diff --git a/xml/System.Security/AllowPartiallyTrustedCallersAttribute.xml b/xml/System.Security/AllowPartiallyTrustedCallersAttribute.xml index 6a9b03b60a6..de93aca4710 100644 --- a/xml/System.Security/AllowPartiallyTrustedCallersAttribute.xml +++ b/xml/System.Security/AllowPartiallyTrustedCallersAttribute.xml @@ -60,31 +60,7 @@ ## Remarks > [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. - -> [!NOTE] -> The .NET Framework 4 introduces new security rules that affect the behavior of the attribute (see [Security-Transparent Code, Level 2](/dotnet/framework/misc/security-transparent-code-level-2)). In the .NET Framework 4, all code defaults to security-transparent, that is, partially trusted. However, you can annotate individual types and members to assign them other transparency attributes. For this and other security changes, see [Security Changes](/dotnet/framework/security/security-changes). - - .NET Framework version 2.0 () assemblies must be strong-named to effectively use the (APTCA) attribute. .NET Framework 4 () assemblies do not have to be strong-named for the APTCA attribute to be effective, and they can contain transparent, security-critical and security-safe-critical code. For more information about applying attributes at the assembly level, see [Applying Attributes](/dotnet/standard/attributes/applying-attributes). - - By default, if a strong-named, assembly does not explicitly apply this attribute at the assembly level, it can be called only by other assemblies that are granted full trust. This restriction is enforced by placing a for `FullTrust` on every public or protected method on every publicly accessible class in the assembly. Assemblies that are intended to be called by partially trusted code can declare their intent through the use of . An example of the declaration in C# is `[assembly:AllowPartiallyTrustedCallers]`; an example in Visual Basic is ``. - -> [!CAUTION] -> The presence of this assembly-level attribute prevents the default behavior of placing `FullTrust` security checks, and makes the assembly callable from any other (partially or fully trusted) assembly. - - When the APTCA attribute is present, all other security checks function as intended, including any class-level or method-level declarative security attributes that are present. This attribute blocks only the implicit, fully trusted caller demand. - - This is not a declarative security attribute, but a regular attribute (it derives from , not from ). - - For more information, see [Using Libraries from Partially Trusted Code](/dotnet/framework/misc/using-libraries-from-partially-trusted-code). - - - -## Examples - The following example shows how to use the class. - - :::code language="csharp" source="~/snippets/csharp/System.Security/AllowPartiallyTrustedCallersAttribute/Overview/AllowPartiallyTrustedCallersAttribute.cs" id="Snippet1"::: - :::code language="vb" source="~/snippets/visualbasic/System.Security/AllowPartiallyTrustedCallersAttribute/Overview/allowpartiallytrustedcallersattribute.vb" id="Snippet1"::: +> Partially trusted code is no longer supported. This attribute has no effect in modern .NET. ]]> @@ -126,19 +102,7 @@ Initializes a new instance of the class. - - class. - - ]]> - + To be added. @@ -178,38 +142,7 @@ Gets or sets the default partial trust visibility for code that is marked with the (APTCA) attribute. One of the enumeration values. The default is . - - . - -- Explicit, unconditional APTCA: - - ``` - [assembly: AllowPartiallyTrustedCallers(PartialTrustVisibilityLevel=VisibleToAllHosts)] - ``` - - The assembly can always be called by partial-trust code. - -- Explicit, conditional APTCA: - - ``` - [assembly: AllowPartiallyTrustedCallers(PartialTrustVisibilityLevel=NotVisibleByDefault)] - ``` - - The assembly has been audited for partial trust, but it is not visible to partial-trust code by default. To make the assembly visible to partial-trust code, add it to the property. - - ]]> - + To be added. diff --git a/xml/System.Security/CodeAccessPermission.xml b/xml/System.Security/CodeAccessPermission.xml index a858b2d4460..12865399688 100644 --- a/xml/System.Security/CodeAccessPermission.xml +++ b/xml/System.Security/CodeAccessPermission.xml @@ -57,23 +57,8 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - Code access permissions use a stack walk to ensure that all callers of the code have been granted a permission. If a permission object is `null`, it is handled the same as a permission object with the state . - - The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. - - Inheritors of the class must be granted full trust to function correctly as permissions extending the security infrastructure. To determine that the inheritors are fully trusted, issues an for = `true` and = `true`. - ]]> - - When you inherit from , you must also implement the interface. - - The following members must be overridden: , , , , , and . - - You must also define a constructor that takes a as its only parameter. - - You must apply the attribute to a class that inherits from . - @@ -105,14 +90,7 @@ Initializes a new instance of the class. - - - + To be added. @@ -151,21 +129,7 @@ Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using can create security issues. - - prevents a stack walk originating lower in the call stack from proceeding up the call stack beyond the code that calls this method. Therefore, even if callers higher on the call stack do not have the requisite permissions to access a resource, they can still access it through the code that calls this method on the necessary permission. An assertion is effective only if the code that calls passes the security check for the permission that it is asserting. - - The call to is effective until the calling code returns to its caller. Only one can be active on a frame. An attempt to call when an active exists on the frame results in a . Call or to remove an active . - - is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack calls for that permission, a is thrown when the stack walk reaches the code that tried to call . This happens because the code that called has not been granted the permission, even though it tried to it. - -> [!CAUTION] -> Because calling removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security issues if used incorrectly or inappropriately. Therefore, it should be used with great caution. - - ]]> - + To be added. The calling code does not have . -or- @@ -214,14 +178,7 @@ When implemented by a derived class, creates and returns an identical copy of the current permission object. A copy of the current permission object. - - - + To be added. You must override this method in a derived class. @@ -264,16 +221,7 @@ Forces a at run time if all callers higher in the call stack have not been granted the permission specified by the current instance. - - for the necessary before performing a file operation requested by the caller. - - The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. succeeds only if no is raised. - - ]]> - + To be added. A caller higher in the call stack does not have the permission specified by the current instance. -or- @@ -326,22 +274,7 @@ Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance. - - [!IMPORTANT] -> The method should be used only to protect resources from accidental access by fully trusted code. It should not be used to protect resources from intentional misuse by untrusted code. For example, if method `A` issues a for a permission and then calls method `B`, method `B` can overtly override the by issuing an . The called method is always higher in the stack. Therefore, if method `B` tries to access a protected resource, the security system begins checking for permissions with it because method `B` is the immediate caller, and then walks down the stack to confirm that there is no or lower in the stack. Method `B`, which is trying to access the resource, can stop the stack walk immediately by using the method. In that case, the placed on the stack by method `A` (the calling method) is never discovered. - - This method prevents callers higher in the call stack from accessing the protected resource through the code that calls this method, even if those callers have been granted permission to access it. