VB.NET PermissionSet Class

The PermissionSet class represents a collection of different permissions and supports the methods that use and modify those permissions. You can add, remove, assert, deny, and copy permissions. 

The example given below uses the PermissionSet class to obtain the permissions necessary to gain full access to a file and to read a TEMP environment variable. Before changing the permissions of a file, the file will have a default permission set. 

The Deny method of the PermissionSet prevents callers from accessing the protected resource even if they have been granted permission to access it. The PermitOnly method of the PermissionSet ensures that only the resources specified by this permission object can be accessed, even if the code has been granted permission to other resources. FileIOPermissionAccess specifies the actions that can be performed on the file or folder. The EnvironmentPermission class instance, added to the PermissionSet in given below example, manages access to user and system environment variables by granting permissions on how a user queries and modifies user and system environment variables. 

Example of PermissionSet Sample1

    Imports System
    Imports System.IO
    Imports System.Security.Permissions
    Imports System.Security
    Imports System.IO.FileStream

    Public Class TestClass
        Shared Sub Main()
            ' Try to access resources using the permissions
            ' currently available.
            AttemptAccess("Default permissions")
            ' Create a permission set that allows read access to 
            'the TEMP
            ' environment variable and read, write, and append
            ' access to C:\myfile.txt
            Dim ps As New PermissionSet(PermissionState.None)
            ps.AddPermission(New EnvironmentPermission(EnvironmentPermissionAccess.Read,"TEMP"))
            ps.AddPermission(New FileIOPermission(FileIOPermissionAccess.Read OrFileIOPermissionAccess.Write Or FileIOPermissionAccess.Append, "c:\a.txt"))
            ' test if we can access the resource contained in ps
            ps.Assert()
            ' Try to access resources using the permissions we've
            ' just asserted.
            AttemptAccess("Assert permissions.")
            ' Remove this stack frame's Assert
            CodeAccessPermission.RevertAssert()
            ' Deny access to the resources we specify
            ps.Deny()
            ' Try to access resources using the permissions we've
            ' just denied.
            AttemptAccess("Deny permissions.")
            ' Remove this stack frame's Deny so we're back to
            ' default permissions.
            CodeAccessPermission.RevertDeny()
            ' Make the permissions indicate the only things that
            ' we're allowed to do.
            ps.PermitOnly()
            ' Try to access resources using only the permissions
            ' we've just permitted.
            AttemptAccess("PermitOnly permissions.")
            ' Remove this stack frame's PermitOnly so we're back
            ' to default permissions.
            CodeAccessPermission.RevertPermitOnly()
            ' Remove the FileIOPermissions from the permission set
            ps.RemovePermission(GetType(FileIOPermission))
            ' Try to access resources using only the Environment
            ' permissions.
            ps.PermitOnly()
            AttemptAccess("PermitOnly without FileIOPermission permissions.")
            ' Remove this stack frame's PermitOnly so we're back
            ' to default permissions.
            CodeAccessPermission.RevertPermitOnly()
            ' Remove the EnvironmentPermission from the permission
            ' set
            ps.RemovePermission(GetType(EnvironmentPermission))
            ' Try to access resources using no permissions.
            ps.PermitOnly()
            AttemptAccess("PermitOnly without any permissions")
            ' Remove this stack frame's PermitOnly so we're back
            ' to default permissions.
            CodeAccessPermission.RevertPermitOnly()
            Console.ReadLine()
        End Sub

        Public Shared Sub AttemptAccess(ByVal strMsg As [String])
            Console.WriteLine(strMsg)
            Dim fs As FileStream = Nothing
            Dim env As [String] = Nothing
            ' Try to access a file
            Try
                fs = New FileStream("SomeFile", FileMode.OpenOrCreate)
                ' ignore catch
            Catch generatedExceptionName As Exception
            End Try
            ' Try to read an environment variable
            Try
                env = Environment.GetEnvironmentVariable("TEMP")
                ' ignore catch
            Catch generatedExceptionName As Exception
            End Try
            ' Display what we sucessfully did and what we failed.
            Console.WriteLine("test results: ")
        End Sub
    End Class

The next example first denies permissions to the permission set it has created. Then it uses the RevertDeny method to allow access again.

Example of PermissionSet Sample2, RevertDeny 

    Imports System.Security
    ' RevertDeny
        Public Interface anyinterface
            Sub anyfunction(ByVal ch1 As Char)
        End Interface

        Public Class [myclass]
        Inherits anyinterface
            Private ps As New PermissionSet(PermissionState.None)
            ps.AddPermission(New FileIOPermission(FileIOPermissionAccess.AllAccess, "c:\dir1"))
            ps.AddPermission(New FileIOPermission(FileIOPermissionAccess.AllAccess, "c:\dir2"))
            ps.AddPermission(New EnvironmentPermission(PermissionState.Unrestricted))' deny the permissions we just created
            ps.Deny()
            anyfunction("a" C)
            ' revoke denial of the permissions just created
            CodeAccessPermission.RevertDeny()
        End Class

Conclusion

Hope this article would have helped you in understanding PermissionSet Class in VB.NET.