Chapter 6. Permissions: The Workhorse of Code Access Security
By Matthew Lyons
IN THIS CHAPTER
So far we have covered the difference between user identity and code identity, and we have examined in detail how code identity is constructed using evidence. Identity by itself isn't enough, though. The only thing that evidence provides is authentication—a way to ensure that we have identified a piece of code. What we are still missing is a set of privileges and an authorization mechanism to map identities to those privileges. This chapter will cover the privileges, or permissions, in .NET terminology.
Roughly speaking, a permission is a fine-grained privilege that can be given to .NET code. If the .NET code is not given a certain privilege, it cannot perform an action that requires that privilege. For example, it is considered a privilege for .NET code to write to the file system. If code is not granted a permission for this, trying to write to the file system will generate a security error. No privileges are automatically granted to code.
This chapter will cover the following aspects of permissions:
Types of permissions and their corresponding classes
How permissions are used for authorization in the .NET Framework
The set of permission classes built into the .NET Framework
Permission sets and their purpose