System.Security.SecurityManager Class

Assembly: Mscorlib.dll
Namespace: System.Security
Summary
Provides the main access point for classes interacting with the security system. This class cannot be inherited.
C# Syntax:
public sealed class SecurityManager
Remarks
Security provides methods to access and manipulate the security policy configuration. You cannot create instances of SecurityManager.
See also:
System.Security Namespace

System.Security.SecurityManager Member List:

Public Properties
CheckExecutionRights Read-write

Gets or sets a value indicating whether code must have SecurityPermissionFlag.Execution in order to execute.
SecurityEnabled Read-write

Gets or sets a value indicating whether security is enabled.
Public Methods
Equals
(inherited from System.Object)		 See base class member description: System.Object.Equals

Derived from System.Object, the primary base class for all objects.
GetHashCode
(inherited from System.Object)		 See base class member description: System.Object.GetHashCode

Derived from System.Object, the primary base class for all objects.
GetType
(inherited from System.Object)		 See base class member description: System.Object.GetType

Derived from System.Object, the primary base class for all objects.
IsGranted Determines whether a permission is granted to the caller.
LoadPolicyLevelFromFile Loads a PolicyLevel from the specified file.
LoadPolicyLevelFromString Loads a PolicyLevel from the specified string.
PolicyHierarchy Provides an enumerator to access the security policy hierarchy by levels, such as computer policy and user policy.
ResolvePolicy Overloaded:
ResolvePolicy(Evidence evidence)

 Determines what permissions to grant to code based on the specified evidence.
ResolvePolicy Overloaded:
ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied)

 Determines what permissions to grant to code based on the specified evidence and requests.
ResolvePolicyGroups Gets a collection of code groups matching the specified evidence.
SavePolicy Saves the modified security policy state.
SavePolicyLevel Saves a modified security policy level loaded with SecurityManager.LoadPolicyLevelFromFile.
ToString
(inherited from System.Object)		 See base class member description: System.Object.ToString

Derived from System.Object, the primary base class for all objects.
Protected Methods
Finalize
(inherited from System.Object)		 See base class member description: System.Object.Finalize

Derived from System.Object, the primary base class for all objects.
MemberwiseClone
(inherited from System.Object)		 See base class member description: System.Object.MemberwiseClone

Derived from System.Object, the primary base class for all objects.

Hierarchy:

System.Security.SecurityManager Member Details

Property: CheckExecutionRights (read-write)
Summary
Gets or sets a value indicating whether code must have SecurityPermissionFlag.Execution in order to execute.
C# Syntax:
public static bool CheckExecutionRights {get; set;}
Remarks
If this property is false, even code without SecurityPermissionFlag.Execution can execute. Execution checking is expensive and can eliminate the advantages of lazy policy resolution. This property is provided to disable execution checking when needed.

A change to this property is not persisted until SecurityManager.SavePolicy is called. New processes will not be affected by the change until it is persisted in the registry.

.NET Framework Security:
SecurityPermission for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Property: SecurityEnabled (read-write)
Summary
Gets or sets a value indicating whether security is enabled.
C# Syntax:
public static bool SecurityEnabled {get; set;}
Remarks
Security configuration provides a way for administrators to disable security. When security is disabled, all demands succeed.

Disabling security makes the system vulnerable to attacks by malicious code such as viruses and worms. Turning off security gains some extra performance and should only be done when other security measures have been taken to ensure overall system security is not breached. Examples of other security precautions include disconnecting from public networks, physically securing computers, and so on.

A change to this property is not persisted in the registry until SecurityManager.SavePolicy is called. New processes will not be affected by the change until it is persisted in the registry. Changing the value of this property in a running process does not necessarily change the state in the expected manner. To ensure changes have taken effect, you must call SecurityManager.SavePolicy and start a new process.

Example
The following example ensures that code cannot run in an unsecured environment.
    if ( !SecurityManager.SecurityEnabled ) {
        throw new SecurityException(myResourceManager.GetString("Security_Required"));
    }
.NET Framework Security:
SecurityPermission for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Method: Equals(
   object obj
)
Inherited
See base class member description: System.Object.Equals
C# Syntax:
public virtual bool Equals(
   object obj
);

For more information on members inherited from System.Object click on the link above.

Return to top

Method: Finalize()
Inherited
See base class member description: System.Object.Finalize
C# Syntax:
~SecurityManager();

For more information on members inherited from System.Object click on the link above.

Return to top

Method: GetHashCode()
Inherited
See base class member description: System.Object.GetHashCode
C# Syntax:
public virtual int GetHashCode();

For more information on members inherited from System.Object click on the link above.

Return to top

Method: GetType()
Inherited
See base class member description: System.Object.GetType
C# Syntax:
public Type GetType();

For more information on members inherited from System.Object click on the link above.

Return to top

Method: IsGranted(
   IPermission perm
)
Summary
Determines whether a permission is granted to the caller.
C# Syntax:
public static bool IsGranted(
   IPermission perm
);
Parameters:

perm

The permission to test against the grant of the caller.

Return Value:
true if the permissions granted to the caller include the permission perm; otherwise, false.
Remarks
Granting of permissions is determined by policy and is different from a demand subject to overrides, such as an assert. Also, SecurityManager.IsGranted only tests the grant of the calling code assembly, independent of other callers on the stack.

Return to top

Method: LoadPolicyLevelFromFile(
   string path,
   PolicyLevelType type
)
Summary
Loads a PolicyLevel from the specified file.
C# Syntax:
public static PolicyLevel LoadPolicyLevelFromFile(
   string path,
   PolicyLevelType type
);
Parameters:

path

The physical file path to a file containing the security policy information.

type

One of the PolicyLevelType values.

