SecurityActionECMA 1.0, serializable

System.Security.Permissions (mscorlib.dll)enum
public enum SecurityAction {
   Demand = 2,Assert = 3,Deny = 4,PermitOnly = 5,LinkDemand = 6,InheritanceDemand = 7,
        RequestMinimum = 8,RequestOptional = 9,RequestRefuse = 10

The SecurityAction enumeration contains values that represent the different declarative security statements. Every permission attribute class derived from the CodeAccessSecurityAttribute class defines a constructor that takes a value of the SecurityAction enumeration as an argument. The value of the SecurityAction argument identifies the action that the declarative security statement performs, and determines the program elements that are valid targets for the security attribute. The nine values of the SecurityAction enumeration fall into three categories: security demands, permission requests, and stack overrides. Declarative security demands and stack overrides can be applied to classes and functional members (i.e., methods, properties, and events), whereas permission requests are valid only at the assembly level.

The security demands include the values Demand, InheritanceDemand, and LinkDemand. Demand initiates a security demand, which will result in a stack walk when used with an attribute whose permission counterpart implements the System.Security.IStackWalk interfaces. This includes all code-access and identity permissions, but not PrincipalPermission, which only implements the System.Security.IPermission interface. The InheritanceDemand and LinkDemand statements have no imperative syntax equivalent. InheritanceDemand ensures that code trying to inherit a class or override a member has the demanded permission. LinkDemand ensures that the immediate calling code has the demanded permission, without invoking a stack walk.

The permission request statements also have no imperative statement equivalent, and include the values RequestMinimum, RequestOptional, and RequestRefuse. Permission requests provide a mechanism for assemblies to communicate details to the runtime and security administrators about the permissions they do and do not need. RequestMinimum specifies a set of permissions that the runtime must grant to an assembly in order for it to function correctly. After the runtime resolves the permissions for an assembly, if the grant set does not contain all of the requested permissions, then the runtime will throw a System.Security.Policy.PolicyException and will not load the assembly. The RequestOptional statement defines the maximum set of permissions that the runtime should grant to an assembly regardless of security policy. This is often used to specify a set of nonessential permissions that can be used if granted. The RequestRefuse statement specifies the set of permissions that the runtime should never grant to the assembly. RequestRefuse ensures code can never by granted permissions that it does not need, and so cannot be used by malicious code as a gateway to access secured actions or resources.

The stack override valuesAssert, Deny, and PermitOnlyhave the same effect as the methods of the same name defined in the System.Security.IStackWalk interface.


System.Object System.ValueType System.Enum(System.IComparable, System.IFormattable, System.IConvertible) SecurityAction

Returned By


Passed To

Multiple types

    Part V: API Quick Reference