LevelFinal and Exclusive Attributes in C#


This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.

Some higher-level policies can choose to exclude lower policy levels so that they are not evaluated. Simply applying the LevelFinal or Exclusive attribute to a code group creates this exclusion. 

The LevelFinal attribute prevents any policy level below the current level from being evaluated. Remember that the policy levels are the following from highest to lowest: enterprise policy, machine policy, user policy, application domain policy. If, for example, you apply the LevelFinal attribute to the zone code group at the enterprise level, the policy of any code group at the machine level will not be evaluated even if a machine-level administrator has made changes. Applying the LevelFinal attribute at a particular policy level, guarantees that an assembly associated with a code group marked with the LevelFinal attribute will never have its permissions revoked because of decisions made by a lower policy level's administrator. 

The Exclusive attribute prevents other code groups in the same policy level from being considered when the runtime environment computes permissions for assemblies in the exclusive code group. Policy levels above and below the current level are still evaluated. This attribute allows one specific code group to make the sole decision for the current policy level regarding which permissions to grant to assemblies that match that group. This is useful when you want to grant a specific set of permissions to specific assemblies, without allowing permissions from other code group matches on the same policy level. Note that an assembly is not allowed to execute if it belongs to more than one code group marked as exclusive; otherwise, the system throws a PolicyException error. 

Listing 22.5 walks through creation of an example code group named xxx and the setting of a few properties with the mscorcfg.msc MMC tool. 

Security in .NET 729 Listing 22.5: Example Application Directory Code Group 

<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Attributes="Exclusive, LevelFinal"
Name="xxx"
Description="xxx description">
  <IMembershipCondition class="ApplicationDirectoryMembershipCondition"
   version="1"/>
</CodeGroup>

Conclusion

Hope this article would have helped you in understanding LevelFinal and Exclusive Attributes in C#. See other articles on the website on .NET and C#.

visual C-sharp.jpg
The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer.

Up Next
    Ebook Download
    View all
    Learn
    View all