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. - - can limit the liability of the programmer or help prevent accidental security issues because it helps prevent the method that calls from being used to access the resource protected by the denied permission. If a method calls on a permission, and if a for that permission is invoked by a caller lower in the call stack, that security check will fail when it reaches the . - - The call to is effective until the calling code returns to its caller. Only one can be active on a frame. An attempt to call when an active exists on the frame results in a . Call or to remove an active . is ignored for a permission not granted because a demand for that permission will not succeed. - - ]]> - + To be added. There is already an active for the current frame. You cannot override this method. @@ -385,14 +318,7 @@ Determines whether the specified object is equal to the current . if the specified object is equal to the current ; otherwise, . - - . - - ]]> - + To be added. @@ -434,14 +360,7 @@ The XML encoding to use to reconstruct the security object. When overridden in a derived class, reconstructs a security object with a specified state from an XML encoding. - - and methods to make the objects security-encodable. - - ]]> - + To be added. The parameter is . The parameter does not contain the XML encoding for an instance of the same type as the current instance. @@ -486,14 +405,7 @@ Gets a hash code for the object that is suitable for use in hashing algorithms and data structures such as a hash table. A hash code for the current object. - - objects. - - ]]> - + To be added. @@ -536,14 +448,7 @@ A permission to intersect with the current permission. It must be of the same type as the current permission. When implemented by a derived class, creates and returns a permission that is the intersection of the current permission and the specified permission. A new permission that represents the intersection of the current permission and the specified permission. This new permission is if the intersection is empty. - - - + To be added. The parameter is not and is not an instance of the same class as the current permission. You must override this method in a derived class. @@ -591,25 +496,7 @@ When implemented by a derived class, determines whether the current permission is a subset of the specified permission. if the current permission is a subset of the specified permission; otherwise, . - - method. *X*, *Y*, and *Z* represent custom code access permission objects that are not null references, *U* represents an unrestricted code access permission, and *N* represents an empty permission with a of . - -- *X*.IsSubsetOf(*X*) returns `true`. -- *X*.IsSubsetOf(*Y*) returns the same value as *Y*.IsSubsetOf(*X*) if and only if *X* and *Y* represent the same set of permissions. -- If *X*.IsSubsetOf(*Y*) and *Y*.IsSubsetOf(*Z*) both return `true`, *X*.IsSubsetOf(*Z*) returns `true`. -- *X*.IsSubsetOf(*U*) returns `true`. -- *X*.IsSubsetOf(*N*) returns `false`. -- *N*.IsSubsetOf(*X*) returns `true`. - - If *X* and *Y* represent custom code access permission objects that are null references, *X*.IsSubsetOf(*Y*) returns `true`. If *Z* is also null, the compound set operation *X*.Union(*Y*).IsSubsetOf(*Z*) also returns `true` because the union of two null permissions is a null permission. - - ]]> - + To be added. The parameter is not and is not of the same type as the current permission. You must override this method in a derived class. @@ -652,22 +539,7 @@ Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance. - - [!IMPORTANT] -> The method should be used only to protect resources from accidental access by fully trusted code. It should not be used to protect resources from intentional misuse by untrusted code. For example, if method `A` issues a for a permission and then calls method `B`, method `B` can overtly override the by issuing an . The called method is always higher in the stack. Therefore, if method `B` tries to access a protected resource, the security system begins checking for permissions with it because method `B` is the immediate caller, and then walks down the stack to confirm that there is no or lower in the stack. Method `B`, which is trying to access the resource, can stop the stack walk immediately by using the method. In that case, the placed on the stack by method `A` (the calling method) is never discovered. - - is similar to , in that both cause stack walks to fail when they would otherwise succeed. The difference is that specifies permissions that will cause the stack walk to fail, but specifies the only permissions that do not cause the stack walk to fail. - - Call this method to ensure that your code can be used to access only the specified resources. The call to is effective until the calling code returns to its caller. Only one can be active on a frame. An attempt to call when an active exists on the frame results in a . Call or to remove an active . - - is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack later calls for that permission, a is thrown when the stack walk reaches the code that tried to call . This is because the code that called has not been granted the permission, even though it called for that permission. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. - - ]]> - + To be added. There is already an active for the current frame. You cannot override this method. @@ -707,14 +579,7 @@ Causes all previous overrides for the current frame to be removed and no longer in effect. - - , , or ) for the current frame, an is thrown. - - ]]> - + To be added. There is no previous , , or for the current frame. @@ -751,14 +616,7 @@ Causes any previous for the current frame to be removed and no longer in effect. - - for the current frame, an is thrown. - - ]]> - + To be added. There is no previous for the current frame. @@ -801,14 +659,7 @@ Causes any previous for the current frame to be removed and no longer in effect. - - for the current frame, an is thrown. - - ]]> - + To be added. There is no previous for the current frame. @@ -845,14 +696,7 @@ Causes any previous for the current frame to be removed and no longer in effect. - - for the current frame, an is thrown. - - ]]> - + To be added. There is no previous for the current frame. @@ -890,14 +734,7 @@ Creates and returns a string representation of the current permission object. A string representation of the current permission object. - - - + To be added. @@ -937,17 +774,7 @@ When overridden in a derived class, creates an XML encoding of the security object and its current state. An XML encoding of the security object, including any state information. - - and methods to make the objects security-encodable. - - ]]> - - - You must override this method in a derived class. - + To be added. @@ -990,18 +817,8 @@ A permission to combine with the current permission. It must be of the same type as the current permission. When overridden in a derived class, creates a permission that is the union of the current permission and the specified permission. A new permission that represents the union of the current permission and the specified permission. - - is a permission that represents all the operations represented by both the current permission and the specified permission. Any demand that passes either permission passes their union. - - ]]> - + To be added. The parameter is not . This method is only supported at this level when passed . - - You must override this method in a derived class. You should return a copy of the permission if the value of the parameter is . - diff --git a/xml/System.Security/HostProtectionException.xml b/xml/System.Security/HostProtectionException.xml index 41b2cbeac75..e37973b3ad3 100644 --- a/xml/System.Security/HostProtectionException.xml +++ b/xml/System.Security/HostProtectionException.xml @@ -55,11 +55,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - A attribute is used to determine if a type or member can be loaded, based on the host's protection preferences established when the common language runtime is started. If a type or member with an active is called, a link demand occurs for that protection attribute. If the caller does not meet the demand for host protection, a is thrown. - -> [!NOTE] -> A is not a permission, even though it is the target of a link demand. Because a is thrown for a link demand, it cannot be handled, and therefore it cannot be trapped and processed in code. - ]]> @@ -102,19 +97,7 @@ Initializes a new instance of the class with default values. - - class. - -|Property|Value| -|--------------|-----------| -||| -||| - - ]]> - + To be added. @@ -149,14 +132,7 @@ The message that describes the error. Initializes a new instance of the class with a specified error message. - - - + To be added. @@ -203,14 +179,7 @@ The object that holds the serialized object data. Contextual information about the source or destination. Initializes a new instance of the class using the provided serialization information and streaming context. - - - + To be added. is . @@ -249,14 +218,7 @@ The error message that explains the reason for the exception. The exception that is the cause of the current exception. If the innerException parameter is not , the current exception is raised in a block that handles the inner exception. Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception. - - property. The property returns the same value that is passed into the constructor, or `null` if the property does not supply the inner exception value to the constructor. - - ]]> - + To be added. @@ -295,14 +257,7 @@ A bitwise combination of the enumeration values that specify the host resources that are inaccessible to partially trusted code. A bitwise combination of the enumeration values that specify the demanded host resources. Initializes a new instance of the class with a specified error message, the protected host resources, and the host resources that caused the exception to be thrown. - - attribute that indicates that the method exposes shared state. When the method is called, the performs a link demand for shared state. If the host has set shared state as a prohibited category, then a is raised with a `demandedResources` property value of . - - ]]> - + To be added. @@ -337,14 +292,7 @@ Gets or sets the demanded host protection resources that caused the exception to be thrown. A bitwise combination of the values identifying the protection resources causing the exception to be thrown. The default is . - - attribute that indicates that the method exposes shared state. When the method is called, the performs a link demand for shared state. If the host has set shared state as a prohibited category, then a is raised, and the value of the property is . - - ]]> - + To be added. @@ -386,14 +334,7 @@ The serialized object data about the exception being thrown. The contextual information about the source or destination. Sets the specified