From 1cc9e3160ae560de1a9657e886410572c791124d Mon Sep 17 00:00:00 2001 From: Genevieve Warren <24882762+gewarren@users.noreply.github.com> Date: Fri, 29 May 2026 14:36:26 -0700 Subject: [PATCH 1/2] Remove .NET Framework remarks --- .../EventWaitHandleAccessRule.xml | 2 +- .../EventWaitHandleAuditRule.xml | 2 +- .../FileSecurity.xml | 32 +++-- .../FileSystemSecurity.xml | 72 +++++------ .../MutexAccessRule.xml | 2 +- .../MutexAuditRule.xml | 2 +- .../RegistryAccessRule.xml | 114 +++++++++--------- .../RegistryAuditRule.xml | 74 ++++++------ .../SemaphoreAccessRule.xml | 2 +- .../SemaphoreAuditRule.xml | 2 +- xml/System.Security.Claims/Claim.xml | 4 +- xml/System.Security.Claims/ClaimsIdentity.xml | 7 +- .../ClaimsPrincipal.xml | 12 +- .../PrincipalPolicy.xml | 11 +- .../WindowsIdentity.xml | 4 +- .../WindowsPrincipal.xml | 30 +++-- .../ContentGrant.xml | 9 +- .../ContentUser.xml | 5 - .../CryptoProvider.xml | 4 - .../PublishLicense.xml | 12 +- .../SecureEnvironment.xml | 5 - .../UnsignedPublishLicense.xml | 8 +- .../UseLicense.xml | 5 - 23 files changed, 174 insertions(+), 246 deletions(-) diff --git a/xml/System.Security.AccessControl/EventWaitHandleAccessRule.xml b/xml/System.Security.AccessControl/EventWaitHandleAccessRule.xml index 2748bd0ea1e..2dbd9b0fae2 100644 --- a/xml/System.Security.AccessControl/EventWaitHandleAccessRule.xml +++ b/xml/System.Security.AccessControl/EventWaitHandleAccessRule.xml @@ -52,7 +52,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system events. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system events. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system events. If an object represents a local event, access control is irrelevant. diff --git a/xml/System.Security.AccessControl/EventWaitHandleAuditRule.xml b/xml/System.Security.AccessControl/EventWaitHandleAuditRule.xml index 5a0f883ca2a..f8f22f47047 100644 --- a/xml/System.Security.AccessControl/EventWaitHandleAuditRule.xml +++ b/xml/System.Security.AccessControl/EventWaitHandleAuditRule.xml @@ -48,7 +48,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system events. For an overview of these classes and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system events. For an overview of these classes and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system events. If an object represents a local event, access control is irrelevant. diff --git a/xml/System.Security.AccessControl/FileSecurity.xml b/xml/System.Security.AccessControl/FileSecurity.xml index e9aca5cb22f..d3ca219186d 100644 --- a/xml/System.Security.AccessControl/FileSecurity.xml +++ b/xml/System.Security.AccessControl/FileSecurity.xml @@ -50,12 +50,10 @@ The class hides many of the de Use the class to retrieve, add, or change the access rules that represent the DACL and SACL of a file. -Use the following .NET implementation-dependent methods to add or retrieve the access or audit rules from a file: +Use the following methods to add or retrieve the access or audit rules from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | + - +- ## Examples @@ -180,18 +178,18 @@ You can add access or audit rules to the The specified path, file name, or both exceed the system-defined maximum length. The current system account does not have administrative privileges. The file could not be found. - The parameter specified a file that is read-only. - - -or- - - This operation is not supported on the current platform. - - -or- - - The parameter specified a directory. - - -or- - + The parameter specified a file that is read-only. + + -or- + + This operation is not supported on the current platform. + + -or- + + The parameter specified a directory. + + -or- + The caller does not have the required permission. diff --git a/xml/System.Security.AccessControl/FileSystemSecurity.xml b/xml/System.Security.AccessControl/FileSystemSecurity.xml index 9aabd336c0d..66986ff82b0 100644 --- a/xml/System.Security.AccessControl/FileSystemSecurity.xml +++ b/xml/System.Security.AccessControl/FileSystemSecurity.xml @@ -53,12 +53,10 @@ The class hides many of details of DACLs and SACLs; you do not have to worry about ACE ordering or null DACLS. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- ## Examples The following code example uses the class to add and then remove an access control list (ACL) entry from a file. You must supply a valid user or group account to run this example. @@ -172,10 +170,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ]]> The , , , or parameters specify an invalid value. - The parameter is . - - -or- - + The parameter is . + + -or- + The parameter is zero. The parameter is neither of type , nor of a type such as that can be converted to type . @@ -267,12 +265,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i If an access control list (ACL) already exists for the specified rule, the method will still add the rule, with one exception: a object created using the enumeration value supersedes an object created using the enumeration value. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- When you add an access rule without setting the flag, the flag will be automatically added to your rule. If you remove the rule later without specifying the flag, the flag will automatically be removed. @@ -403,10 +399,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ]]> The , , , or properties specify an invalid value. - The property is . - - -or- - + The property is . + + -or- + The property is zero. The property is neither of type , nor of a type such as that can be converted to type . @@ -498,12 +494,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ## Remarks The method removes either all matching access rules or all matching access rules from the current object. For example, you can use this method to remove all access rules for a user by passing a object created using the value, the value, and a user account. When you do this, the method removes any deny rules that specify the value or the value. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- When you add an access rule without setting the flag, the flag will be automatically added to your rule. If you remove the rule later without specifying the flag, the flag will automatically be removed. @@ -560,12 +554,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ## Remarks The method removes all access control list (ACL) permissions for the specified user. The method ignores all values in the object except the user account. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- When you add an access rule without setting the flag, the flag will be automatically added to your rule. If you remove the rule later without specifying the flag, the flag will automatically be removed. @@ -616,12 +608,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ## Remarks The method removes the specified access rule or the specified matching access rule from the current object. For example, you can use this method to remove a specified access rule for a user by passing a object created using the value, the value, and a user account. When you do this, the method removes only the deny rule that specifies the value. It does not remove any deny rules that specify the value. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- When you add an access rule without setting the flag, the flag will be automatically added to your rule. If you remove the rule later without specifying the flag, the flag will automatically be removed. @@ -823,12 +813,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ## Remarks The method adds the specified access control list (ACL) rule or overwrites any identical ACL rules that match the `rule` parameter. For example, if the `rule` parameter specifies a value and the method finds an identical ACL rule that specifies the value, the identical rule will be overwritten. If the method finds an identical ACL rule that specifies the value, the identical rule will also be overwritten. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- ]]> @@ -877,12 +865,10 @@ Use the following .NET implementation-dependent methods to add or retrieve ACL i ## Remarks The method adds the specified access control list (ACL) rule or overwrites any identical ACL rules that match the value of the `rule` parameter. For example, if the `rule` parameter specifies a value and the method finds an identical ACL rule that specifies the value, the identical rule will be overwritten. If the method finds an identical ACL rule that specifies the value, the identical rule will not be overwritten. -Use the following .NET implementation-dependent methods to add or retrieve ACL information from a file: +Use the following methods to add or retrieve ACL information from a file: -| .NET implementation | Add rules | Retrieve rules | -|---------------------|-----------|-----------------| -| .NET | | | -| .NET Framework | | | +- +- ]]> diff --git a/xml/System.Security.AccessControl/MutexAccessRule.xml b/xml/System.Security.AccessControl/MutexAccessRule.xml index 08db3bef49b..b7d31496e9f 100644 --- a/xml/System.Security.AccessControl/MutexAccessRule.xml +++ b/xml/System.Security.AccessControl/MutexAccessRule.xml @@ -52,7 +52,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system mutexes. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system mutexes. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system mutexes. If a object represents a local mutex, access control is irrelevant. diff --git a/xml/System.Security.AccessControl/MutexAuditRule.xml b/xml/System.Security.AccessControl/MutexAuditRule.xml index a245da4090a..63ea9203cfe 100644 --- a/xml/System.Security.AccessControl/MutexAuditRule.xml +++ b/xml/System.Security.AccessControl/MutexAuditRule.xml @@ -48,7 +48,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system mutexes. For an overview of these classes and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system mutexes. For an overview of these classes and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system mutexes. If a object represents a local mutex, access control is irrelevant. diff --git a/xml/System.Security.AccessControl/RegistryAccessRule.xml b/xml/System.Security.AccessControl/RegistryAccessRule.xml index e81757fbb0b..91270498ce5 100644 --- a/xml/System.Security.AccessControl/RegistryAccessRule.xml +++ b/xml/System.Security.AccessControl/RegistryAccessRule.xml @@ -62,7 +62,7 @@ class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on registry keys. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key. @@ -155,16 +155,16 @@ ]]> - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + specifies an invalid value. - is . - - -or- - + is . + + -or- + is zero. is neither of type nor of a type such as that can be converted to type . @@ -229,22 +229,22 @@ ]]> - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + specifies an invalid value. is zero. - is . - - -or- - - is a zero-length string. - - -or- - + is . + + -or- + + is a zero-length string. + + -or- + is longer than 512 characters. @@ -315,24 +315,24 @@ ]]> - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + specifies an invalid value. - is . - - -or- - + is . + + -or- + is zero. is neither of type , nor of a type such as that can be converted to type . @@ -417,30 +417,30 @@ ]]> - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + specifies an invalid value. is zero. - is . - - -or- - - is a zero-length string. - - -or- - + is . + + -or- + + is a zero-length string. + + -or- + is longer than 512 characters. diff --git a/xml/System.Security.AccessControl/RegistryAuditRule.xml b/xml/System.Security.AccessControl/RegistryAuditRule.xml index 7afaebf4ce6..4715689eabf 100644 --- a/xml/System.Security.AccessControl/RegistryAuditRule.xml +++ b/xml/System.Security.AccessControl/RegistryAuditRule.xml @@ -62,7 +62,7 @@ class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key. @@ -161,24 +161,24 @@ ]]> - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + specifies an invalid value. - is . - - -or- - + is . + + -or- + is zero. is neither of type nor of a type such as that can be converted to type . @@ -253,30 +253,30 @@ ]]> - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - - specifies an invalid value. - - -or- - + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + + specifies an invalid value. + + -or- + specifies an invalid value. is zero. - is . - - -or- - - is a zero-length string. - - -or- - + is . + + -or- + + is a zero-length string. + + -or- + is longer than 512 characters. diff --git a/xml/System.Security.AccessControl/SemaphoreAccessRule.xml b/xml/System.Security.AccessControl/SemaphoreAccessRule.xml index e4bb982f84e..06f249550c0 100644 --- a/xml/System.Security.AccessControl/SemaphoreAccessRule.xml +++ b/xml/System.Security.AccessControl/SemaphoreAccessRule.xml @@ -52,7 +52,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system semaphores. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system semaphores. For an overview of these classes, and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system semaphores. If a object represents a local semaphore, access control is irrelevant. diff --git a/xml/System.Security.AccessControl/SemaphoreAuditRule.xml b/xml/System.Security.AccessControl/SemaphoreAuditRule.xml index a23b9cc9091..e17f81c13cd 100644 --- a/xml/System.Security.AccessControl/SemaphoreAuditRule.xml +++ b/xml/System.Security.AccessControl/SemaphoreAuditRule.xml @@ -48,7 +48,7 @@ > [!NOTE] > This type is only supported on Windows. - The class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system semaphores. For an overview of these classes and their relationship to the underlying Windows access control structures, see . + The class is one of a set of classes that .NET provides for managing Windows access control security on named system semaphores. For an overview of these classes and their relationship to the underlying Windows access control structures, see . > [!NOTE] > Windows access control security is meaningful only for named system semaphores. If a object represents a local semaphore, access control is