.
    Public Sub New(ByVal state As PermissionState)
        m_specifiedAsUnrestricted = state = PermissionState.Unrestricted

    End Sub
    ' This constructor creates and initializes a permission with specific access.
    Public Sub New(ByVal flags As SoundPermissionState)
        If Not [Enum].IsDefined(GetType(SoundPermissionState), flags) Then
            Throw New ArgumentException("flags value is not valid for the SoundPermissionState enuemrated type")
        End If
        m_specifiedAsUnrestricted = False
        m_flags = flags

    End Sub
    ' For debugging, return the state of this object as XML.
    Public Overrides Function ToString() As String
        Return ToXml().ToString()

    End Function 'ToString
    ' Private method to cast (if possible) an IPermission to the type.
    Private Function VerifyTypeMatch(ByVal target As IPermission) As SoundPermission
        If [GetType]() <> target.GetType() Then
            Throw New ArgumentException(String.Format("target must be of the {0} type", [GetType]().FullName))
        End If
        Return CType(target, SoundPermission)

    End Function 'VerifyTypeMatch
    ' This is the Private Clone helper method.
    Private Function Clone(ByVal specifiedAsUnrestricted As [Boolean], ByVal flags As SoundPermissionState) As SoundPermission
        Dim soundPerm As SoundPermission = CType(Clone(), SoundPermission)
        soundPerm.m_specifiedAsUnrestricted = specifiedAsUnrestricted
        soundPerm.m_flags = IIf(specifiedAsUnrestricted, SoundPermissionState.PlayAnySound, m_flags)
        Return soundPerm

    End Function 'Clone

#Region "IPermission Members"

    ' Return a new object that contains the intersection of 'this' and 'target'.
    Public Overrides Function Intersect(ByVal target As IPermission) As IPermission
        ' If 'target' is null, return null.
        If target Is Nothing Then
            Return Nothing
        End If
        ' Both objects must be the same type.
        Dim soundPerm As SoundPermission = VerifyTypeMatch(target)

        ' If 'this' and 'target' are unrestricted, return a new unrestricted permission.
        If m_specifiedAsUnrestricted AndAlso soundPerm.m_specifiedAsUnrestricted Then
            Return Clone(True, SoundPermissionState.PlayAnySound)
        End If
        ' Calculate the intersected permissions. If there are none, return null.
        Dim val As SoundPermissionState = CType(Math.Min(CType(m_flags, Int32), CType(soundPerm.m_flags, Int32)), SoundPermissionState)
        If val = 0 Then
            Return Nothing
        End If
        ' Return a new object with the intersected permission value.
        Return Clone(False, val)

    End Function 'Intersect

    ' Called by the Demand method: returns true if 'this' is a subset of 'target'.
    Public Overrides Function IsSubsetOf(ByVal target As IPermission) As [Boolean]
        ' If 'target' is null and this permission allows nothing, return true.
        If target Is Nothing Then
            Return m_flags = 0
        End If
        ' Both objects must be the same type.
        Dim soundPerm As SoundPermission = VerifyTypeMatch(target)

        ' Return true if the permissions of 'this' is a subset of 'target'.
        Return m_flags <= soundPerm.m_flags

    End Function 'IsSubsetOf

    ' Return a new object that matches 'this' object's permissions.
    Public Overrides Function Copy() As IPermission
        Return CType(Clone(), IPermission)

    End Function 'Copy

    ' Return a new object that contains the union of 'this' and 'target'.
    ' Note: You do not have to implement this method. If you do not, the version
    ' in CodeAccessPermission does this:
    '    1. If target is not null, a NotSupportedException is thrown.
    '    2. If target is null, then Copy is called and the new object is returned.
    Public Overrides Function Union(ByVal target As IPermission) As IPermission
        ' If 'target' is null, then return a copy of 'this'.
        If target Is Nothing Then
            Return Copy()
        End If
        ' Both objects must be the same type.
        Dim soundPerm As SoundPermission = VerifyTypeMatch(target)