object with information about the host protection exception. - - method sets a object with all the exception object data targeted for serialization. During deserialization, the exception is reconstructed from the transmitted over the stream. - - ]]> - + To be added. is . @@ -430,14 +371,7 @@ Gets or sets the host protection resources that are inaccessible to partially trusted code. A bitwise combination of the values identifying the inaccessible host protection categories. The default is . - - - + To be added. @@ -473,14 +407,7 @@ Returns a string representation of the current host protection exception. A string representation of the current . - - - + To be added. diff --git a/xml/System.Security/HostSecurityManager.xml b/xml/System.Security/HostSecurityManager.xml index 619ba6032af..009c80b3f7a 100644 --- a/xml/System.Security/HostSecurityManager.xml +++ b/xml/System.Security/HostSecurityManager.xml @@ -32,14 +32,13 @@ - Allows the control and customization of security behavior for application domains. + Allows the control and customization of security behavior for hosts. , the common language runtime queries the for the presence of a , which participates in making security decisions for the . Host providers should implement a host security manager that inherits from the class. - +Host providers should implement a host security manager that inherits from the class. ## Examples The following example shows a very simple implementation of a . @@ -134,9 +133,7 @@ ## Remarks This method can be overridden by a derived class. The base implementation calls the application security manager to determine if the application should be executed. - The base implementation does not use the activator evidence. However, an overridden implementation could use the activator evidence to determine the security evidence for the application domain attempting to activate the application. - - + The base implementation does not use the activator evidence. However, an overridden implementation could use the activator evidence to determine the security evidence. ## Examples The following example shows how to override the method for a custom host security manager. This example is part of a larger example provided for the class. @@ -197,9 +194,7 @@ This property is called at creation time. It allows a host to supply a policy for the current . A policy level consists of the following: - A set of code groups organized into a single rooted tree. - - A set of named permission sets that are referenced by the code groups to specify permissions to be granted to code belonging to the code group. - - A list of fully trusted assemblies. > [!IMPORTANT] @@ -207,7 +202,7 @@ ]]> - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + This method uses code access security (CAS) policy, which is obsolete. @@ -306,14 +301,12 @@ To get a callback to this method, hosts must specify the flag in the property. - This method of generating evidence allows hosts to delay evidence generation for an until the evidence is needed. In the .NET Framework version 3.5 and earlier versions, it was necessary to provide evidence at load time by overriding the method. We recommend that you use to provide evidence instead of overriding . + This method of generating evidence allows hosts to delay evidence generation for an until the evidence is needed. We recommend that you use to provide evidence instead of overriding . The method is called back into only for types of evidence that the host has specified in the override of the method. A return value of `null` indicates that the host cannot generate evidence of this specific type. - - ## Examples The following example shows how to override the method for a custom host security manager. This example is part of a larger example provided for the class. @@ -370,7 +363,7 @@ To get a callback to this method, hosts must specify the flag in the property. - This method of generating evidence allows hosts to delay evidence generation for an until the evidence is needed. In the .NET Framework 3.5 and earlier versions, it was necessary to provide evidence at load time by overriding the method. We recommend that you use to provide evidence instead of overriding . + This method of generating evidence allows hosts to delay evidence generation for an until the evidence is needed. We recommend that you use to provide evidence instead of overriding . The method is called back into only for types of evidence that the host has specified in the override of the method. diff --git a/xml/System.Security/IPermission.xml b/xml/System.Security/IPermission.xml index 65dda38c37c..264ef13eae7 100644 --- a/xml/System.Security/IPermission.xml +++ b/xml/System.Security/IPermission.xml @@ -85,23 +85,8 @@ [!NOTE] -> If you write a new permission, you must implement this interface in your class. - -> [!IMPORTANT] -> A permission can be accessed by multiple threads. When implementing this interface, you must guarantee that the , , , and method implementations are thread safe. - ]]> @@ -156,14 +141,7 @@ Creates and returns an identical copy of the current permission. A copy of the current permission. - - - + To be added. @@ -215,18 +193,7 @@ Throws a at run time if the security requirement is not met. - - for the necessary before performing a file operation requested by the caller. - - Although the majority of the classes that implement this interface method satisfy the security criteria by performing a full stack walk, a stack walk is not necessarily performed. An example of an implementation that does not perform a stack walk is . - - When a stack walk is performed, the permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. succeeds only if no is raised. - - ]]> - + To be added. @@ -283,20 +250,7 @@ A permission to intersect with the current permission. It must be of the same type as the current permission. Creates and returns a permission that is the intersection of the current permission and the specified permission. A new permission that represents the intersection of the current permission and the specified permission. This new permission is if the intersection is empty. - - method. `X` and `Y` represent object references that are not `null`. - -- `X`.Intersect(`X`) returns a value equal to `X`. -- `X`.Intersect(`Y`) returns the same value as `Y`.Intersect(`X`). -- `X`.Intersect(`null`) returns `null`. - - ]]> - + To be added. The parameter is not and is not an instance of the same class as the current permission. @@ -355,22 +309,7 @@ Determines whether the current permission is a subset of the specified permission. if the current permission is a subset of the specified permission; otherwise, . - - method. `X`, `Y`, and `Z` represent objects that are not `null`. - -- `X`.IsSubsetOf(`X`) returns `true`. -- `X`.IsSubsetOf(`Y`) returns the same value as `Y`.IsSubsetOf(`X`) if and only if `X` and `Y` represent the same set of permissions. -- If `X`.IsSubsetOf(`Y`) and `Y`.IsSubsetOf(`Z`) both return `true`, `X`.IsSubsetOf(`Z`) returns `true`. - - If `X` represents an empty object with a permission state of and `Y` represents an object that is `null`, `X`.IsSubsetOf(`Y`) returns `true`. If `Z` is also an empty permission, the compound set operation `X`.Union(Z).IsSubsetOf(Y) also returns `true` because the union of two empty permissions is an empty permission. - - ]]> - + To be added. The parameter is not and is not of the same type as the current permission. @@ -428,20 +367,7 @@ A permission to combine with the current permission. It must be of the same type as the current permission. Creates a permission that is the union of the current permission and the specified permission. A new permission that represents the union of the current permission and the specified permission. - - is a permission that represents all the operations represented by both the current permission and the specified permission. Any demand that passes either permission passes their union. - - The following statements are required to be true for all implementations of the method. `X` and `Y` represent objects that are not `null`. - -- `X`.Union(`X`) returns an object that has the same value as `X`. -- `X`.Union(`Y`) returns an object that has the same value as the object returned by `Y`.Union(`X`). -- `X`.Union(`null`) returns an object that has the same value as `X`. - - ]]> - + To be added. The parameter is not and is not of the same type as the current permission. diff --git a/xml/System.Security/ISecurityEncodable.xml b/xml/System.Security/ISecurityEncodable.xml index b7c10d5b3fd..b1453349732 100644 --- a/xml/System.Security/ISecurityEncodable.xml +++ b/xml/System.Security/ISecurityEncodable.xml @@ -79,15 +79,7 @@ The XML representation of permissions is used to describe instances of permissions for code requests, declarative security permission sets, and security policy configuration. > [!NOTE] -> You must implement this interface for any new permission object. - - - -## Examples - This example shows how to define a permission class for use with code access security. All of the necessary permission interfaces are implemented. - - :::code language="csharp" source="~/snippets/csharp/System.Security/IPermission/Overview/Permission.cs" id="Snippet1"::: - :::code language="vb" source="~/snippets/visualbasic/System.Security/ISecurityEncodable/Overview/permission.vb" id="Snippet1"::: +> You must implement this interface for any new permission object. ]]> diff --git a/xml/System.Security/IStackWalk.xml b/xml/System.Security/IStackWalk.xml index 89763b9102d..3129a7302d8 100644 --- a/xml/System.Security/IStackWalk.xml +++ b/xml/System.Security/IStackWalk.xml @@ -75,10 +75,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - Partially trusted code always presents a security risk. It can sometimes be manipulated to perform actions on behalf of malicious code that does not have permission to access a resource. In this way, malicious code can achieve higher security access than it should be allowed. - - The common language runtime helps protect managed code from these attacks by running a stack walk on all calls. The stack walk requires that all code in the call stack has permission to access a protected resource. Because the code attempting the attack will always be somewhere in the call stack, it will be unable to exceed its own security permissions. - ]]> @@ -130,21 +126,7 @@ Asserts that the calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource. - - stops the permission check on callers higher in the call stack. Therefore, even if these callers do not have the requisite permissions, they can still access resources. An assertion is effective only if the code that calls passes the security check for the permission that it is asserting. - - A call to is effective until the calling code returns to its caller or until a subsequent call to renders the previous assertion ineffective. Also, or removes a pending . - - is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack calls for that permission, a is thrown when the stack walk reaches the code that tried to call . This happens because the code that called has not been granted the permission, even though it tried to it. - -> [!CAUTION] -> Because calling removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security vulnerabilities if used incorrectly or inappropriately. Therefore, it should be used with great caution. - - ]]> - + To be added. The calling code does not have . Using the Assert Method @@ -196,16 +178,7 @@ Determines at run time whether all callers in the call stack have been granted the permission specified by the current permission object. - - for the necessary before performing a file operation requested by the caller. - - The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. succeeds only if no is raised. - - ]]> - + To be added. A caller higher in the call stack does not have the permission specified by the current permission object. -or- @@ -260,21 +233,7 @@ Causes every for the current object that passes through the calling code to fail. - - can limit the liability of the programmer or help prevent accidental security vulnerabilities because it helps prevent the method that calls from being used to access the resource protected by the denied permission. If a method calls on a permission, and if a for that permission is invoked by a caller lower in the call stack, that security check will fail when it reaches the . - - is ignored for a permission not granted because a demand for that permission will not succeed. - - ]]> - - - You cannot override this method. - + To be added. @@ -324,16 +283,7 @@ Causes every for all objects except the current one that passes through the calling code to fail, even if code higher in the call stack has been granted permission to access other resources. - - is similar to , in that both cause stack walks to fail when they would otherwise succeed. The difference is that specifies permissions that will cause the stack walk to fail, but specifies the only permissions that do not cause the stack walk to fail. Call this method to ensure that your code can be used to access only the specified resources. - - is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack later calls for that permission, a is thrown when the stack walk reaches the code that tried to call . This is because the code that called has not been granted the permission, even though it called for that permission. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. - - ]]> - + To be added. diff --git a/xml/System.Security/NamedPermissionSet.xml b/xml/System.Security/NamedPermissionSet.xml index dfd6e8c4f77..a35acb73310 100644 --- a/xml/System.Security/NamedPermissionSet.xml +++ b/xml/System.Security/NamedPermissionSet.xml @@ -47,8 +47,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - Named permission sets are used in security policy administration to specify the permissions to be granted to code that belongs to certain code groups. Names are strings of alphanumeric characters. Description strings can consist of any printable characters. - ]]> @@ -132,14 +130,7 @@ The name for the new named permission set. Initializes a new, empty instance of the class with the specified name. - - permission state. A named permission set in an unrestricted state effectively contains all permissions that implement the interface. The named permission set will contain all built-in permissions as well as all custom user-defined permissions that implement . All permissions will have the equivalent of an `Unrestricted` permission state. Permissions that do not implement will be empty instances. - - ]]> - + To be added. The parameter is or is an empty string (""). @@ -178,14 +169,7 @@ The name for the new named permission set. One of the values. Initializes a new instance of the class with the specified name in either an unrestricted or a fully restricted state. - - interface. The named permission set will contain all built-in permissions as well as all custom permissions. All permissions will have an `Unrestricted` . Permissions that do not implement , such as identity permissions, will be empty instances. - - ]]> - + To be added. The parameter is or is an empty string (""). @@ -349,14 +333,7 @@ Gets or sets the text description of the current named permission set. A text description of the named permission set. - - - + To be added. @@ -396,14 +373,7 @@ Determines whether the specified object is equal to the current . if the specified is equal to the current object; otherwise, . - - . - - ]]> - + To be added. @@ -442,14 +412,7 @@ A security element containing the XML representation of the named permission set. Reconstructs a named permission set with a specified state from an XML encoding. - - . - - ]]> - + To be added. The parameter is not a valid representation of a named permission set. The parameter is . @@ -487,14 +450,7 @@ Gets a hash code for the object that is suitable for use in hashing algorithms and data structures such as a hash table. A hash code for the current object. - - objects. - - ]]> - + To be added. @@ -530,14 +486,7 @@ Gets or sets the name of the current named permission set. The name of the named permission set. - - - + To be added. The name is or is an empty string (""). @@ -575,14 +524,7 @@ Creates an XML element description of the named permission set. The XML representation of the named permission set. - - to recreate the state represented by the returned element. - - ]]> - + To be added. diff --git a/xml/System.Security/PartialTrustVisibilityLevel.xml b/xml/System.Security/PartialTrustVisibilityLevel.xml index 8a73f7df2fc..ee2f07897a6 100644 --- a/xml/System.Security/PartialTrustVisibilityLevel.xml +++ b/xml/System.Security/PartialTrustVisibilityLevel.xml @@ -42,18 +42,7 @@ Specifies the default partial-trust visibility for code that is marked with the (APTCA) attribute. - - is passed as a property setting parameter to the constructor. If no parameter is passed to the constructor, the default is VisibleToAllHosts. - - You enable partially trusted assemblies that are identified as NotVisibleByDefault by adding them to the property of their application domain. If you enable an assembly that references (directly or indirectly) other partially trusted assemblies that are NotVisibleByDefault, those other assemblies should be enabled as well. - - When an APTCA library that specifies a `PartialTrustVisibilityLevel` and that is eligible for code sharing is loaded for the first time, it is loaded into the shared domain. Whenever that assembly is loaded with the same `PartialTrustVisibilityLevel` into another domain, it will be shared. However, if the assembly is loaded with a different `PartialTrustVisibilityLevel`, it will not be shared. - - ]]> - + To be added. diff --git a/xml/System.Security/PermissionSet.xml b/xml/System.Security/PermissionSet.xml index 75ed4b7bfef..62b673475d0 100644 --- a/xml/System.Security/PermissionSet.xml +++ b/xml/System.Security/PermissionSet.xml @@ -97,8 +97,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - You can use to perform operations on several different permissions as a group. - ]]> @@ -160,16 +158,7 @@ One of the enumeration values that specifies the permission set's access to resources. Initializes a new instance of the class with the specified . - - interface, while `None` allows no permissions. - - Use on an empty to define the set in greater detail. - - ]]> - + To be added. The parameter is not a valid . @@ -220,17 +209,7 @@ The set from which to take the value of the new , or to create an empty . Initializes a new instance of the class with initial values taken from the parameter. - - contains copies of the permissions contained in the specified . - -> [!NOTE] -> This is equivalent to when the `permSet` parameter is not `null`. - - ]]> - + To be added. @@ -284,14 +263,7 @@ The permission to add. Adds a specified permission to the . The union of the permission added and any permission of the same type that already exists in the . - - , the new permission is the union of the existing permission object and the specified permission object. For example, if a permission that implements is added to an , the resulting union is the