irrelevant. diff --git a/xml/System.Security.Claims/Claim.xml b/xml/System.Security.Claims/Claim.xml index c1877e3792c..1d25eb2c95d 100644 --- a/xml/System.Security.Claims/Claim.xml +++ b/xml/System.Security.Claims/Claim.xml @@ -57,7 +57,7 @@ ## Remarks A claim is a statement about a subject by an issuer. Claims represent attributes of the subject that are useful in the context of authentication and authorization operations. Subjects and issuers are both entities that are part of an identity scenario. Some typical examples of a subject are: a user, an application or service, a device, or a computer. Some typical examples of an issuer are: the operating system, an application, a service, a role provider, an identity provider, or a federation provider. An issuer delivers claims by issuing security tokens, typically through a Security Token Service (STS). On occasion, the collection of claims received from an issuer can be extended by subject attributes stored directly at the resource. A claim can be evaluated to determine access rights to data and other secured resources during the process of authorization and can also be used to make or express authentication decisions about a subject. - Beginning with .NET Framework 4.5, the Windows Identity Foundation (WIF) classes, which implement claims-based identity, have been fully integrated into .NET Framework. The claims concept is implemented by the class. +The Windows Identity Foundation (WIF) classes, which implement claims-based identity, have been fully integrated into .NET. The claims concept is implemented by the class. The following describes important properties of the class: @@ -73,8 +73,6 @@ - The property contains the name of the entity that originally issued the claim. This property is designed to facilitate scenarios where a claim may pass through multiple issuers before it is presented by the client to the RP application; such as federation scenarios. You can examine the property to determine the entity that originally issued the claim. The name is taken from the list of well-known issuers maintained by the issuer name registry, as in the case of the property. - - ## Examples The following example extracts the claims associated to the authenticated user performing an HTTP request and writes them in the HTTP response. The current user is read from the as a and the claims are read from it. The claims are then written to the object. diff --git a/xml/System.Security.Claims/ClaimsIdentity.xml b/xml/System.Security.Claims/ClaimsIdentity.xml index 7e1050a6e08..545d02bf657 100644 --- a/xml/System.Security.Claims/ClaimsIdentity.xml +++ b/xml/System.Security.Claims/ClaimsIdentity.xml @@ -61,14 +61,11 @@ ## Remarks The class is a concrete implementation of a claims-based identity; that is, an identity described by a collection of claims. A claim is a statement about an entity made by an issuer that describes a property, right, or some other quality of that entity. Such an entity is said to be the subject of the claim. A claim is represented by the class. The claims contained in a describe the entity that the corresponding identity represents, and can be used to make authorization and authentication decisions. A claims-based access model has many advantages over more traditional access models that rely exclusively on roles. For example, claims can provide much richer information about the identity they represent and can be evaluated for authorization or authentication in a far more specific manner. - Beginning with .NET Framework 4.5, Windows Identity Foundation (WIF) and claims-based identity have been fully integrated into the .NET Framework. This means that many classes that represent an identity in the .NET Framework now derive from and describe their properties through a collection of claims. This is different from previous versions of the .NET Framework, in which, these classes implemented the interface directly. The collection of claims that describe the identity can be accessed through the property. The class provides several methods for finding and modifying claims and fully supports language integrated queries (LINQ). In application code, objects are typically accessed through objects; for example, the principal returned by . +Windows Identity Foundation (WIF) and claims-based identity have been fully integrated into .NET. The collection of claims that describe the identity can be accessed through the property. The class provides several methods for finding and modifying claims and fully supports language integrated queries (LINQ). In application code, objects are typically accessed through objects; for example, the principal returned by . > [!NOTE] > The class