NetCodeGroup Class

Definition

Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.

public ref class NetCodeGroup sealed : System::Security::Policy::CodeGroup
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public sealed class NetCodeGroup : System.Security.Policy.CodeGroup
type NetCodeGroup = class
    inherit CodeGroup
Public NotInheritable Class NetCodeGroup
Inherits CodeGroup
Inheritance
NetCodeGroup
Attributes

Examples

The following code example demonstrates creating a NetCodeGroup and adding CodeConnectAccess objects for code downloaded using the HTTP scheme.


static void SetNetCodeGroupAccess()
{
    String^ userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel^ level = nullptr;
    System::Collections::IEnumerator^ ph = 
        System::Security::SecurityManager::PolicyHierarchy();
    while(ph->MoveNext())
    {
        level = (PolicyLevel^)ph->Current;
        if (level->Label == userPolicyLevel)
        {
            break;       
        }
    }
    if (level->Label != userPolicyLevel)
        throw gcnew ApplicationException("Could not find User policy level.");

    IMembershipCondition^ membership =
        gcnew UrlMembershipCondition("http://www.contoso.com/*");
    NetCodeGroup^ codeGroup = gcnew NetCodeGroup(membership);
    // Delete default settings.
    codeGroup->ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and 
    // default port.
    CodeConnectAccess^ CodeAccessFtp = 
        gcnew CodeConnectAccess(Uri::UriSchemeFtp, 
        CodeConnectAccess::DefaultPort);
    // Create an object that represents access to the HTTPS scheme 
    // and default port.
    CodeConnectAccess^ CodeAccessHttps = 
        gcnew CodeConnectAccess(Uri::UriSchemeHttps, 
        CodeConnectAccess::DefaultPort);
    // Create an object that represents access to the origin 
    // scheme and port.
    CodeConnectAccess^ CodeAccessOrigin = 
        CodeConnectAccess::CreateOriginSchemeAccess
        (CodeConnectAccess::OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessFtp);
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessHttps);
    codeGroup->AddConnectAccess(Uri::UriSchemeHttp, CodeAccessOrigin);
    // Provide name and description information for caspol.exe tool.
    codeGroup->Name = "ContosoHttpCodeGroup";
    codeGroup->Description = "Code originating from contoso.com can" +
        " connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level->RootCodeGroup->AddChild(codeGroup);
    // Save the changes to the policy level.
    System::Security::SecurityManager::SavePolicy();
}
public static void SetNetCodeGroupAccess()
{
    const string userPolicyLevel = "User";
    // Locate the User policy level.
    PolicyLevel level = null;
    System.Collections.IEnumerator ph = 
        System.Security.SecurityManager.PolicyHierarchy();
    while(ph.MoveNext())
    {
        level = (PolicyLevel)ph.Current;
        if( level.Label == userPolicyLevel )
        {
            break;
        }
    }
    if (level.Label != userPolicyLevel)
        throw new ApplicationException("Could not find User policy level.");

    IMembershipCondition membership =
        new UrlMembershipCondition(@"http://www.contoso.com/*");
    NetCodeGroup codeGroup = new NetCodeGroup(membership);
    // Delete default settings.
    codeGroup.ResetConnectAccess();
    // Create an object that represents access to the FTP scheme and default port.
    CodeConnectAccess a1 = new CodeConnectAccess(Uri.UriSchemeFtp, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the HTTPS scheme and default port.
    CodeConnectAccess a2 = new CodeConnectAccess(Uri.UriSchemeHttps, CodeConnectAccess.DefaultPort);
    // Create an object that represents access to the origin scheme and port.
    CodeConnectAccess a3 = CodeConnectAccess.CreateOriginSchemeAccess(CodeConnectAccess.OriginPort);
    // Add connection access objects to the NetCodeGroup object.
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a1);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a2);
    codeGroup.AddConnectAccess(Uri.UriSchemeHttp, a3);
    // Provide name and description information for caspol.exe tool.
    codeGroup.Name = "ContosoHttpCodeGroup";
    codeGroup.Description = "Code originating from contoso.com can connect back using the FTP or HTTPS.";
    // Add the code group to the User policy's root node.
    level.RootCodeGroup.AddChild(codeGroup);
    // Save the changes to the policy level.
    System.Security.SecurityManager.SavePolicy();
}

Remarks

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have one or more child code groups. Each child code group can have its own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to the group, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly, along with their child code groups, apply code access security policy.