original `Unrestricted` . - - ]]> - + To be added. The method is called from a . When you inherit from , you can change the behavior of the method by overriding the method. @@ -346,16 +318,7 @@ The permission to add. Adds a specified permission to the . The union of the permission added and any permission of the same type that already exists in the , or if is . - - method is the implementation for the method. - - If a permission of the same type as the added permission already exists in the , the new permission is the union of the existing permission object and the specified permission object. For example, if a permission that implements is added to an , the resulting union is the original `Unrestricted` . - - ]]> - + To be added. The method is called from a . @@ -409,17 +372,7 @@ Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using can create security vulnerabilities. - - can be active on a frame. is only effective for granted permissions. Call the or method to cancel an active . - -> [!CAUTION] -> Because calling the method removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security vulnerabilities if used incorrectly or inappropriately. Therefore, it should be used with great caution. - - ]]> - + To be added. The instance asserted has not been granted to the asserting code. -or- @@ -541,14 +494,7 @@ A string representing one of the following encoding formats: ASCII, Unicode, or Binary. Possible values are "XMLASCII" or "XML", "XMLUNICODE", and "BINARY". Converts an encoded from one XML encoding format to another XML encoding format. An encrypted permission set with the specified output format. - - - + To be added. In all cases. @@ -600,14 +546,7 @@ Creates a copy of the . A copy of the . - - represents the same access to resources as the original object. Changes made to the copy do not affect the original permission set. - - ]]> - + To be added. @@ -721,14 +660,7 @@ Gets the number of permission objects contained in the permission set. The number of permission objects contained in the . - - - + To be added. @@ -781,18 +713,7 @@ Forces a at run time if all callers higher in the call stack have not been granted the permissions specified by the current instance. - - on a to ensure that all callers have all permissions in the set with one operation. - - The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. succeeds only if no is thrown. - - If the contains permissions that do not inherit from , the `Demand` methods of those permissions are called as well. - - ]]> - + To be added. A caller in the call chain does not have the permission demanded. @@ -852,18 +773,7 @@ Causes any that passes through the calling code for a permission that has an intersection with a permission of a type contained in the current to fail. - - can limit the liability of the programmer or help prevent accidental security vulnerabilities because it helps prevent the method that calls from being used to access the resource protected by the denied permission. If a method calls on a permission, and if a for that permission is invoked by a caller lower in the call stack, that security check fails when it reaches the . - - is ignored for a permission that is not granted because a demand for that permission cannot succeed. - - ]]> - + To be added. A previous call to has already restricted the permissions for the current stack frame. @@ -918,16 +828,7 @@ Determines whether the specified or object is equal to the current . if the specified object is equal to the current object; otherwise, . - - object or a object. If `obj` is a , the name and description are ignored. - - For more information, see . - - ]]> - + To be added. @@ -1043,14 +944,7 @@ Returns an enumerator for the permissions of the set. An enumerator object for the permissions of the set. - - - + To be added. When you inherit from , you can change the behavior of the method by overriding the method. @@ -1101,14 +995,7 @@ Returns an enumerator for the permissions of the set. An enumerator object for the permissions of the set. - - method is the implementation for the method. - - ]]> - + To be added. @@ -1158,14 +1045,7 @@ Gets a hash code for the object that is suitable for use in hashing algorithms and data structures such as a hash table. A hash code for the current object. - - objects. - - ]]> - + To be added. @@ -1219,14 +1099,7 @@ The type of the desired permission object. Gets a permission object of the specified type, if it exists in the set. A copy of the permission object of the type specified by the parameter contained in the , or if none exists. - - . Although an `Unrestricted` effectively contains all permissions, it does not have any actual instances to return. - - ]]> - + To be added. When you inherit from , you can change the behavior of the method by overriding the method. @@ -1280,16 +1153,7 @@ The type of the permission object. Gets a permission object of the specified type, if it exists in the set. A copy of the permission object, of the type specified by the parameter, contained in the , or if none exists. - - method is the implementation for the method. - - The method returns `null` for an `Unrestricted` . Although an `Unrestricted` effectively contains all permissions, it does not have any actual instances to return. - - ]]> - + To be added. @@ -1343,16 +1207,7 @@ A permission set to intersect with the current . Creates and returns a permission set that is the intersection of the current and the specified . A new permission set that represents the intersection of the current and the specified target. This object is if the intersection is empty. - - . Permission types that exist in only one of the two sets are excluded from the resulting set. - - ]]> - + To be added. @@ -1404,14 +1259,7 @@ Gets a value indicating whether the is empty. if the is empty; otherwise, . - - can be empty and yet contain instances of permissions if those permissions are in the fully-restricted state. Permissions are in a fully restricted state if their `IsSubsetOf` methods return `true` when `null` is passed as a parameter. - - ]]> - + To be added. @@ -1461,14 +1309,7 @@ Gets a value indicating whether the collection is read-only. Always . - - cannot be read-only, so this property is always `false`. - - ]]> - + To be added. @@ -1523,14 +1364,7 @@ Determines whether the current is a subset of the specified . if the current is a subset of the parameter; otherwise, . - - is a subset of the target if all demands that succeed for the also succeed for the target. That is, the target contains at least the permissions contained in the subset. - - ]]> - + To be added. @@ -1583,16 +1417,7 @@ Gets a value indicating whether the collection is guaranteed to be thread safe. Always . - - does not automatically handle thread safety, so this property is always `false`. - - This method is required to support . - - ]]> - + To be added. @@ -1644,14 +1469,7 @@ Determines whether the is . if the is ; otherwise, . - - effectively contains all permissions that implement the interface. - - ]]> - + To be added. @@ -1704,16 +1522,7 @@ Causes any that passes through the calling code for any that is not a subset of the current to fail. - - is similar to , in that both cause stack walks to fail when they would otherwise succeed. The difference is that specifies permissions that will cause the stack walk to fail, but specifies the only permissions that do not cause the stack walk to fail. Call this method to ensure that your code can be used to access only the specified resources. - - is ignored for a permission not granted because a demand for that permission cannot succeed. However, if code lower on the call stack later calls for that permission, a is thrown when the stack walk reaches the code that tried to call . This is because the code that called has not been granted the permission, even though it called for that permission. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. - - ]]> - + To be added. @@ -1767,16 +1576,7 @@ The type of permission to delete. Removes a permission of a certain type from the set. The permission removed from the set. - - [!IMPORTANT] -> You cannot remove permissions from an unrestricted permission set. The permission set remains unrestricted after you attempt to remove the permission, and no exception is thrown. - - ]]> - + To be added. The method is called from a . When you inherit from , you can change the behavior of the method by overriding the method. @@ -1831,17 +1631,7 @@ The type of the permission to remove. Removes a permission of a certain type from the set. The permission removed from the set. - - method is the implementation for the method. - -> [!IMPORTANT] -> You cannot remove permissions from an unrestricted permission set. The permission set remains unrestricted after you attempt to remove the permission, and an exception is not thrown. - - ]]> - + To be added. The method is called from a . @@ -1891,14 +1681,7 @@ Causes any previous for the current frame to be removed and no longer be in effect. - - for the current frame, an is thrown. - - ]]> - + To be added. There is no previous for the current frame. @@ -1953,14 +1736,7 @@ The permission to set. Sets a permission to the , replacing any existing permission of the same type. The set permission. - - and replaces it with the `perm` parameter. If a permission that implements is set on a that is , the resulting is no longer `Unrestricted`. - - ]]> - + To be added. The method is called from a . When you inherit from , you can change the behavior of the method by overriding the method. @@ -2015,16 +1791,7 @@ The permission to set. Sets