Udostępnij za pośrednictwem


Code Access Security Basics

Every application that targets the common language runtime must interact with the runtime's security system. When an application executes, it is automatically evaluated and given a set of permissions by the runtime. Depending on the permissions that the application receives, it either runs properly or generates a security exception. The local security settings on a particular computer ultimately decide which permissions code receives. Because these settings can change from computer to computer, you can never be sure that your code will receive sufficient permissions to run. This is in contrast to the world of unmanaged development, in which you do not have to worry about your code's permission to run.

Every developer must be familiar with the following code access security concepts in order to write effective applications targeting the common language runtime:

  • Writing type-safe code: To enable code to benefit from code access security, you must use a compiler that generates verifiably type-safe code. For more information, see Writing Verifiably Type-Safe Code.

  • Imperative and declarative syntax: Interaction with the runtime security system is performed using imperative and declarative security calls. Declarative calls are performed using attributes; imperative calls are performed using new instances of classes within your code. Some calls can be performed only imperatively, while others can be performed only declaratively. Some calls can be performed in either manner. For more information, see Security Syntax.

  • Requesting permissions for your code: Requests are applied to the assembly scope, where your code informs the runtime about permissions that it either needs to run or specifically does not want. Security requests are evaluated by the runtime when your code is loaded into memory. Requests cannot influence the runtime to give your code more permissions than the runtime would have given your code had the request not been made. However, requests are what your code uses to inform the runtime about the permissions it requires in order to run. For more information, see Requesting Permissions.

  • Using secure class libraries: Your class libraries use code access security to specify the permissions they require in order to be accessed. You should be aware of the permissions required to access any library that your code uses and make appropriate requests in your code. For more information, see Using Secure Class Libraries.

See Also

Concepts

Writing Verifiably Type-Safe Code

Security Syntax

Requesting Permissions

Using Secure Class Libraries

Other Resources

Code Access Security