Further Information Regarding Demand and Assert

You should follow some simple guidelines when building applications requiring the Demand and Assert methods. Your code should assert one or more permissions when it performs a privileged yet safe operation and you don t require callers to have that permission. Note that your code must have the permission being asserted and SecurityPermissionFlag.Assertion, which is the right to assert.

For example, if you assert FileIOPermission, your code must be granted FileIOPermission but any code calling you does not require the permission. If you assert FileIOPermission and your code has not been granted the permission, an exception is raised.

As mentioned, your code should use the Demand method to demand one or more permissions when you require that callers have the permission. For example, say your application uses e-mail to send notifications to others, and your code has defined a custom permission named EmailAlertPermission. When your code is called, you can demand the permission of all your callers. If any caller does not have EmailAlertPermission, the request fails.


	For performance reasons, do not demand permissions if you call code that also makes the same demands. Doing so will simply cause extra stack-walks. For example, there s no need to demand EnvironmentPermission when calling Environment.GetEnvironmentVariable, because the .NET Framework does this for you.

It is feasible to write code that makes asserts and demands. For example, using the e-mail scenario above, the code that interfaces directly with the e-mail subsystem might demand that all callers have EmailAlertPermission (your custom permission). Then, when it writes the e-mail message to the SMTP port, it might assert SocketPermission. In this scenario, your callers can use your code for sending e-mail, but they do not require the ability to send data to arbitrary ports, which the SocketPermission allows.

Note that once you have completed the task that required the special asserted permission you should call CodeAccessPermission.RevertAssert to disable the assert. This is an example of least privilege; you used the permission only for the duration required.

The following sample C# code outlines how asserting and demanding can be combined to send e-mail alerts:

using System; using System.Net; using System.Security; using System.Security.Permissions; // Code fragment only; no class or namespace included. static void SendAlert(string alert) { // Demand caller can send e-mail. new EMailAlertPermission( EmailAlertPermission.Send).Demand(); // Code will open a specific port on a specific SMTP server. NetworkAccess na = NetworkAccess.Connect; TransportType t = TransportType.Tcp; string host = mail.northwindtraders.com"; int port = 25; new SocketPermission(na, t, host, port).Assert(); try { SendAlertTo(host, port, alert); } finally { CodeAccessPermission.RevertAssert(); } }