a permission to the , replacing any existing permission of the same type. The set permission. - - method is the implementation for the method. - - This method removes any existing permission object of the same type from the and replaces it with the `perm` parameter. If a permission that implements is set on a that is , the resulting is no longer `Unrestricted`. - - ]]> - + To be added. The method is called from a . @@ -2084,14 +1851,7 @@ Gets the root object of the current collection. The root object of the current collection. - - . - - ]]> - + To be added. @@ -2199,14 +1959,7 @@ Returns a string representation of the . A representation of the . - - . - - ]]> - + To be added. @@ -2314,14 +2067,7 @@ The permission set to form the union with the current . Creates a that is the union of the current and the specified . A new permission set that represents the union of the current and the specified . - - is a that represents all the operations represented by the current as well as all the operations represented by the specified . If either set is `Unrestricted`, the union is `Unrestricted` as well. - - ]]> - + To be added. diff --git a/xml/System.Security/PolicyLevelType.xml b/xml/System.Security/PolicyLevelType.xml index f2876f665a2..1f05307615c 100644 --- a/xml/System.Security/PolicyLevelType.xml +++ b/xml/System.Security/PolicyLevelType.xml @@ -34,19 +34,16 @@ Specifies the type of a managed code policy level. - diff --git a/xml/System.Security/SecureString.xml b/xml/System.Security/SecureString.xml index a862fead7a5..43c9b50726f 100644 --- a/xml/System.Security/SecureString.xml +++ b/xml/System.Security/SecureString.xml @@ -73,7 +73,6 @@ The following example demonstrates how to use a - diff --git a/xml/System.Security/SecurityContext.xml b/xml/System.Security/SecurityContext.xml index 232fa53d9fc..6ad3268f1d9 100644 --- a/xml/System.Security/SecurityContext.xml +++ b/xml/System.Security/SecurityContext.xml @@ -50,19 +50,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] -> [!NOTE] -> This type is marked obsolete starting in .NET 6. - - A object captures all security-related information for a logical thread, including the information contained in the and objects. This configuration allows the Windows identity and the security elements on the stack to be propagated automatically when the is copied and transferred across asynchronous threads. - -> [!NOTE] -> The common language runtime (CLR) is aware of impersonation operations performed using only managed code, not of impersonation performed outside of managed code, such as through platform invoke to unmanaged code or through direct calls to Win32 functions. Only managed objects can flow across asynchronous points, unless the `alwaysFlowImpersonationPolicy` element has been set to `true` (``). Setting the `alwaysFlowImpersonationPolicy` element to `true` specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed. For more information about flowing unmanaged impersonation across asynchronous points, see [<alwaysFlowImpersonationPolicy> Element](/dotnet/framework/configure-apps/file-schema/runtime/alwaysflowimpersonationpolicy-element). - - The is part of the larger and flows or migrates when the flows or migrates. - -> [!IMPORTANT] -> This type implements the interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its method in a `try`/`catch` block. To dispose of it indirectly, use a language construct such as `using` (in C#) or `Using` (in Visual Basic). For more information, see the "Using an Object that Implements IDisposable" section in the interface topic. - ]]> @@ -100,15 +87,8 @@ Captures the security context for the current thread. The security context for the current thread. - - consists of the and the for the executing thread. - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -144,16 +124,8 @@ Creates a copy of the current security context. The security context for the current thread. - - to multiple threads. - - ]]> - - The current security context has been previously used, was marshaled across application domains, or was not acquired through the method. - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -190,20 +162,8 @@ Releases all resources used by the current instance of the class. - - . The `Dispose` method leaves the in an unusable state. After calling `Dispose`, you must release all references to the so the garbage collector can reclaim the memory that the was occupying. - - For more information, see [Cleaning Up Unmanaged Resources](/dotnet/standard/garbage-collection/unmanaged) and [Implementing a Dispose Method](/dotnet/standard/garbage-collection/implementing-dispose). - -> [!NOTE] -> Always call `Dispose` before you release your last reference to the . Otherwise, the resources it is using will not be freed until the garbage collector calls the object's `Finalize` method. - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -240,15 +200,8 @@ Determines whether the flow of the security context has been suppressed. if the flow has been suppressed; otherwise, . - - method is used by infrastructure components to determine whether to transfer the information during asynchronous operations. - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -285,15 +238,8 @@ Determines whether the flow of the Windows identity portion of the current security context has been suppressed. if the flow has been suppressed; otherwise, . - - method is used by infrastructure components to determine whether to transfer the Windows identity information when the migrates during asynchronous operations. - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -328,16 +274,8 @@ Restores the flow of the security context across asynchronous threads. - - method is called by the method to reverse the effect of a prior method call. - - ]]> - - The security context is or an empty string. - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -379,25 +317,8 @@ The delegate that represents the method to run in the specified security context. The object to pass to the callback method. Runs the specified method in the specified security context on the current thread. - - - - - is . - - -or- - - was not acquired through a capture operation. - - -or- - - has already been used as the argument to a method call. - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -433,21 +354,8 @@ Suppresses the flow of the security context across asynchronous threads. An structure for restoring the flow. - - information on the current thread for asynchronous operations. - - The common language runtime (CLR) is only aware of the impersonation operations performed using managed code. The CLR has no knowledge of impersonation performed outside of managed code, such as platform invokes to unmanaged code that does the impersonation, or through calls to Win32 functions. To flow identity across asynchronous points you must use the managed and methods. - - Use the method on the returned structure to return the object to its previous state. - - This method is protected with a for permission. A fully trusted component can call this method to suppress the flow of the information during asynchronous calls. When the flow is suppressed, the method returns `null`. - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. @@ -483,20 +391,8 @@ Suppresses the flow of the Windows identity portion of the current security context across asynchronous threads. A structure for restoring the flow. - - migrates across asynchronous threads. - - Use the method on the returned structure to return the object to its previous state. - -> [!NOTE] -> The common language runtime (CLR) is aware of impersonation operations performed using only managed code, not of impersonation performed outside of managed code, such as through platform invoke to unmanaged code or through direct calls to Win32 functions. Only managed objects can flow across asynchronous points, unless the `alwaysFlowImpersonationPolicy` element has been set to `true` (``). Setting the `alwaysFlowImpersonationPolicy` element to `true` specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed. For more information about flowing unmanaged impersonation across asynchronous points, see [\ Element](/dotnet/framework/configure-apps/file-schema/runtime/alwaysflowimpersonationpolicy-element). - - ]]> - - .NET 5+ (including .NET Core): In all cases. + To be added. + In all cases. diff --git a/xml/System.Security/SecurityCriticalAttribute.xml b/xml/System.Security/SecurityCriticalAttribute.xml index 2338588abca..049a0ff3ddb 100644 --- a/xml/System.Security/SecurityCriticalAttribute.xml +++ b/xml/System.Security/SecurityCriticalAttribute.xml @@ -57,23 +57,11 @@ [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. - - Security-critical operations are actions that affect code access security, such as elevation of privilege through suppression of code access security checks by using the method, calling unsafe managed code, and so forth. Either the attribute or the attribute must be applied to code for the code to perform security-critical operations. - -> [!NOTE] -> The is equivalent to a link demand for full trust. A type or member marked with the can be called only by fully trusted code; it does not have to demand specific permissions. It cannot be called by partially trusted code. - - Applying the at the assembly level identifies the assembly as a security-critical assembly. The entire assembly can be identified as critical by setting the scope parameter . +> Partially trusted code is no longer supported. This attribute has no effect. ]]> - - - Security-Transparent Code, Level 1 - Security-Transparent Code, Level 2 @@ -169,7 +157,7 @@ diff --git a/xml/System.Security/SecurityElement.xml b/xml/System.Security/SecurityElement.xml index d74a689e053..a014446838b 100644 --- a/xml/System.Security/SecurityElement.xml +++ b/xml/System.Security/SecurityElement.xml @@ -927,18 +927,8 @@ The XML-encoded string from which to create the security element. Creates a security element from an XML-encoded string. - A created from the XML. - - Microsoft"` use "`Microsoft"`. - - Using single quotation marks can result in either an exception being thrown or, in some cases, the single quotation marks being treated as text in the string. - - Evidence based security model is not supported on .NET Core and this method will return `null`. - ]]> - + . + The evidence-based security model is not supported on .NET and this method returns . contains one or more single quotation mark characters. diff --git a/xml/System.Security/SecurityManager.xml b/xml/System.Security/SecurityManager.xml index ce46c299684..46b9718eff0 100644 --- a/xml/System.Security/SecurityManager.xml +++ b/xml/System.Security/SecurityManager.xml @@ -47,8 +47,6 @@ [!