has a property as well. In the majority of cases you should access the user's claims through the collection rather than through the collection. You will need to access the claims of an individual only in the cases where the principal contains more than one and you need to evaluate or modify a specific identity. -> [!IMPORTANT] -> To add or remove claims from the collection, a caller must have full trust. - In the claims-based model, the property and the method are implemented by evaluating the claims contained by an identity. The base implementations in the claims-based model are provided by the property and the method. The and properties enable you to specify a claim type that should be used to evaluate the claims contained by the identity when performing these operations. Delegation scenarios are supported through the and properties. @@ -1323,8 +1320,6 @@ ## Remarks The underlying object is an instance of the class. - Set the `saveBootstrapContext` attribute on either the [<identityConfiguration>](/dotnet/framework/configure-apps/file-schema/windows-identity-foundation/identityconfiguration) or the [<securityTokenHandlerConfiguration>](/dotnet/framework/configure-apps/file-schema/windows-identity-foundation/securitytokenhandlerconfiguration) element in a configuration file to specify whether the token used to generate the should be preserved in the property. - If the property is not `null`, applications can access the original token and the claims it produced through the properties and methods of the class. ]]> diff --git a/xml/System.Security.Claims/ClaimsPrincipal.xml b/xml/System.Security.Claims/ClaimsPrincipal.xml index 2c90f51febd..c24748a4377 100644 --- a/xml/System.Security.Claims/ClaimsPrincipal.xml +++ b/xml/System.Security.Claims/ClaimsPrincipal.xml @@ -59,11 +59,12 @@ rather than simply implementing the interface. In addition to implementing the interface, exposes properties and methods that are useful for working with claims. + +Many classes that represent a principal in .NET derive from rather than simply implementing the interface. In addition to implementing the interface, exposes properties and methods that are useful for working with claims. exposes a collection of identities, each of which is a . In the common case, this collection, which is accessed through the property, will only have a single element. - The introduction of in .NET 4.5 as the principal from which most principal classes derive does not force you to change anything in the way in which you deal with identity. It does, however open up more possibilities and offer more chances to exercise finer access control. For example: + offers chances to exercise finer access control. For example: - The application code itself can work directly with the claims contained in the current principal to drive extra authentication, authorization, and personalization tasks. @@ -71,13 +72,8 @@ - You can configure a web-based application with a custom claims authorization manager, an instance of a class that derives from the class. When so configured, the request processing pipeline packages the incoming in an and invokes the method on your claims authorization manager. Your claims authorization manager can then enforce authorization based on the incoming claims. -- Inline claims-based code access checks can be performed by configuring your application with a custom claims authorization manager and using either the class to perform imperative access checks or the to perform declarative access checks. Claims-based code access checks are performed inline, outside of the processing pipeline, and so are available to all applications as long as a claims authorization manager is configured. - You can obtain a instance for the principal associated with a request, or the principal under which a thread is executing, in a [relying party (RP) application](/archive/msdn-magazine/2010/august/federated-identity-passive-authentication-for-asp-net-with-wif) by casting the property to . The claims associated with an object are available through its property. The property returns all of the claims contained by the identities associated with the principal. In the uncommon case in which the contains multiple instances, you can use the property or you can access the primary identity by using the property. provides several methods through which these claims may be searched and fully supports Language Integrated Query (LINQ). Identities can be added to the principal by using the or methods. -> [!NOTE] -> To add identities to the , a caller must have full trust. - By default, WIF prioritizes objects when selecting the primary identity to return through the property. You can