HostProtectionAttribute Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Allows the use of declarative security actions to determine host protection requirements. This class cannot be inherited.

Namespace:   System.Security.Permissions
Assembly:  mscorlib (in mscorlib.dll)


[AttributeUsageAttribute(AttributeTargets.Assembly | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Constructor | AttributeTargets.Method | AttributeTargets.Delegate, 
	AllowMultiple = true, Inherited = false)]
public sealed class HostProtectionAttribute : CodeAccessSecurityAttribute


Initializes a new instance of the HostProtectionAttribute class with default values.


Initializes a new instance of the HostProtectionAttribute class with the specified SecurityAction value.


Gets or sets a security action.(Inherited from SecurityAttribute.)


Gets or sets a value indicating whether external process management is exposed.


Gets or sets a value indicating whether external threading is exposed.


Gets or sets a value indicating whether resources might leak memory if the operation is terminated.


Gets or sets flags specifying categories of functionality that are potentially harmful to the host.


Gets or sets a value indicating whether the security infrastructure is exposed.


Gets or sets a value indicating whether self-affecting process management is exposed.


Gets or sets a value indicating whether self-affecting threading is exposed.


Gets or sets a value indicating whether shared state is exposed.


Gets or sets a value indicating whether synchronization is exposed.


When implemented in a derived class, gets a unique identifier for this Attribute.(Inherited from Attribute.)


Gets or sets a value indicating whether the user interface is exposed.


Gets or sets a value indicating whether full (unrestricted) permission to the resource protected by the attribute is declared.(Inherited from SecurityAttribute.)


Creates and returns a new host protection permission.(Overrides SecurityAttribute.CreatePermission().)


This API supports the product infrastructure and is not intended to be used directly from your code. Returns a value that indicates whether this instance is equal to a specified object.(Inherited from Attribute.)


Returns the hash code for this instance.(Inherited from Attribute.)


Gets the Type of the current instance.(Inherited from Object.)


When overridden in a derived class, indicates whether the value of this instance is the default value for the derived class.(Inherited from Attribute.)


When overridden in a derived class, returns a value that indicates whether this instance equals a specified object.(Inherited from Attribute.)


Returns a string that represents the current object.(Inherited from Object.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr)

Maps a set of names to a corresponding set of dispatch identifiers.(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute.GetTypeInfo(UInt32, UInt32, IntPtr)

Retrieves the type information for an object, which can be used to get the type information for an interface.(Inherited from Attribute.)


Retrieves the number of type information interfaces that an object provides (either 0 or 1).(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod_Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr)

Provides access to properties and methods exposed by an object.(Inherited from Attribute.)

This attribute affects only unmanaged applications that host the common language runtime and implement host protection, such as SQL Server. If the code is run in a client application or on a server that is not host-protected, the attribute "evaporates"; it is not detected and therefore not applied. When applied, the security action results in the creation of a link demand based on the host resources the class or method exposes.


The purpose of this attribute is to enforce host-specific programming model guidelines, not security behavior. Although a link demand is used to check for conformance to programming model requirements, the HostProtectionAttribute is not a security permission.

If the host does not have programming model requirements, the link demands do not occur.

This attribute identifies the following:

  • Methods or classes that do not fit the host programming model, but are otherwise benign.

  • Methods or classes that do not fit the host programming model and could lead to destabilizing server-managed user code.

  • Methods or classes that do not fit the host programming model and could lead to a destabilization of the server process itself.


If you are creating a class library that is to be called by applications that may execute in a host protected environment, you should apply this attribute to members that expose HostProtectionResource resource categories. The .NET Framework class library members with this attribute cause only the immediate caller to be checked. Your library member must also cause a check of its immediate caller in the same manner.


Do not use the Ngen.exe (Native Image Generator) to create a native image of assemblies that are protected by the HostProtectionAttribute. In a full-trust environment, the image is always loaded, without regard to the HostProtectionAttribute, and in a partial-trust environment the image is not loaded.

The following code example illustrates the use of the HostProtectionAttribute attribute with a variety of HostProtectionResource values.

using System;
using System.IO;
using System.Threading;
using System.Security;
using System.Security.Policy;
using System.Security.Principal;
using System.Security.Permissions;
using System.Diagnostics;
using System.ComponentModel;
using System.Windows.Forms;

// If this application is run on a server that implements host protection, the 
// HostProtectionAttribute attribute is applied. If the application is run on   
// a server that is not host-protected, the attribute evaporates; it is not  
// detected and therefore not applied. Host protection can be configured with  
// members of the HostProtectionResource enumeration to customize the  
// protection offered.
// The primary intent of this sample is to show situations in which the 
// HostProtectionAttribute attribute might be meaningfully used. The  
// environment required to demonstrate a particular behavior is
// too complex to invoke within the scope of this sample.

class HostProtectionExample
    public static int Success = 100;

