public sealed class SecurityManager { // Public Static Properties public static bool CheckExecutionRights{set; get; } public static bool SecurityEnabled{set; get; } // Public Static Methods public static bool IsGranted(IPermission perm); public static PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type); public static PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type); public static IEnumerator PolicyHierarchy( ); public static PermissionSet ResolvePolicy(System.Security.Policy.Evidence evidence); public static PermissionSet ResolvePolicy(System.Security.Policy.Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied); public static IEnumerator ResolvePolicyGroups(System.Security.Policy.Evidence evidence); public static void SavePolicy( ); public static void SavePolicyLevel(System.Security.Policy.PolicyLevel level); } This class contains a set of static members that provide access to critical security system functionality and data. It is the principal access point for code needing to manipulate security policy programmatically, providing access to the active policy levels and allowing code to load and save policy levels.
SecurityEnabled is a master switch for all code-access security; setting it to false turns off all code-access and identity permission checks, but does not affect role-based security. CheckExecutionRights controls whether the runtime checks to ensure code has the System.Security.Permissions.SecurityPermissionFlag.Execution permission from the System.Security.Permissions.SecurityPermission class.
Though it is not possible to drive the runtime's policy resolution process programmatically, the ResolvePolicy( ) and ResolvePolicyGroups( ) methods simulate the policy resolution process to resolve the permissions and code groups for a specified System.Security.Policy.Evidence collection. The IsGranted( ) method is a lightweight method for testing to see if the current code has been granted a specified permission, but is not a suitable substitute for the IPermission.Demand( ) or IStackWalk.Demand( ) methods for the general enforcement of code-access security.
