Permission Sets

So far in this chapter, we have discussed the power, use, and variety of permissions. However, if the same operation is to be performed on a group of permissions, it is inconvenient to type in the same thing for every permission. Permission sets eliminate this inconvenience.

The basic permission set class, System.Security.PermissionSet , is essentially just a group of permissions. For the benefit of security policy, there is another class, System.Security.NamedPermissionSet , that adds a name and description to the collection. The name gives the ability to uniquely tag and identify certain permission sets.

All of the security actions mentioned earlier can also be done with permission sets. For instance, if you want your code to demand multiple permissions, you should first create a permission set containing all the desired permissions. Then you can call the Demand method on the permission set. This is more efficient. You can also cache permission sets to reduce the number of changes needed in code that uses these permission sets.

As shown in Listing 6.1, permission sets can be represented in XML. XML representations of permission sets are used by several security tools, including the .NET Framework Configuration tool and Caspol. These tools are discussed in Chapter 18, "Administering Security Policy Using the .NET Framework Configuration Tool," and Chapter 19, "Administering .NET Framework Security Policy Using Scripts and Security APIs." Listing 6.2 shows how you can easily generate XML from a permission set.

Listing 6.2 Creating an XML Representation of a Permission Set

 PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new UIPermission(PermissionState.Unrestricted)); ps.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, @"C:\temp\test.txt")); Console.WriteLine(ps.ToString());