SecurityPermissionFlag Enum

Definition

Caution

Code Access Security is not supported or honored by the runtime.

Specifies access flags for the security permission object.

This enumeration supports a bitwise combination of its member values.

C#
[System.Flags]
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public enum SecurityPermissionFlag
C#
[System.Flags]
public enum SecurityPermissionFlag
C#
[System.Flags]
[System.Serializable]
public enum SecurityPermissionFlag
C#
[System.Flags]
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public enum SecurityPermissionFlag
Inheritance
SecurityPermissionFlag
Attributes

Fields

Name Value Description
NoFlags 0

No security access.

Assertion 1

Ability to assert that all this code's callers have the requisite permission for the operation.

UnmanagedCode 2

Ability to call unmanaged code.

Since unmanaged code potentially allows other permissions to be bypassed, this is a dangerous permission that should only be granted to highly trusted code. It is used for such applications as calling native code using PInvoke or using COM interop.

SkipVerification 4

Ability to skip verification of code in this assembly. Code that is unverifiable can be run if this permission is granted.

This is a powerful permission that should be granted only to highly trusted code.

This flag has no effect when used dynamically with stack modifiers such as Deny(), Assert(), and PermitOnly().

Execution 8

Permission for the code to run. Without this permission, managed code will not be executed.

This flag has no effect when used dynamically with stack modifiers such as Deny(), Assert(), and PermitOnly().

ControlThread 16

Ability to use certain advanced operations on threads.

ControlEvidence 32

Ability to provide evidence, including the ability to alter the evidence provided by the common language runtime.

This is a powerful permission that should only be granted to highly trusted code.

ControlPolicy 64

Ability to view and modify policy.

This is a powerful permission that should only be granted to highly trusted code.

SerializationFormatter 128

Ability to provide serialization services. Used by serialization formatters.

ControlDomainPolicy 256

Ability to specify domain policy.

ControlPrincipal 512

Ability to manipulate the principal object.

ControlAppDomain 1024

Ability to create and manipulate an AppDomain.

RemotingConfiguration 2048

Permission to configure Remoting types and channels.

Infrastructure 4096

Permission to plug code into the common language runtime infrastructure, such as adding Remoting Context Sinks, Envoy Sinks and Dynamic Sinks.

BindingRedirects 8192

Permission to perform explicit binding redirection in the application configuration file. This includes redirection of .NET assemblies that have been unified as well as other assemblies found outside .NET.

AllFlags 16383

The unrestricted state of the permission.

Examples

The following example shows the use of the SecurityPermissionFlag enumeration to deny and demand security permissions:

C#
// This sample demonstrates the use of the SecurityPermissionAttribute.

using System;
using System.Security.Permissions;
using System.Security;

class MyClass
{
    public static void PermissionDemo()
    {
        try
        {
            DenySecurityPermissions();
            DenyAllSecurityPermissions();
            DoNotDenySecurityPermissions();
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message.ToString());
        }
    }

    // This method demonstrates the use of the SecurityPermissionAttribute to deny individual security permissions.
    // Set the Assertion property.
    [SecurityPermissionAttribute(SecurityAction.Deny, Assertion = true)]
        // Set the ControlAppDomain property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlAppDomain = true)]
        // Set the ControlDomainPolicy property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlDomainPolicy = true)]
        // Set the ControlEvidence property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlEvidence = true)]
        // Set the ControlPolicy property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlPolicy = true)]
        // Set the ControlPrincipal property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlPrincipal = true)]
        // Set the ControlThread property.
    [SecurityPermissionAttribute(SecurityAction.Deny, ControlThread = true)]
        // Set the Execution property.
    [SecurityPermissionAttribute(SecurityAction.Deny, Execution = true)]
        // Set the Flags property.
    [SecurityPermissionAttribute(SecurityAction.Deny, Flags = SecurityPermissionFlag.NoFlags)]
        // Set the Infrastructure property.
    [SecurityPermissionAttribute(SecurityAction.Deny, Infrastructure = true)]
        // Set the RemotingConfiguration property.
    [SecurityPermissionAttribute(SecurityAction.Deny, RemotingConfiguration = true)]
        // Set the SerializationFormatter property.
    [SecurityPermissionAttribute(SecurityAction.Deny, SerializationFormatter = true)]
        // Set the SkipVerification property.
    [SecurityPermissionAttribute(SecurityAction.Deny, SkipVerification = true)]
        // Set the UnmanagedCode property.
    [SecurityPermissionAttribute(SecurityAction.Deny, UnmanagedCode = true)]

    public static void DenySecurityPermissions()
    {
        Console.WriteLine("Executing DenySecurityPermissions.");
        Console.WriteLine("Denied all permissions individually.");
        TestSecurityPermissions();
    }

    // This method demonstrates the use of SecurityPermissionFlag.AllFlags to deny all security permissions.
    [SecurityPermissionAttribute(SecurityAction.Deny, Flags = SecurityPermissionFlag.AllFlags)]
    public static void DenyAllSecurityPermissions()
    {
        Console.WriteLine("\nExecuting DenyAllSecurityPermissions.");
        Console.WriteLine("Denied all permissions using SecurityPermissionFlag.AllFlags.");
        TestSecurityPermissions();
    }

