Programming .NET Security by Adam Freeman, Allen Jones

The System.Security.Permissions namespace contains permission classes and their attribute counterparts. Permissions are the mechanism through which the .NET runtime enforces code-access security. Most commonly, code uses permissions to protect access to its important functionality and resources by making security demands. A security demand raises a System.Security.SecurityException if the grant set of the calling code (and all previous callers on the call stack) does not include a permission equivalent to the one demanded. Other security operations include link demands, inheritance demands, stack walk overrides, and permission requests.

There are two ways to express security statements in code: imperative syntax and declarative syntax. Imperative syntax uses the methods of permission objects whereas declarative syntax involves the application of permission attributes to code elements, such as assemblies, classes, and methods. Permission attributes result in the instantiation and use of permission objects, but this is handled by the runtime and is transparent to both the programmer and user.

All permission classes implement the System.Security.IPermission interface, which defines the basic functionality all permissions must implement to integrate with the runtime’s code-access security mechanisms. However, there are three distinct categories of permissions defined in the System.Security.Permissions namespace: code-access permissions, ...