Declarative Code Access Permissions
Earlier, we saw how to use imperative CAS: We created an instance of a CodeAccessPermission-derived class, such as UrlIdentityPermission, and then called its Deny method to restrict the associated action. It is also possible to accomplish this declaratively using CodeAccessSecurityAttribute-derived classes. We will see this shortly, using UrlIdentityPermissionAttribute.
The main difference with attributes is that we do not normally instantiate the attribute class in the imperative way using the new operator. Instead, we apply the attribute to the target assembly, class, or method, using square bracket declaration syntax. The other difference is that the information declared by a security attribute is stored ...
Get .NET Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
