FileIOPermission Class

Definition

Caution

Code Access Security is not supported or honored by the runtime.

Controls the ability to access files and folders. This class cannot be inherited.

public ref class FileIOPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
[System.Serializable]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public sealed class FileIOPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
[<System.Serializable>]
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type FileIOPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class FileIOPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
Inheritance
FileIOPermission
Attributes
Implements

Examples

The following examples illustrate code that uses FileIOPermission. After the following two lines of code, the object f represents permission to read all files on the client computer's local disks. The code example then demands the permission to determine whether the application has permission to read the files.

FileIOPermission^ f = gcnew FileIOPermission( PermissionState::None );
f->AllLocalFiles = FileIOPermissionAccess::Read;
try
{
    f->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
try
{
    f.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f As New FileIOPermission(PermissionState.None)
f.AllLocalFiles = FileIOPermissionAccess.Read
Try
    f.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

After the following two lines of code, the object f2 represents permissions to read C:\test_r and read and write to C:\example\out.txt. Read and Write represent the file/folder permissions as previously described. After creating the permission, the code demands the permission to determine whether the application has the right to read and write to the file.

FileIOPermission^ f2 = gcnew FileIOPermission( FileIOPermissionAccess::Read,"C:\\test_r" );
f2->AddPathList( (FileIOPermissionAccess) (FileIOPermissionAccess::Write | FileIOPermissionAccess::Read), "C:\\example\\out.txt" );
try
{
    f2->Demand();
}
catch (SecurityException^ s)
{
    Console::WriteLine(s->Message);
}
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\test_r");
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, "C:\\example\\out.txt");
try
{
    f2.Demand();
}
catch (SecurityException s)
{
    Console.WriteLine(s.Message);
}
Dim f2 As New FileIOPermission(FileIOPermissionAccess.Read, "C:\test_r")
f2.AddPathList(FileIOPermissionAccess.Write Or FileIOPermissionAccess.Read, "C:\example\out.txt")
Try
    f2.Demand()
Catch s As SecurityException
    Console.WriteLine(s.Message)
End Try

Remarks

Caution

Code Access Security (CAS) has been deprecated across all versions of .NET Framework and .NET. Recent versions of .NET do not honor CAS annotations and produce errors if CAS-related APIs are used. Developers should seek alternative means of accomplishing security tasks.

This permission distinguishes between the following four types of file IO access provided by FileIOPermissionAccess:

  • Read: Read access to the contents of the file or access to information about the file, such as its length or last modification time.

  • Write: Write access to the contents of the file or access to change information about the file, such as its name. Also allows for deletion and overwriting.

  • Append: Ability to write to the end of a file only. No ability to read.

  • PathDiscovery: Access to the information in the path itself. This helps protect sensitive information in the path, such as user names, as well as information about the directory structure that is revealed in the path. This value does not grant access to files or folders represented by the path.

Note

Giving Write access to an assembly is similar to granting it full trust. If an application should not write to the file system, it should not have Write access.

All these permissions are independent, meaning that rights to one do not imply rights to another. For example, Write permission does not imply permission to Read or Append. If more than one permission is desired, they can be combined using a bitwise OR as shown in the code example that follows. File permission is defined in terms of canonical absolute paths; calls should always be made with canonical file paths.

FileIOPermission describes protected operations on files and folders. The File class helps provide secure access to files and folders. The security access check is performed when the handle to the file is created. By doing the check at creation time, the performance impact of the security check is minimized. Opening a file happens once, while reading and writing can happen multiple times. Once the file is opened, no further checks are done. If the object is passed to an untrusted caller, it can be misused. For example, file handles should not be stored in public global statics where code with less permission can access them.

FileIOPermissionAccess specifies actions that can be performed on the file or folder. In addition, these actions can be combined using a bitwise OR to form complex instances.

Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

Note

In versions of the .NET Framework before the .NET Framework 4, you could use the CodeAccessPermission.Deny method to prevent inadvertent access to system resources by trusted code. Deny is now obsolete, and access to resources is now determined solely by the granted permission set for an assembly. To limit access to files, you must run partially trusted code in a sandbox and assign it permissions only to resources that the code is allowed to access. For information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

Constructors

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String)

Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, AccessControlActions, String[])

Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories and the specified access rights to file control information.

FileIOPermission(FileIOPermissionAccess, String)

Initializes a new instance of the FileIOPermission class with the specified access to the designated file or directory.

FileIOPermission(FileIOPermissionAccess, String[])

Initializes a new instance of the FileIOPermission class with the specified access to the designated files and directories.

FileIOPermission(PermissionState)

Initializes a new instance of the FileIOPermission class with fully restricted or unrestricted permission as specified.

Properties

AllFiles

Gets or sets the permitted access to all files.

AllLocalFiles

Gets or sets the permitted access to all local files.

Methods

AddPathList(FileIOPermissionAccess, String)

Adds access for the specified file or directory to the existing state of the permission.

AddPathList(FileIOPermissionAccess, String[])

Adds access for the specified files and directories to the existing state of the permission.

Assert()

Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using Assert() can create security issues.

(Inherited from CodeAccessPermission)
Copy()

Creates and returns an identical copy of the current permission.

Demand()

Forces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(Inherited from CodeAccessPermission)
Deny()
Obsolete.
Obsolete.

Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(Inherited from CodeAccessPermission)
Equals(Object)

Determines whether the specified FileIOPermission object is equal to the current FileIOPermission.

Equals(Object)

Determines whether the specified CodeAccessPermission object is equal to the current CodeAccessPermission.

(Inherited from CodeAccessPermission)
FromXml(SecurityElement)

Reconstructs a permission with a specified state from an XML encoding.

GetHashCode()

Gets a hash code for the FileIOPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

GetHashCode()

Gets a hash code for the CodeAccessPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

(Inherited from CodeAccessPermission)
GetPathList(FileIOPermissionAccess)

Gets all files and directories with the specified FileIOPermissionAccess.

GetType()

Gets the Type of the current instance.

(Inherited from Object)
Intersect(IPermission)

Creates and returns a permission that is the intersection of the current permission and the specified permission.

IsSubsetOf(IPermission)

Determines whether the current permission is a subset of the specified permission.

IsUnrestricted()

Returns a value indicating whether the current permission is unrestricted.

MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
PermitOnly()

Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(Inherited from CodeAccessPermission)
SetPathList(FileIOPermissionAccess, String)

Sets the specified access to the specified file or directory, replacing the existing state of the permission.

SetPathList(FileIOPermissionAccess, String[])

Sets the specified access to the specified files and directories, replacing the current state for the specified access with the new set of paths.

ToString()

Creates and returns a string representation of the current permission object.

(Inherited from CodeAccessPermission)
ToXml()

Creates an XML encoding of the permission and its current state.

Union(IPermission)

Creates a permission that is the union of the current permission and the specified permission.

Applies to

See also