    // This method demonstrates the effect of not denying security permissions.
    public static void DoNotDenySecurityPermissions()
    {
        Console.WriteLine("\nExecuting DoNotDenySecurityPermissions.");
        Console.WriteLine("No permissions have been denied.");
        DemandSecurityPermissions();
    }

    public static void TestSecurityPermissions()
    {
        Console.WriteLine("\nExecuting TestSecurityPermissions.\n");
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Assertion);
            Console.WriteLine("Demanding SecurityPermissionFlag.Assertion");
            // This demand should cause an exception.
            sp.Demand();
            // The TestFailed method is called if an exception is not thrown.
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Assertion failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlAppDomain);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlAppDomain");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlAppDomain failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlDomainPolicy");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlDomainPolicy failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlEvidence);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlEvidence");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlEvidence failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlPolicy);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlPolicy");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPolicy failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlPrincipal);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlPrincipal");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPrincipal failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlThread);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlThread");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlThread failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Execution);
            Console.WriteLine("Demanding SecurityPermissionFlag.Execution");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Execution failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Infrastructure);
            Console.WriteLine("Demanding SecurityPermissionFlag.Infrastructure");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Infrastructure failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration);
            Console.WriteLine("Demanding SecurityPermissionFlag.RemotingConfiguration");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.RemotingConfiguration failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.SerializationFormatter);
            Console.WriteLine("Demanding SecurityPermissionFlag.SerializationFormatter");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.SerializationFormatter failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.SkipVerification);
            Console.WriteLine("Demanding SecurityPermissionFlag.SkipVerification");
            sp.Demand();
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.SkipVerification failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);
            Console.WriteLine("Demanding SecurityPermissionFlag.UnmanagedCode");
            // This demand should cause an exception.
            sp.Demand();
            // The TestFailed method is called if an exception is not thrown.
            TestFailed();
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.UnmanagedCode failed: " + e.Message);
        }
    }

    public static void TestFailed()
    {
        Console.WriteLine("In TestFailed method.");
        Console.WriteLine("Throwing an exception.");
        throw new Exception();
    }
    
    public static void DemandSecurityPermissions()
    {
        Console.WriteLine("\nExecuting DemandSecurityPermissions.\n");
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Assertion);
            Console.WriteLine("Demanding SecurityPermissionFlag.Assertion");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.Assertion succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Assertion failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlAppDomain);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlAppDomain");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlAppDomain succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlAppDomain failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlDomainPolicy");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlDomainPolicy succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlDomainPolicy failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlEvidence);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlEvidence");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlEvidence succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlEvidence failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlPolicy);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlPolicy");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPolicy succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPolicy failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlPrincipal);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlPrincipal");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPrincipal succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlPrincipal failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.ControlThread);
            Console.WriteLine("Demanding SecurityPermissionFlag.ControlThread");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlThread succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.ControlThread failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Execution);
            Console.WriteLine("Demanding SecurityPermissionFlag.Execution");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.Execution succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Execution failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.Infrastructure);
            Console.WriteLine("Demanding SecurityPermissionFlag.Infrastructure");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.Infrastructure succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.Infrastructure failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration);
            Console.WriteLine("Demanding SecurityPermissionFlag.RemotingConfiguration");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.RemotingConfiguration succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.RemotingConfiguration failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.SerializationFormatter);
            Console.WriteLine("Demanding SecurityPermissionFlag.SerializationFormatter");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.SerializationFormatter succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.SerializationFormatter failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.SkipVerification);
            Console.WriteLine("Demanding SecurityPermissionFlag.SkipVerification");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.SkipVerification succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.SkipVerification failed: " + e.Message);
        }
        try
        {
            SecurityPermission sp =
                new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);
            Console.WriteLine("Demanding SecurityPermissionFlag.UnmanagedCode");
            sp.Demand();
            Console.WriteLine("Demand for SecurityPermissionFlag.UnmanagedCode succeeded.");
        }
        catch (Exception e)
        {
            Console.WriteLine("Demand for SecurityPermissionFlag.UnmanagedCode failed: " + e.Message);
        }
    }

    static void Main(string[] args)
    {
        PermissionDemo();
    }
}

Remarks

Caution

Code Access Security (CAS) has been deprecated across all versions of .NET Framework and .NET. Recent versions of .NET do not honor CAS annotations and produce errors if CAS-related APIs are used. Developers should seek alternative means of accomplishing security tasks.

This enumeration is used by SecurityPermission.

Caution

Many of these flags are powerful and should only be granted to highly trusted code.

Applies to

Product Versions (Obsolete)
.NET Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1 (5, 6, 7, 8 (package-provided), 8, 9 (package-provided), 9)
.NET Framework 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 2.0, 2.1
Windows Desktop (5, 6, 7, 8, 9)

See also