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)] - Security provides methods to access and manipulate the security policy configuration. You cannot create instances of . - ]]> @@ -93,16 +91,7 @@ Gets or sets a value indicating whether code must have in order to execute. if code must have in order to execute; otherwise, . - - can execute. Execution checking is expensive and can eliminate the advantages of lazy policy resolution. This property is provided to disable execution checking when needed. - - A change to this property is not persisted until is called. New processes will not be affected by the change until it is persisted in the registry. - - ]]> - + To be added. The code that calls this method does not have . @@ -139,21 +128,7 @@ Determines whether the current thread requires a security context capture if its security state has to be re-created at a later point in time. if the stack contains no partially trusted application domains, no partially trusted assemblies, and no currently active or modifiers; if the common language runtime cannot guarantee that the stack contains none of these. - - method before you cache sensitive data that is obtained after successful security demands. - - If the method has been called higher on the stack, the data should not be cached without capturing the corresponding security context. Otherwise, sensitive data that is obtained under an may become available to code that is no longer be running with that in place. - -> [!IMPORTANT] -> The return value is reliable only when it is `false`, which means that the thread is guaranteed not to require a security context capture. The method may return true when a security context capture is not necessary, to avoid security vulnerabilities. - - is security-critical because its main use is to avoid unnecessary security context captures, which indicates that the code using it is security-sensitive and must be audited. - - ]]> - + To be added. @@ -191,31 +166,7 @@ The host evidence to match to a permission set. Gets a permission set that is safe to grant to an application that has the provided evidence. A permission set that can be used as a grant set for the application that has the provided evidence. - - [!NOTE] -> In the .NET Framework 4, the host evidence in `evidence` must contain evidence. -> -> The following table shows the permission sets that are returned for each zone. - -| Zone | Permission set | -|------------------------------------------------|-----------------| -| | `FullTrust` | -| | `LocalIntranet` | -| | `Internet` | -| | `Internet` | -| | None | -| | None | - - Other evidence, such as or , may be considered. - - The returned permission set can be used by a sandbox to run the application. Note that this method does not specify policy, but helps a host to determine whether the permission set requested by an application is reasonable. This method can be used to map a zone to a sandbox. - - ]]> - + To be added. is . @@ -258,17 +209,7 @@ An output parameter that contains an of granted objects. An output parameter that contains an of granted objects. Gets the granted zone identity and URL identity permission sets for the current assembly. - - for each evidence type. The permission sets returned from the calls identify the permissions granted to the executing assembly based on its zone and URL of origin. - -> [!NOTE] -> This member makes a link demand for the ECMA public key, which is not a valid cryptographic key but a pseudo key. Within the .NET Framework the link demand for the ECMA pseudo key is automatically converted to a link demand for the Microsoft public key. The security exception is based on the Microsoft public key, not the ECMA pseudo key. - - ]]> - + To be added. The request for failed. @@ -316,14 +257,7 @@ Determines whether a permission is granted to the caller. if the permissions granted to the caller include the permission ; otherwise, . - - only tests the grant of the calling code assembly, independent of other callers on the stack. - - ]]> - + To be added. @@ -387,7 +321,7 @@ -or- The code that calls this method does not have . - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + This method uses code access security (CAS) policy, which is obsolete. @@ -481,17 +415,8 @@ Provides an enumerator to access the security policy hierarchy by levels, such as computer policy and user policy. An enumerator for objects that compose the security policy hierarchy. - - objects that represent the policy at the respective (machine, user, enterprise, application domain) level of the hierarchy. These objects are the live policy objects; altering these objects can have unpredictable results. - - Minimum policy hierarchy consists of a machine level, an enterprise level, and a user level. However, the hierarchy can include additional levels. - - ]]> - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. The code that calls this method does not have . @@ -548,15 +473,8 @@ The evidence set used to evaluate policy. Determines what permissions to grant to code based on the specified evidence. The set of permissions that can be granted by the security system. - - - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. @@ -601,15 +519,8 @@ An array of evidence objects used to evaluate policy. Determines what permissions to grant to code based on the specified evidence. The set of permissions that is appropriate for all of the provided evidence. - - objects. The returned permission set represents only those permissions that apply to every evidence in the array. These permissions are either equivalent to, or a subset of the permissions that policy would have granted to each individual evidence. This method behaves as if you were performing an intersection on the results of resolving policy on each of the objects in the array. - - ]]> - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. @@ -663,15 +574,8 @@ An output parameter that contains the set of permissions not granted. Determines what permissions to grant to code based on the specified evidence and requests. The set of permissions that would be granted by the security system. - - - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. Policy fails to grant the minimum required permissions specified by the parameter. @@ -718,17 +622,8 @@ The evidence set against which the policy is evaluated. Gets a collection of code groups matching the specified evidence. An enumeration of the set of code groups matching the evidence. - - - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. @@ -773,15 +668,8 @@ The evidence set used to evaluate policy. Determines which permissions to grant to code based on the specified evidence, excluding the policy for the level. The set of permissions that can be granted by the security system. - - policy. - - ]]> - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + To be added. + This method uses code access security (CAS) policy, which is obsolete. @@ -823,16 +711,8 @@ Saves the modified security policy state. - - , , and other classes that represent configuration of the security policy. Unless this method is called, changes made to the policy objects will not be saved and will not affect subsequent application runs. - - ]]> - - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. - The code that calls this method does not have . + To be added. + This method uses code access security (CAS) policy, which is obsolete. @@ -877,16 +757,9 @@ The policy level object to be saved. Saves a modified security policy level loaded with . - - will be saved to the same location from which it loaded. - - ]]> - + To be added. The code that calls this method does not have . - This method uses code access security (CAS) policy, which is obsolete in the .NET Framework 4. To enable CAS policy for compatibility with earlier versions of the .NET Framework, use the <legacyCasPolicy> element. + This method uses code access security (CAS) policy, which is obsolete. @@ -929,23 +802,7 @@ Gets or sets a value indicating whether security is enabled. if security is enabled; otherwise, . - - provides a way for administrators to disable code access security. When code access security is disabled, all code access demands succeed. Effectively, this grants all code `FullTrust`. Disabling code access security bypasses the security system so that code might perform slightly better than the equivalent security policy granting `FullTrust` to all code. This property does not disable