How to: Import a Permission Set by Using an XML File

The XML file may contain a permission set (with or without a custom permission) that contains the permissions the application needs to run. You can import the permission set into security policy by using the .NET Framework Configuration Tool (Mscorcfg.msc) or by using the Code Access Security Policy Tool (Caspol.exe).

Adding a Custom Permission by Using the .NET Framework Configuration Tool

The following example shows a permission set and a permission inside an XML file.

<PermissionSet class="NamedPermissionSet" version="1"
  Name="MyPermissionSet"
  Description="Permission set containing my custom permission">
  <IPermission class="myCustomNamespace.CustomPermission, customPerm,
    Version=0.0.0.0, Culture=neutral, PublicKeyToken=64a85a7d791b1a32"
    version="1" Unrestricted="True"/>
</PermissionSet>

The <PermissionSet> element can contain any number of <IPermission> elements, which represent the permissions in the permission set. The class attribute usually contains the value "NamedPermissionSet" or "System.Security.NamedPermissionSet". The version attribute indicates the version of the .NET Framework. The Name attribute is the name of the permission set as it appears in the .NET Framework Configuration tool. The Description attribute provides a description of the permission set. You can modify both the Name and Description attributes.

Warning

Before you add the permission set to security policy, you might need to change the XML file so that the state of the permissions meets your needs. See the documentation for the application to learn about the specific attributes for the permission and how to change its state.

To import a permission set from an XML file by using Mscorcfg.msc

  1. In the .NET Framework 1.0 and 1.1, type the following at the command prompt: %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc. In the .NET Framework 2.0, start the SDK Command Prompt and type mscorcfg.msc.

    The user interface for the tool is displayed.

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level you want to add a permission set to.

  4. Right-click Permission Sets and select New.

  5. Click Import and select the XML file that contains the information about the permission set.

  6. Associate the permission set with a code group. For details, see Configuring Code Groups Using the .NET Framework Configuration Tool (Mscorcfg.msc).

Adding a Custom Permission by Using the Code Access Security Policy Tool

The Code Access Security Policy Tool (Caspol.exe) ships with the Windows Software Development Kit (SDK) and supports scripting to change security policy. You can use Caspol.exe to add new permission sets, but not to modify permission sets. If the XML file has only a permission — not a permission set — and you want to add the permission using Caspol.exe, you must wrap the permission in a permission set.

To add a permission set by using Caspol.exe

  • Type the following command at the command prompt:

    caspol {-enterprise|-machine|-user} -addpset xmlFile

    In this command, xmlFile is the name of the file that contains the permission set and the permission.

See Also

Reference

.NET Framework Configuration Tool (Mscorcfg.msc)

Code Access Security Policy Tool (Caspol.exe)

Other Resources

Security Policy Management

Importing Security Components Using XML Files