The code security can be implemented by either using the
Declarative Security or the Imperative Security. Let us now understand how
these two differ.
Declarative Security
This is accomplished by placing security attributes at the
assembly level, class level or member level. The attribute indicates the
request type, overrides and demands. Each permission object has a state data,
and this needs to be initialized to use that permission. Also, each permission
has an attribute to which the type of security action, which is an enumeration
called SecurityAction, is passed to the attribute. In the example below, all
the members of the class are restricted accessing the "Program Files"
folder.
Listing 4
[FileIOPermissionAttribute(SecurityAction.RequestRefuse, "C:\Program Files")]
public class RestrictPF
{
public RestrictPF()
{
//security call protects the constructor.
}
public void SomeMethod()
{
//security call also protects this method.
}
}
If you want to restrict the permission on the assembly
level, you can use the following.
Listing 5
[assembly: FileIOPermissionAttribute(SecurityAction.RequestRefuse, "C:\Program Files")]
If you want to restrict any registry access from the
assembly level, you can use the following.
Listing 6
[assembly: RegistryPermissionAttribute(SecurityAction.RequestRefuse, Unrestricted = true)]
So even though the code runs in an environment that allows
access to the registry or perform FileIO operations, the assembly will not be
granted any kind of permissions.
Imperative Security
This kind of security could be used to perform demands and
overrides. This helps in situations where you want to check the permissions at
runtime. However, this kind of security cannot be used to perform requests. In
imperative syntax, a new instance of the security permission object needs to be
created before calling. Also, you need to initialize the permission set to
invoke a security object. A permission set consists of a group of permissions;
initializing a permission group provides a means to perform assert calls on
multiple permissions in one method. For this purpose you could use the
NamedPermissionSet and PermissionSet classes for grouping of permissions. You
can then call the required method to invoke the appropriate security call.
Listing 7
public class RestrictPF
{
public RestrictPF(){}
public void SomeMethod()
{
//Here the FileIOPermissionAttribute is demanded using the imperative syntax.
//Method is protected by security call.
FileIOPermissionAttribute flsIOPerm = new FileIOPermissionAttribute();
flsIOPerm.Demand();
}
public void SomeOtherMethod()
{
//Method not protected by security call.
}
}