Return Value:
The loaded PolicyLevel.
Exceptions
Exception Type Condition
ArgumentNullException The path parameter is null.
ArgumentException The file indicated by the path parameter does not exist.
.NET Framework Security:
SecurityPermission for the ability to view and modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Method: LoadPolicyLevelFromString(
   string str,
   PolicyLevelType type
)
Summary
Loads a PolicyLevel from the specified string.
C# Syntax:
public static PolicyLevel LoadPolicyLevelFromString(
   string str,
   PolicyLevelType type
);
Parameters:

str

The XML representation of a security policy level in the same form in which it appears in a configuration file.

type

One of the PolicyLevelType values.

Return Value:
The loaded PolicyLevel.
Exceptions
Exception Type Condition
ArgumentNullException The str parameter is null.
ArgumentException The str parameter is not valid.
.NET Framework Security:
SecurityPermission for the ability to view and modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Method: MemberwiseClone()
Inherited
See base class member description: System.Object.MemberwiseClone
C# Syntax:
protected object MemberwiseClone();

For more information on members inherited from System.Object click on the link above.

Return to top

Method: PolicyHierarchy()
Summary
Provides an enumerator to access the security policy hierarchy by levels, such as computer policy and user policy.
C# Syntax:
public static IEnumerator PolicyHierarchy();
Return Value:
An IEnumerator for PolicyLevel objects that comprise the security policy hierarchy.
Remarks
The returned enumerator provides successive PolicyLevel objects that represent the policy at the respective (machine, user, enterprise, application domain) level of the hierarchy. These objects are the live policy objects; altering these objects can have unpredictable results.

Minimum policy hierarchy consists of a machine level, an enterprise level, and a user level. However, the hierarchy can include additional levels.

.NET Framework Security:
SecurityPermission for the ability to view and modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Overloaded Method: ResolvePolicy(
   Evidence evidence
)
Summary
Determines what permissions to grant to code based on the specified evidence.
C# Syntax:
public static PermissionSet ResolvePolicy(
   Evidence evidence
);
Parameters:

evidence

The evidence set used to evaluate policy.

Return Value:
The set of permissions that would be granted by the security system.
Remarks
This method invokes the security policy engine, providing it with evidence of the calling code's identity. The result is determined by the security policy.

Return to top

Overloaded Method: ResolvePolicy(
   Evidence evidence,
   PermissionSet reqdPset,
   PermissionSet optPset,
   PermissionSet denyPset,
   out PermissionSet denied
)
Summary
Determines what permissions to grant to code based on the specified evidence and requests.
C# Syntax:
public static PermissionSet ResolvePolicy(
   Evidence evidence,
   PermissionSet reqdPset,
   PermissionSet optPset,
   PermissionSet denyPset,
   out PermissionSet denied
);
Parameters:

evidence

The evidence set used to evaluate policy.

reqdPset

The required permissions the code needs to run.

optPset

The optional permissions that will be used if granted, but aren't required for the code to run.

denyPset

The denied permissions that must never be granted to the code even if policy otherwise permits it.

denied

An output parameter that contains the set of permissions not granted.

Return Value:
The set of permissions that would be granted by the security system.
Exceptions
Exception Type Condition
PolicyException Policy fails to grant the minimum required permissions specified by the reqdPset parameter.
Remarks
This method invokes the security policy engine, providing it with evidence of the calling code's identity and the set of permissions the code requests. The result is determined by the security policy. This method returns the set of permissions that would be granted by the security system, and returns the set of permissions that would be denied as an output parameter. The effective granted permissions are those in the granted set that are not in the denied set.

Return to top

Method: ResolvePolicyGroups(
   Evidence evidence
)
Summary
Gets a collection of code groups matching the specified evidence.
C# Syntax:
public static IEnumerator ResolvePolicyGroups(
   Evidence evidence
);
Parameters:

evidence

The evidence set against which the policy is evaluated.

Return Value:
An IEnumerator enumeration of the set of code groups matching the evidence.
Remarks
This method is useful in analyzing how a specified policy configuration works with specific kinds of evidence.

Code groups will be returned from all applicable levels of the policy hierarchy matching the evidence parameter.

Return to top

Method: SavePolicy()
Summary
Saves the modified security policy state.
C# Syntax:
public static void SavePolicy();
Remarks
This method saves the policy as exposed by SecurityManager.PolicyHierarchy, PolicyLevel, and other classes that represent configuration of the security policy. Unless this method is called, changes made to the policy objects will not be saved and will not affect subsequent application runs.
.NET Framework Security:
SecurityPermission for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Method: SavePolicyLevel(
   PolicyLevel level
)
Summary
Saves a modified security policy level loaded with SecurityManager.LoadPolicyLevelFromFile.
C# Syntax:
public static void SavePolicyLevel(
   PolicyLevel level
);
Parameters:

level

The PolicyLevel object to be saved.

Remarks
The PolicyLevel will be saved to the same location from which it loaded.
.NET Framework Security:
SecurityPermission for the ability to modify policy. Associated enumeration: SecurityPermissionFlag.ControlPolicy

Return to top

Method: ToString()
Inherited
See base class member description: System.Object.ToString
C# Syntax:
public virtual string ToString();

For more information on members inherited from System.Object click on the link above.

Return to top

Top of page

Copyright (c) 2002 Microsoft Corporation. All rights reserved.