public enum SecurityAction {
Demand = 2,Assert = 3,Deny = 4,PermitOnly = 5,LinkDemand = 6,InheritanceDemand = 7,
RequestMinimum = 8,RequestOptional = 9,RequestRefuse = 10
}
The SecurityAction enumeration contains values
that represent the different declarative security statements. Every
permission attribute class derived from the
CodeAccessSecurityAttribute class defines a
constructor that takes a value of the
SecurityAction enumeration as an argument. The
value of the SecurityAction argument identifies
the action that the declarative security statement performs, and
determines the program elements that are valid targets for the
security attribute. The nine values of the
SecurityAction enumeration fall into three
categories: security demands, permission requests, and stack
overrides. Declarative security demands and stack overrides can be
applied to classes and functional members (i.e., methods, properties,
and events), whereas permission requests are valid only at the
assembly level.
The security demands include the values Demand,
InheritanceDemand, and
LinkDemand. Demand initiates a
security demand, which will result in a stack walk when used with an
attribute whose permission counterpart implements the
System.Security.IStackWalk interfaces. This
includes all code-access and identity permissions, but not
PrincipalPermission, which only implements the
System.Security.IPermission interface. The
InheritanceDemand and
LinkDemand statements have no imperative syntax
equivalent. InheritanceDemand ensures that code
trying to inherit a class or override a member has the demanded
permission. LinkDemand ensures that the immediate
calling code has the demanded permission, without invoking a stack
walk.
The permission request statements also have no imperative statement
equivalent, and include the values RequestMinimum,
RequestOptional, and
RequestRefuse. Permission requests provide a
mechanism for assemblies to communicate details to the runtime and
security administrators about the permissions they do and do not
need. RequestMinimum specifies a set of
permissions that the runtime must grant to an assembly in order for
it to function correctly. After the runtime resolves the permissions
for an assembly, if the grant set does not contain all of the
requested permissions, then the runtime will throw a
System.Security.Policy.PolicyException and will
not load the assembly. The RequestOptional
statement defines the maximum set of permissions that the runtime
should grant to an assembly regardless of security policy. This is
often used to specify a set of nonessential permissions that can be
used if granted. The RequestRefuse statement
specifies the set of permissions that the runtime should never grant
to the assembly. RequestRefuse ensures code can
never by granted permissions that it does not need, and so cannot be
used by malicious code as a gateway to access secured actions or
resources.
The stack override values—Assert,
Deny, and PermitOnly—have
the same effect as the methods of the same name defined in the
System.Security.IStackWalk interface.
System.ValueType