Udostępnij za pośrednictwem


How to: Add Custom Permissions to Security Policy

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

A custom permission is one that is provided with an application or library, rather than being provided by the .NET Framework. To be meaningful, a custom permission must be added to the security policy on the computer (or computers, in the case of a network) where the application using the permission runs.

You must describe the specifics of the custom permission you want to add to the .NET Framework security system when you add it your policy. A single permission can assume several forms that represent the right to access specific resources. For example, the custom permission might have the ability to provide restricted or unrestricted access to a resource. As an administrator, you have the ability to decide which type of access (restricted or unrestricted) the permission will represent. Therefore, you must describe the configuration that you want the permission to have to the .NET Framework security system. You do this by creating an XML representation of the configuration you want the custom permission to have and importing the XML into your security policy. (The .NET Framework security system uses XML to serialize permissions.) The publisher of the permission must either provide a tool to create the XML representation or provide instructions for creating the XML file. Usually, the XML representations of the permissions that make up your security policy are stored in the policy configuration files.

To add a custom permission to security policy

  1. Add the assembly implementing the custom permission to the global assembly cache and to the list of fully trusted assemblies.

  2. Create an XML file that represents the type of permission you want to create and assign to assemblies.

  3. Add the XML representation of the permission to the security policy by using either the .NET Framework Configuration tool (Mscorcfg.msc) or the Code Access Security Policy tool (Caspol.exe) .

For more information on adding custom permissions to your security policy, see Updating Security Policy.

See Also

Other Resources

General Security Policy Administration

Security Policy Best Practices