modify this behavior by supplying a delegate through the property to perform the selection. The property provides similar functionality for the property. In the claim-based model, whether a principal is in a specified role is determined by the claims presented by its underlying identities. The method essentially examines each identity associated with the principal to determine whether it possesses a claim with the specified role value. The type of the claim (represented by its property) used to determine which claims should be examined during role checks is specified on an identity through its property. Thus, the claims examined during role checks can be of a different type for different identities associated with the principal. @@ -1365,7 +1361,7 @@ Each is called. when returning the identity. The first found in the collection is returned. If there is no in the collection, the first identity assignable from is returned. If there is no , `null` is returned. If the collection is empty, an is thrown. + By default, .NET prioritizes identities of type when returning the identity. The first found in the collection is returned. If there is no in the collection, the first identity assignable from is returned. If there is no , `null` is returned. If the collection is empty, an is thrown. You can change the default behavior by setting the property to specify a delegate to be called to determine the identity. diff --git a/xml/System.Security.Principal/PrincipalPolicy.xml b/xml/System.Security.Principal/PrincipalPolicy.xml index bf9f0915bc6..5085aa650e9 100644 --- a/xml/System.Security.Principal/PrincipalPolicy.xml +++ b/xml/System.Security.Principal/PrincipalPolicy.xml @@ -54,16 +54,7 @@ Specifies how principal and identity objects should be created for an application domain. The default is . - - method of an . - - ]]> - + For performance reasons, the default principal and identity objects are not created until they are needed. If a principal is explicitly added to the current thread, a default principal is not created and the principal policy setting is ignored. diff --git a/xml/System.Security.Principal/WindowsIdentity.xml b/xml/System.Security.Principal/WindowsIdentity.xml index 411d154e55e..209f5b226af 100644 --- a/xml/System.Security.Principal/WindowsIdentity.xml +++ b/xml/System.Security.Principal/WindowsIdentity.xml @@ -1959,9 +1959,7 @@ public class ImpersonationDemo Do not explicitly release the account token that is returned by the property. The token is released by the method, which you can call in code. is also automatically called by the garbage collector. > [!NOTE] -> The account token that is returned by the property is a duplicate of the Windows token that is used to create the object and is automatically released by the .NET Framework. This is different from the account token (the `userToken` parameter for the constructor), which is used to create the object. `userToken` is a Windows account token that is created by a call to `LogonUser` and must be closed to avoid a memory leak. - - +> The account token that is returned by the property is a duplicate of the Windows token that is used to create the object and is automatically released by .NET. This is different from the account token (the `userToken` parameter for the constructor), which is used to create the object. `userToken` is a Windows account token that is created by a call to `LogonUser` and must be closed to avoid a memory leak. ## Examples The following code shows the use of the property to get the Windows account token for the user. This code example is part of a larger example provided for the class. diff --git a/xml/System.Security.Principal/WindowsPrincipal.xml b/xml/System.Security.Principal/WindowsPrincipal.xml index 5f5b72c9f7d..9523a6dca51 100644 --- a/xml/System.Security.Principal/WindowsPrincipal.xml +++ b/xml/System.Security.Principal/WindowsPrincipal.xml @@ -462,32 +462,30 @@ For performance reasons, the overload is recommended as the preferable overload for determining the user's role. > [!NOTE] -> In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator. +> In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator. For built-in roles, the `role` string should be in the form "BUILTIN\\*RoleNameHere*". For example, to test for membership in the Windows administrator role, the string representing the role should be "BUILTIN\Administrators". Note that the backslash might need to be escaped. The following table lists the built-in roles. > [!NOTE] -> The spelling for the BUILTIN roles in string format differs from the spelling used in the enumeration. For example, the spelling for an administrator in the enumeration is "Administrator", not "Administrators". When using this overload, use the spelling for the role from the following table. - -|Built-in local groups| -|----------------------------| -|BUILTIN\Administrators| -|BUILTIN\Users| -|BUILTIN\Guests| -|BUILTIN\Account Operators| -|BUILTIN\Server Operators| -|BUILTIN\Print Operators| -|BUILTIN\Backup Operators| -|BUILTIN\Replicator| +> The spelling for the BUILTIN roles in string format differs from the spelling used in the enumeration. For example, the spelling for an administrator in the enumeration is "Administrator", not "Administrators". When using this overload, use the spelling for the role from the following table. + +| Built-in local groups | +|---------------------------| +| BUILTIN\Administrators | +| BUILTIN\Users | +| BUILTIN\Guests | +| BUILTIN\Account Operators | +| BUILTIN\Server Operators | +| BUILTIN\Print Operators | +| BUILTIN\Backup Operators | +| BUILTIN\Replicator | For machine-specific roles, the `role` string should be in the form "MachineName\\*RoleNameHere*". For domain-specific roles, the `role` string should be in the form "DomainName\\*RoleNameHere*"; for example, `"SomeDomain\Domain Users`". > [!NOTE] -> In the .NET Framework version 1.0, the `role` parameter is case-sensitive. In the .NET Framework version 1.1 and later, the `role` parameter is case-insensitive. - - +> The `role` parameter is case-insensitive. ## Examples The following code example demonstrates the use of the method. diff --git a/xml/System.Security.RightsManagement/ContentGrant.xml b/xml/System.Security.RightsManagement/ContentGrant.xml index 919b1c23291..ebe65782d15 100644 --- a/xml/System.Security.RightsManagement/ContentGrant.xml +++ b/xml/System.Security.RightsManagement/ContentGrant.xml @@ -23,14 +23,7 @@ Represents a right granted to a user to access information in a rights managed document. - - types, is only usable in full trust applications. - - ]]> - + To be added. diff --git a/xml/System.Security.RightsManagement/ContentUser.xml b/xml/System.Security.RightsManagement/ContentUser.xml index 24f25b7c70b..0497d9faf1b 100644 --- a/xml/System.Security.RightsManagement/ContentUser.xml +++ b/xml/System.Security.RightsManagement/ContentUser.xml @@ -26,11 +26,6 @@ types, is only usable in full trust applications. - - - ## Examples The following example shows how to use property to assign a variable of this type. diff --git a/xml/System.Security.RightsManagement/CryptoProvider.xml b/xml/System.Security.RightsManagement/CryptoProvider.xml index 5524d89a6c0..74c8c96fa16 100644 --- a/xml/System.Security.RightsManagement/CryptoProvider.xml +++ b/xml/System.Security.RightsManagement/CryptoProvider.xml @@ -33,10 +33,6 @@ ## Remarks is created as a result of the method when binding a rights managed to a . - As with other types, is only usable in full trust applications. - - - ## Examples The following example shows how to use the class to create an . diff --git a/xml/System.Security.RightsManagement/PublishLicense.xml b/xml/System.Security.RightsManagement/PublishLicense.xml index de0aa29f622..2909d164659 100644 --- a/xml/System.Security.RightsManagement/PublishLicense.xml +++ b/xml/System.Security.RightsManagement/PublishLicense.xml @@ -27,13 +27,9 @@ defines security data about rights, users, and other security-related information. The license defines how a specific user on a specific computer can use specified rights managed content. - - The publishing process begins with the document author, who defines rights information in an . Next, the author creates a signed by calling the method of the . The serialized form of the signed can then be provided to end users who can use it to acquire a by calling the method of the . The returned then allows the client application to exercise the rights that were granted to the user. - - As with other types, is only usable in full trust applications. - + defines security data about rights, users, and other security-related information. The license defines how a specific user on a specific computer can use specified rights managed content. + The publishing process begins with the document author, who defines rights information in an . Next, the author creates a signed by calling the method of the . The serialized form of the signed can then be provided to end users who can use it to acquire a by calling the method of the . The returned then allows the client application to exercise the rights that were granted to the user. ## Examples The following example shows how to initialize a by using the method. @@ -263,7 +259,7 @@ property is not encrypted and can be accessed even when the user does not yet have a . The returned string permits users to contact the publisher