    // Use the enumeration flags to indicate that this method exposes 
    // shared state and self-affecting process management.
    // Either of the following attribute statements can be used to set the
    // resource flags.
    [HostProtectionAttribute(SharedState = true, 
        SelfAffectingProcessMgmt = true)]
    [HostProtectionAttribute(Resources = HostProtectionResource.SharedState |
    private static void Exit(string Message, int Code)
        // Exit the sample when an exception is thrown.
        Console.WriteLine("\nFAILED: " + Message + " " + Code.ToString());
        Environment.ExitCode = Code;

    // Use the enumeration flags to indicate that this method exposes shared 
    // state, self-affecting process management, and self-affecting threading.
    [HostProtectionAttribute(SharedState=true, SelfAffectingProcessMgmt=true,
         SelfAffectingThreading=true, UI=true)]
    // This method allows the user to quit the sample.
    private static void ExecuteBreak()
        Console.WriteLine("Executing Debugger.Break.");
        Debugger.Log(1,"info","test message");

    // Use the enumeration flags to indicate that this method exposes shared 
    // state, self-affecting threading, and the security infrastructure.
    [HostProtectionAttribute(SharedState=true, SelfAffectingThreading=true,
    // ApplyIdentity sets the current identity.
    private static int ApplyIdentity()
        string[] roles = {"User"};
            AppDomain mAD = AppDomain.CurrentDomain;
            GenericPrincipal mGenPr = 
                new GenericPrincipal(WindowsIdentity.GetCurrent(), roles);
            return Success;
        catch (Exception e)
            Exit(e.ToString(), 5);
        return 0;

    // The following method is started on a separate thread.
    public static void WatchFileEvents()
            Console.WriteLine("In the child thread.");
            FileSystemWatcher watcher = new FileSystemWatcher();
            watcher.Path = "C:\\Temp";

            // Watch for changes in LastAccess and LastWrite times, and
            // name changes to files or directories.
            watcher.NotifyFilter = NotifyFilters.LastAccess 
                | NotifyFilters.LastWrite
                | NotifyFilters.FileName | NotifyFilters.DirectoryName;

            // Watch only text files.
            watcher.Filter = "*.txt";

            // Add event handlers.
            watcher.Changed += new FileSystemEventHandler(OnChanged);
            watcher.Created += new FileSystemEventHandler(OnChanged);
            watcher.Deleted += new FileSystemEventHandler(OnChanged);

            // Begin watching.
            watcher.EnableRaisingEvents = true;

            // Wait for the user to quit the program.
            Console.WriteLine("Event handlers have been enabled.");
        catch (Exception e)

    // Use the enumeration flags to indicate that this method exposes 
    // synchronization and external threading.
    [HostProtectionAttribute(Synchronization=true, ExternalThreading=true)]
    private static void StartThread()
        Thread t = new Thread(new ThreadStart(WatchFileEvents));

        // Start the new thread. On a uniprocessor, the thread is not given
        // any processor time until the main thread yields the processor.

        // Give the new thread a chance to execute.

    // Call methods that show the use of the HostProtectionResource enumeration.
    static int Main(string [] args)
            // Show use of the HostProtectionResource.SharedState,
            // HostProtectionResource.SelfAffectingThreading, and
            // HostProtectionResource.Security enumeration values.

            // Show use of the HostProtectionResource.Synchronization and
            // HostProtectionResource.ExternalThreading enumeration values.
            Console.WriteLine("In the main thread.");
            Console.WriteLine("Deleting and creating 'MyTestFile.txt'.");
            if (File.Exists("C:\\Temp\\MyTestFile.txt"))

            StreamWriter sr = File.CreateText("C:\\Temp\\MyTestFile.txt");
            sr.WriteLine ("This is my file.");

            // Show use of the HostProtectionResource.SharedState,
            // HostProtectionResource.SelfProcessMgmt,
            // HostProtectionResource.SelfAffectingThreading, and
            // HostProtectionResource.UI enumeration values.

            // Show the use of the 
            // HostProtectionResource.ExternalProcessManagement 
            // enumeration value.
            MyControl myControl = new MyControl ();
            Console.WriteLine ("Enter 'q' to quit the sample.");
            return 100;
        catch (Exception e)
            Exit(e.ToString(), 0);
            return 0;

    // Define the event handlers.
    private static void OnChanged(object source, FileSystemEventArgs e)
        // Specify whether a file is changed, created, or deleted.
        Console.WriteLine("In the OnChanged event handler.");
        Console.WriteLine("File: " + e.FullPath + " " + e.ChangeType);

// The following class is an example of code that exposes 
// external process management.
// Add the LicenseProviderAttribute to the control.
[LicenseProvider (typeof(LicFileLicenseProvider))]
public class MyControl : System.Windows.Forms.Control
    // Create a new, null license.
    private License license = null;

    [HostProtection (ExternalProcessMgmt = true)]
    public MyControl ()
        // Determine if a valid license can be granted.
        bool isValid = LicenseManager.IsValid (typeof(MyControl));
        Console.WriteLine ("The result of the IsValid method call is " + 
            isValid.ToString ());

    protected override void Dispose (bool disposing)
        if (disposing)
            if (license != null)
                license.Dispose ();
                license = null;

.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top