Udostępnij za pośrednictwem


Using the PermitOnly Method

Calling PermitOnly has essentially the same effect as calling Deny but is a different way of specifying the conditions under which the security check should fail. Instead of saying that a specified resource cannot be accessed, as Deny does, PermitOnly says that only the resources you specify can be accessed. Therefore, calling PermitOnly on permission X is the same as calling Deny on all permissions except permission X. If you call PermitOnly, your code can be used to access only the resources protected by the permissions that you specify when you call PermitOnly. You use PermitOnly instead of Deny when it is more convenient to describe resources that can be accessed instead of resources that cannot be accessed.

Note

In the .NET Framework version 4, runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. These requests should not be used in code that is based on the .NET Framework 4 or later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

If your code calls PermitOnly on a permission P1, and downstream callers then demand permission P2, the PermitOnly call affects the result of the stack walk only if P1 and P2 are of different types and if P2 is not a subset of P1.

The following code fragments show declarative syntax for overriding security checks using PermitOnly. Callers cannot use this code to access any protected resources except user interface resources. .

Option Explicit
Option Strict
Imports System
Imports System.Security.Permissions
Public Class MyClass1
   Public Sub New()
   End Sub   
   <UIPermissionAttribute(SecurityAction.PermitOnly, Unrestricted := True)> Public Sub 
   ReadRegistry()
      'Access a UI resource.
   End Sub
End Class
using System;
using System.Security.Permissions;

public class MyClass
{
   public MyClass() {    
   }   
   
   [UIPermissionAttribute(SecurityAction.PermitOnly, Unrestricted=true)]
   public void ReadRegistry() { 
      //Access a UI resource.
   }  
}

The following code example shows imperative syntax for overriding security checks using the PermitOnly method. The UIPermission constructor is passed a PermissionState object that specifies the user interface resources to which access is to be granted. Once the PermitOnly method is called, the code and all callers can be used only to access user interface resources.

Option Explicit
Option Strict
Imports System
Imports System.Security.Permissions
Public Class MyClass1
   Public Sub New()
   End Sub
   Public Sub ReadRegistry()
      Dim MyPermission As New UIPermission(PermissionState.Unrestricted)
      MyPermission.PermitOnly()
      'Access a UI resource.
   End Sub 
End Class
using System;
using System.Security.Permissions;

public class MyClass {
   public MyClass() {    
   }   
   public void ReadRegistry() { 
      UIPermission MyPermission = new UIPermission(PermissionState.Unrestricted);
      MyPermission.PermitOnly();
      //Access a UI resource.
   }  
}

See Also

Reference

Using the Deny Method

PermissionState

Concepts

Overriding Security Checks

Other Resources

Extending Metadata Using Attributes

Code Access Security