role-based security; therefore, demands are not affected. - -> [!CAUTION] -> Disabling code access security makes the system vulnerable to attacks by malicious code such as viruses and worms. Disabling code access security does not automatically block managed code from running in any way. It only causes managed code to run without restriction by the code access security system, and should only be done with the most extreme caution. Turning off security to gain extra performance should only be done when other security measures have been taken to help protect system security. Examples of other security precautions include disconnecting from public networks, physically securing computers, and so on. - - A change to this property is not persisted in the registry until is called. New processes will not be affected by the change until it is persisted in the registry. Changing the value of this property in a running process does not necessarily change the state in the expected manner. To ensure changes have taken effect, you must call and start a new process. - - ]]> - + To be added. The code that calls this method does not have . diff --git a/xml/System.Security/SecurityRuleSet.xml b/xml/System.Security/SecurityRuleSet.xml index 6d4c25c4503..4122c135820 100644 --- a/xml/System.Security/SecurityRuleSet.xml +++ b/xml/System.Security/SecurityRuleSet.xml @@ -46,11 +46,10 @@ - Security Changes in the .NET Framework Version 4.0 diff --git a/xml/System.Security/SecurityRulesAttribute.xml b/xml/System.Security/SecurityRulesAttribute.xml index 17886646319..48461bc5002 100644 --- a/xml/System.Security/SecurityRulesAttribute.xml +++ b/xml/System.Security/SecurityRulesAttribute.xml @@ -50,17 +50,14 @@ Indicates the set of security rules the common language runtime should enforce for an assembly. - [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. +> Partially trusted code is no longer supported. This attribute has no effect. - This class indicates which set of security rules the common language runtime should enforce for an assembly. For example, an assembly that is marked with `[SecurityRules(SecurityRuleSet.Level1)]` uses the .NET Framework version 2.0 transparency rules, where public security-critical types and members are treated as security-safe-critical outside the assembly. This requires security-critical types and members to perform a link demand for full trust to enforce security-critical behavior when they are accessed by external callers. Typically, level 1 rules should be used only for compatibility, such as for version 2.0 assemblies. For more information about level 1 behavior, see [Security-Transparent Code, Level 1](/dotnet/framework/misc/security-transparent-code-level-1). For information about level 2 behavior, see [Security-Transparent Code, Level 2](/dotnet/framework/misc/security-transparent-code-level-2). - ]]> - Security Changes in the .NET Framework Version 4.0 @@ -100,15 +97,7 @@ One of the enumeration values that specifies the transparency rules set. Initializes a new instance of the class using the specified rule set value. - - for .NET Framework version 2.0 rules or for .NET Framework 4 rules. For more information about behavior, see [Security-Transparent Code, Level 1](/dotnet/framework/misc/security-transparent-code-level-1). For information about behavior, see [Security-Transparent Code, Level 2](/dotnet/framework/misc/security-transparent-code-level-2). - - ]]> - - Security Changes in the .NET Framework Version 4.0 + To be added. @@ -189,17 +178,7 @@ Determines whether fully trusted transparent code should skip Microsoft intermediate language (MSIL) verification. if MSIL verification should be skipped; otherwise, . The default is . - - - + To be added. diff --git a/xml/System.Security/SecuritySafeCriticalAttribute.xml b/xml/System.Security/SecuritySafeCriticalAttribute.xml index 9121890e9ff..a10756ff1ab 100644 --- a/xml/System.Security/SecuritySafeCriticalAttribute.xml +++ b/xml/System.Security/SecuritySafeCriticalAttribute.xml @@ -55,20 +55,13 @@ Identifies types or members as security-critical and safely accessible by transparent code. - [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. +> Partially trusted code is no longer supported. This attribute has no effect in modern .NET. - Types or members that are marked with the attribute can be accessed by partially trusted types and members. These partially trusted types and members can be within any assembly that is marked with the or (APTCA) attribute, or they are partially trusted for other reasons, such as being loaded into partial trust. Code that is marked with the must be subject to a rigorous security audit to ensure that it can be used safely in a secure execution environment. Security-safe-critical code must validate the permissions of callers to determine whether they have authority to access protected resources used by the code. - ]]> - - - Security-Transparent Code, Level 1 - Security-Transparent Code, Level 2 diff --git a/xml/System.Security/SecurityTransparentAttribute.xml b/xml/System.Security/SecurityTransparentAttribute.xml index 3075e78901d..d9dd71ce886 100644 --- a/xml/System.Security/SecurityTransparentAttribute.xml +++ b/xml/System.Security/SecurityTransparentAttribute.xml @@ -55,23 +55,13 @@ Specifies that an assembly cannot cause an elevation of privilege. - [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. +> Partially trusted code is no longer supported. This attribute has no effect. - Transparent assemblies can be accessed from partially trusted code and cannot expose access to any protected resources or functionality. Code in the assembly is not allowed to suppress code access security checks and cannot cause an elevation of privilege. - -> [!NOTE] -> Transparency is enforced by the just-in-time compiler, not by the security infrastructure code. Applying this attribute to an assembly allows the assembly to access only transparent and security-safe-critical types and members regardless of its permission set, including full trust. Transparent code that accesses a security-critical type or member results in a being thrown. - ]]> - - - Security-Transparent Code, Level 1 - Security-Transparent Code, Level 2 diff --git a/xml/System.Security/SecurityTreatAsSafeAttribute.xml b/xml/System.Security/SecurityTreatAsSafeAttribute.xml index cc7c08682b1..0ff7c20d448 100644 --- a/xml/System.Security/SecurityTreatAsSafeAttribute.xml +++ b/xml/System.Security/SecurityTreatAsSafeAttribute.xml @@ -63,14 +63,12 @@ Identifies which of the nonpublic members are accessible by transparent code within the assembly. - [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. +> Partially trusted code is no longer supported. This attribute has no effect. - Types or members marked with the attribute and the attribute can be accessed by types and members within the assembly that are marked with the attribute. - ]]> diff --git a/xml/System.Security/SuppressUnmanagedCodeSecurityAttribute.xml b/xml/System.Security/SuppressUnmanagedCodeSecurityAttribute.xml index 05a1cc7f2dc..b129f391ee3 100644 --- a/xml/System.Security/SuppressUnmanagedCodeSecurityAttribute.xml +++ b/xml/System.Security/SuppressUnmanagedCodeSecurityAttribute.xml @@ -52,28 +52,14 @@ Allows managed code to call into unmanaged code without a stack walk. This class cannot be inherited. - [!IMPORTANT] -> Partially trusted code is no longer supported. This attribute has no effect in .NET Core. - -> [!CAUTION] -> Use this attribute with extreme care. Incorrect use can create security weaknesses. - - This attribute can be applied to methods that want to call into native code without incurring the performance loss of a run-time security check when doing so. The stack walk performed when calling unmanaged code is omitted at run time, resulting in substantial performance savings. Using this attribute in a class applies it to all contained methods. - - Generally, whenever managed code calls into unmanaged code (by PInvoke or COM interop into native code), there is a demand for the `UnmanagedCode` permission to ensure all callers have the necessary permission to allow this. By applying this explicit attribute, developers can suppress the demand at run time. The developer must take responsibility for assuring that the transition into unmanaged code is sufficiently protected by other means. The demand for the `UnmanagedCode` permission will still occur at link time. For example, if function A calls function B and function B is marked with , function A will be checked for unmanaged code permission during just-in-time compilation, but not subsequently during run time. - - This attribute is only effective when applied to PInvoke methods (or classes that contain PInvoke methods) or the definition of an interface through which interop calls will be made. It will be ignored in all other contexts. - - This attribute is useful for implementing a class that provides access to system resources through unmanaged code. Code that does not have permission to access unmanaged code can call a class with this attribute to access unmanaged code. This is only safe if the writer of the class with this attribute has programmed the class to be secure. If not, this attribute is dangerous and can allow the code that uses it to be misused. - - This is not a declarative security attribute, but a regular attribute (it derives from , not ). - +> Partially trusted code is no longer supported. This attribute has no effect. + ]]> - Extending Metadata Using Attributes @@ -111,14 +97,7 @@ Initializes a new instance of the class. - - - + To be added.