A named permission set is a set of permissions that security administrators associate with code groups-in other words, a group of permissions given a unique name. A named permission set consists of one or more permissions and a name and description for the permission set. Administrators can establish or modify the security policy for code groups by using named permission sets. Of course, more than one code group can be associated with the same named permission set.
The .NET Security Framework has built-in named permission sets that the system administrator cannot modify. The administrator can create custom named permission sets and modify security policy to use these customized sets in lieu of the built-in ones. When naming the custom permission sets, you must ensure that the names do not conflict with those of the built-ins.
The CLR provides the following permission set flags:
- Nothing-gives no permissions or prevents code from running.
- Execution-gives permission to run or execute but does not give permission to use protected resources.
- Internet-the default policy permission set for content from unknown origin.
- LocalIntranet-the default policy permission set within an enterprise.
- Everything-gives all standard built-in permissions but does not include permission to skip verification.
- FullTrust-gives full access to all resources protected by permissions. It can be unrestricted.
You can modify only the Internet, LocalInternet, and Everything permission sets.
Listing 20.1 contains code extracted from a typical policy configuration file that sets Internet permissions, the default rights given to Internet applications.
Listing 20.1: Internet Permission Set
<PermissionSet class="NamedPermissionSet"
version="1"
Name="Internet"
Description="Default rights given to internet applications">
<IPermission class="FileDialogPermission"
version="1"
Access="Open"/>
<IPermission class="IsolatedStorageFilePermission"
version="1"
Allowed="DomainIsolationByUser"
UserQuota="10240"/>
<IPermission class="SecurityPermission"
version="1"
Flags="Execution"/>
<IPermission class="UIPermission"
version="1"
Window="SafeTopLevelWindows"
Clipboard="OwnClipboard"/>
<IPermission class="PrintingPermission"
version="1"
Level="SafePrinting"/>
</PermissionSet>
Listing 20.2 generates output that lists all known policy levels and named permission sets at all policy levels.
Listing 20.2: Output Named Permission Sets Imports System.Collections
Imports System.Security
Imports System.Security.Policy
Module Module1
Class testsecurity
Shared Sub Main(ByVal args As String())
Dim ienum1 As IEnumerator = SecurityManager.PolicyHierarchy()
While ienum1.MoveNext()
Dim pol As PolicyLevel = DirectCast(ienum1.Current, PolicyLevel)
Console.WriteLine(pol.Label)
Dim ienum2 As IEnumerator = pol.NamedPermissionSets.GetEnumerator()
While ienum2.MoveNext()
Dim permset As NamedPermissionSet = DirectCast(ienum2.Current, NamedPermissionSet)
Console.WriteLine(permset.Name & ", " & permset.Description)
End While
End While
Console.ReadLine()
End Sub
End Class
End Module
OUTPUT:
Hope this article would have helped you in understanding a named permission set in VB.NET.