NetCodeGroup has the same merge semantics as that of UnionCodeGroup; it forms the union of the PolicyStatement objects of all matching child code groups and the PolicyStatement it generates from the input Url evidence. However, NetCodeGroup returns a permission containing a dynamically calculated WebPermission that grants connect access to the site from which the code is run; UnionCodeGroup simply returns a static permission set.

When a NetCodeGroup is created, it contains the default connection access rules shown in the following table.

URI Scheme Rule
file No connection access to the origin server is permitted.
http HTTP and HTTPS access is permitted using the origin port.
https HTTPS access is permitted using the origin port.

You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a CodeConnectAccess object with the appropriate Scheme and Port property values to the AddConnectAccess method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying AbsentOriginScheme ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying AnyOtherOriginScheme ("*") as the scheme.

Note

If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site.

Constructors

NetCodeGroup(IMembershipCondition)

Initializes a new instance of the NetCodeGroup class.

Fields

AbsentOriginScheme

Contains a value used to specify connection access for code with an unknown or unrecognized origin scheme.

AnyOtherOriginScheme

Contains a value used to specify any other unspecified origin scheme.

Properties

AttributeString

Gets a string representation of the attributes of the policy statement for the code group.

Children

Gets or sets an ordered list of the child code groups of a code group.

(Inherited from CodeGroup)
Description

Gets or sets the description of the code group.

(Inherited from CodeGroup)
MembershipCondition

Gets or sets the code group's membership condition.

(Inherited from CodeGroup)
MergeLogic

Gets the logic to use for merging groups.

Name

Gets or sets the name of the code group.

(Inherited from CodeGroup)
PermissionSetName

Gets the name of the NamedPermissionSet for the code group.

PolicyStatement

Gets or sets the policy statement associated with the code group.

(Inherited from CodeGroup)

Methods

AddChild(CodeGroup)

Adds a child code group to the current code group.

(Inherited from CodeGroup)
AddConnectAccess(String, CodeConnectAccess)

Adds the specified connection access to the current code group.

Copy()

Makes a deep copy of the current code group.

CreateXml(SecurityElement, PolicyLevel)

When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement.

(Inherited from CodeGroup)
Equals(CodeGroup, Boolean)

Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified.

(Inherited from CodeGroup)
Equals(Object)

Determines whether the specified code group is equivalent to the current code group.

FromXml(SecurityElement)

Reconstructs a security object with a given state from an XML encoding.

(Inherited from CodeGroup)
FromXml(SecurityElement, PolicyLevel)

Reconstructs a security object with a given state and policy level from an XML encoding.

(Inherited from CodeGroup)
GetConnectAccessRules()

Gets the connection access information for the current code group.

GetHashCode()

Gets the hash code of the current code group.

GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ParseXml(SecurityElement, PolicyLevel)

When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement.

(Inherited from CodeGroup)
RemoveChild(CodeGroup)

Removes the specified child code group.

(Inherited from CodeGroup)
ResetConnectAccess()

Removes all connection access information for the current code group.

Resolve(Evidence)

Resolves policy for the code group and its descendants for a set of evidence.

ResolveMatchingCodeGroups(Evidence)

Resolves matching code groups.

ToString()

Returns a string that represents the current object.

(Inherited from Object)
ToXml()

Creates an XML encoding of the security object and its current state.

(Inherited from CodeGroup)
ToXml(PolicyLevel)

Creates an XML encoding of the security object, its current state, and the policy level within which the code exists.

(Inherited from CodeGroup)

Applies to