to request a . + The string returned by the property is not encrypted and can be accessed even when the user does not yet have a . The returned string permits users to contact the publisher to request a . ]]> @@ -299,7 +295,7 @@ property is not encrypted and can be accessed even when the user does not yet have a . The returned string permits users to contact the publisher to request a . + The string returned by the property is not encrypted and can be accessed even when the user does not yet have a . The returned string permits users to contact the publisher to request a . ]]> diff --git a/xml/System.Security.RightsManagement/SecureEnvironment.xml b/xml/System.Security.RightsManagement/SecureEnvironment.xml index 8579f407f2b..d96b0d342fb 100644 --- a/xml/System.Security.RightsManagement/SecureEnvironment.xml +++ b/xml/System.Security.RightsManagement/SecureEnvironment.xml @@ -30,11 +30,6 @@ types, is only usable in full trust applications. - - - ## Examples The following example shows use of the class diff --git a/xml/System.Security.RightsManagement/UnsignedPublishLicense.xml b/xml/System.Security.RightsManagement/UnsignedPublishLicense.xml index 20bbf7d4627..1bbf5dcbb5c 100644 --- a/xml/System.Security.RightsManagement/UnsignedPublishLicense.xml +++ b/xml/System.Security.RightsManagement/UnsignedPublishLicense.xml @@ -27,14 +27,12 @@ defines security data about rights, users, and other security-related information. The license defines how a specific user on a specific computer can use specified rights-managed content. + defines security data about rights, users, and other security-related information. The license defines how a specific user on a specific computer can use specified rights-managed content. - The publishing process begins with the document author, who defines rights information in an . Next, the authoring application calls the . method to create a signed . The signed can then be provided to the end-user client application which can call to request an end-user . The returned then allows the client application to exercise the rights that are granted to the user. + The publishing process begins with the document author, who defines rights information in an . Next, the authoring application calls the . method to create a signed . The signed can then be provided to the end-user client application which can call to request an end-user . The returned then allows the client application to exercise the rights that are granted to the user. The document author can use the class either to create a signed , or to build and serialize a template. - As with other types, is only usable in full trust applications. - ]]> @@ -108,7 +106,7 @@ ` or `` elements are ignored when the is created by the (String) constructor. To specify these values for the publish license, the properties for and must be explicitly set. The following example shows how to explicitly set the and properties. + The `publishLicenseTemplate` XrML `` or `` elements are ignored when the is created by the (String) constructor. To specify these values for the publish license, the properties for and must be explicitly set. The following example shows how to explicitly set the and properties. :::code language="csharp" source="~/snippets/csharp/System.Security.RightsManagement/UnsignedPublishLicense/.ctor/Window1.xaml.cs" id="Snippetrmpkgpubgrants"::: :::code language="vb" source="~/snippets/visualbasic/System.Security.RightsManagement/UnsignedPublishLicense/.ctor/window1.xaml.vb" id="Snippetrmpkgpubgrants"::: diff --git a/xml/System.Security.RightsManagement/UseLicense.xml b/xml/System.Security.RightsManagement/UseLicense.xml index 6721f1c079c..cf00863e2c9 100644 --- a/xml/System.Security.RightsManagement/UseLicense.xml +++ b/xml/System.Security.RightsManagement/UseLicense.xml @@ -26,11 +26,6 @@ types, is only usable in full trust applications. - - - ## Examples The following example shows how to use this class to initialize a . From 4ef5de2db7425a1b3450400fc35d986588650dab Mon Sep 17 00:00:00 2001 From: Genevieve Warren <24882762+gewarren@users.noreply.github.com> Date: Fri, 29 May 2026 15:10:10 -0700 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- xml/System.Security.AccessControl/FileSecurity.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml/System.Security.AccessControl/FileSecurity.xml b/xml/System.Security.AccessControl/FileSecurity.xml index d3ca219186d..ceb528b30f4 100644 --- a/xml/System.Security.AccessControl/FileSecurity.xml +++ b/xml/System.Security.AccessControl/FileSecurity.xml @@ -52,7 +52,7 @@ Use the class to retrieve, add Use the following methods to add or retrieve the access or audit rules from a file: - - +- - ## Examples