        ' If 'this' or 'target' are unrestricted, return a new unrestricted permission.
        If m_specifiedAsUnrestricted OrElse soundPerm.m_specifiedAsUnrestricted Then
            Return Clone(True, SoundPermissionState.PlayAnySound)
        End If
        ' Return a new object with the calculated, unioned permission value.
        Return Clone(False, CType(Math.Max(CType(m_flags, Int32), CType(soundPerm.m_flags, Int32)), SoundPermissionState))

    End Function 'Union
#End Region
#Region "ISecurityEncodable Members"

    ' Populate the permission's fields from XML.
    Public Overrides Sub FromXml(ByVal e As SecurityElement)
        m_specifiedAsUnrestricted = False
        m_flags = 0

        ' If XML indicates an unrestricted permission, make this permission unrestricted.
        Dim s As String = CStr(e.Attributes("Unrestricted"))
        If Not (s Is Nothing) Then
            m_specifiedAsUnrestricted = Convert.ToBoolean(s)
            If m_specifiedAsUnrestricted Then
                m_flags = SoundPermissionState.PlayAnySound
            End If
        End If
        ' If XML indicates a restricted permission, parse the flags.
        If Not m_specifiedAsUnrestricted Then
            s = CStr(e.Attributes("Flags"))
            If Not (s Is Nothing) Then
                m_flags = CType(Convert.ToInt32([Enum].Parse(GetType(SoundPermission), s, True)), SoundPermissionState)
            End If
        End If

    End Sub

    ' Produce XML from the permission's fields.
    Public Overrides Function ToXml() As SecurityElement
        ' These first three lines create an element with the required format.
        Dim e As New SecurityElement("IPermission")
        ' Replace the double quotation marks ("") with single quotation marks ('')
        ' to remain XML compliant when the culture is not neutral.
        e.AddAttribute("class", [GetType]().AssemblyQualifiedName.Replace(ControlChars.Quote, "'"c))
        e.AddAttribute("version", "1")

        If Not m_specifiedAsUnrestricted Then
            e.AddAttribute("Flags", [Enum].Format(GetType(SoundPermissionState), m_flags, "G"))
        Else
            e.AddAttribute("Unrestricted", "true")
        End If
        Return e

    End Function 'ToXml
#End Region
#Region "IUnrestrictedPermission Members"

    ' Returns true if permission is effectively unrestricted.
    Public Function IsUnrestricted() As [Boolean] Implements IUnrestrictedPermission.IsUnrestricted
        ' This means that the object is unrestricted at runtime.
        Return m_flags = SoundPermissionState.PlayAnySound

    End Function 'IsUnrestricted
#End Region
#Region "ICloneable Members"
    ' Return a copy of the permission.
    Public Function Clone() As [Object] Implements System.ICloneable.Clone
        Return MemberwiseClone()

    End Function 'Clone
#End Region

End Class

Remarks

Caution

Code Access Security (CAS) has been deprecated across all versions of .NET Framework and .NET. Recent versions of .NET do not honor CAS annotations and produce errors if CAS-related APIs are used. Developers should seek alternative means of accomplishing security tasks.

Permissions in the common language runtime are objects that describe sets of operations that can be secured for specified resources. A permission object describes operations or access that is subject to security control; it does not represent access or a right to perform operations. Permissions are used by both application code and the .NET Framework security system in the following ways:

  • Code requests the permissions it needs in order to run.

  • The security system policy grants permissions to code in order for it to run.

  • Code demands that calling code has a permission.

  • Code overrides the security stack using assert/deny/permit-only.

Note

If you write a new permission, you must implement this interface in your class.

Important

A permission can be accessed by multiple threads. When implementing this interface, you must guarantee that the IsSubsetOf, Intersect, Union, and Copy method implementations are thread safe.

Methods

Copy()

Creates and returns an identical copy of the current permission.

Demand()

Throws a SecurityException at run time if the security requirement is not met.

FromXml(SecurityElement)

Reconstructs a security object with a specified state from an XML encoding.

(Inherited from ISecurityEncodable)
Intersect(IPermission)

Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission)

Determines whether the current permission is a subset of the specified permission.

ToXml()

Creates an XML encoding of the security object and its current state.

(Inherited from ISecurityEncodable)
Union(IPermission)

Creates a permission that is the union of the current permission and the specified permission.

Applies to