System.Security.CodeAccessPermission.Deny Method

Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.


public void Deny ()



The CodeAccessPermission.Deny method should be used only to protect resources from accidental access by fully trusted code. It should not be used to protect resources from intentional misuse by untrusted code. For example, if method A issues a CodeAccessPermission.Deny for a permission and then calls method B, method B can overtly override the CodeAccessPermission.Deny by issuing an CodeAccessPermission.Assert. The called method is always higher in the stack. Therefore, if method B tries to access a protected resource, the security system begins checking for permissions with it because method B is the immediate caller, and then walks down the stack to confirm that there is no CodeAccessPermission.Deny or CodeAccessPermission.PermitOnly lower in the stack. Method B, which is trying to access the resource, can stop the stack walk immediately by using the CodeAccessPermission.Assert method. In that case, the CodeAccessPermission.Deny placed on the stack by method A (the calling method) is never discovered.

This method prevents callers higher in the call stack from accessing the protected resource through the code that calls this method, even if those callers have been granted permission to access it. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

CodeAccessPermission.Deny can limit the liability of the programmer or help prevent accidental security issues because it helps prevent the method that calls CodeAccessPermission.Deny from being used to access the resource protected by the denied permission. If a method calls CodeAccessPermission.Deny on a permission, and if a CodeAccessPermission.Demand for that permission is invoked by a caller lower in the call stack, that security check will fail when it reaches the CodeAccessPermission.Deny.

The call to CodeAccessPermission.Deny is effective until the calling code returns to its caller. Only one CodeAccessPermission.Deny can be active on a frame. An attempt to call CodeAccessPermission.Deny when an active CodeAccessPermission.Deny exists on the frame results in a System.Security.SecurityException. Call CodeAccessPermission.RevertDeny or CodeAccessPermission.RevertAll to remove an active CodeAccessPermission.Deny. CodeAccessPermission.Deny is ignored for a permission not granted because a demand for that permission will not succeed.


Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions: 1.0.5000.0,,