As per MSDN, the definition of Code Group is "a logical
grouping of code that has a specified condition for membership." A code
group has some permission sets associated with it. Based on these permission
sets, the security policy will be configured by the administrators. A named
permission set consists of at least one permission set and a
name and description for the permission set. Administrators can use named
permission sets to establish or modify the security policy for code groups.
Please find the built-in named permission sets provided by the common language
runtime.
·
Nothing - no permissions (code cannot run)
·
Execution - permission to run (execute), but no permissions to
use protected resources
·
Internet - the default policy permission set suitable for content
from unknown origin
·
LocalIntranet - the default policy permission set within an
enterprise
·
Everything - all standard (built-in) permissions, except permission
to skip verification
·
FullTrust - full access to all resources
Let us see how a code group forms in configuration file and
then discuss each element in detail. Listing 2 forms a code group. The code
group is of the type NetCodeGroup. This is from the assembly “mscorlib.” The
NetCodeGroup class provides the Web permission to the site from which the
assembly is downloaded. It forms the union of PolicyStatement objects and
grants permission based on the same. A PolicyStatement consists of a set of
granted permissions and possible special attributes for the code group. There
are three types of schemes available for NetCodeGroup: Http, Https and File.
The IMembershipCondition defines the test to determine whether a code assembly
is a member of a code group. The IMembershipCondition has a method Check which
does the same. AllMembershipCondition is the class which represents the
membership condition that matches all the code.
Listing 2
<CodeGroup
class="System.Security.Policy.NetCodeGroup, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Name="Internet_Same_Site_Access"
Description="All Internet code gets the right to connect back to the site of its origin.">
<IMembershipCondition
class="System.Security.Policy.AllMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"/>
<connectAccessRules>
<codeOrigin scheme="file"/>
<codeOrigin scheme="http">
<connectAccess scheme="http"
port="$origin"/>
The figure below shows different types of code groups that
inherit from the abstract class code group.
Figure 1