When you design and build secure assemblies, you must be able to identify privileged code. This has important implications for code access security. Privileged code is managed code that accesses secured resources or performs other security-sensitive operations, such as calling unmanaged code, using serialization, or using reflection. Privileged code is privileged because code access security must grant it specific permissions before it can function.
Privileged resources for which your code requires specific code access security permissions are shown in the Table 8.1.
Secure Resource | Requires Permission | ||
---|---|---|---|
Data access |
Note | The ADO.NET OLE DB and Oracle-managed providers currently require full trust. |
Directory services
DirectoryServicesPermission
DNS databases
DnsPermission
Event log
EventLogPermission
Environment variables
EnvironmentPermission
File system
FileIOPermission
Isolated storage
IsolatedStoragePermission
Message queues
MessageQueuePermission
Performance counters
PerformanceCounterPermission
Printers
PrinterPermission
Registry
RegistryPermission
Sockets
SocketPermission
Web services (and other HTTP Internet resources)
WebPermission
Privileged operations are shown in Table 8.2, together with the associated permissions that calling code requires.
Operation | Requires Permission |
---|---|
Creating and controlling application domains | SecurityPermission with SecurityPermissionFlag.ControlAppDomain |
Specifying policy application domains | SecurityPermission with SecurityPermissionFlag.ControlDomainPolicy |
Asserting security permissions | SecurityPermission with SecurityPermissionFlag.Assertion |
Creating and manipulating evidence | SecurityPermission with SecurityPermissionFlag.ControlEvidence |
Creating and manipulating principal objects | SecurityPermission with SecurityPermissionFlag.ControlPrincipal |
Configuring types and channels remoting | SecurityPermission with SecurityPermissionFlag.RemotingConfiguration |
Manipulating security policy | SecurityPermission with SecurityPermissionFlag.ControlPolicy |
Serialization | SecurityPermission with SecurityPermissionFlag.SerializationFormatter |
Threading operations | SecurityPermission with SecurityPermissionFlag.ControlThread |
Reflection | ReflectionPermission |
Calling unmanaged code | SecurityPermission with SecurityPermissionFlag.UnmanagedCode |