This post originated from an RSS feed registered with .NET Buzz by Mark Levison. Original Post: Undocumented Permission Surprises Feed Title: Mark Levison Feed URL: /WebLog/error.aspx?aspxerrorpath=/WebLog/mlevison/Rss.aspx Feed Description: Musings on No Touch Deployment, .NET development and photography Latest .NET Buzz Posts Latest .NET Buzz Posts by Mark Levison Latest Posts From Mark Levison

I'm trying to tighten our permission demands, so that we only demand the permissions that we absolutely need.  Looking at the documentation for StandardPrinterController, no mention of permissions is made in the requirements.  Being the suspicious type I fired up Reflector and made quite the set of discoveries.

All of the OnStartXXX() and OnEndXXX() methods call Check.Security():

private void CheckSecurity(PrintDocument document)
{
      if (document.PrinterSettings.PrintDialogDisplayed)
      {
            IntSecurity.SafePrinting.Demand();
      }
      else if (document.PrinterSettings.IsDefaultPrinter)
      {
            IntSecurity.DefaultPrinting.Demand();
      }
      else
      {
            IntSecurity.AllPrinting.Demand();
      }
}

I think this is testing how the document was created (PrintDialogDisplayed isn't documented either).  My guess is, if the user created this PrintDocument via the standard Print dialog then only safe printing is required.  Otherwise stronger demands are made.

The next surpise all the methods demand Unmanaged Code Permission.  The final indignity both the OnStartXXX() methods demand AllPrinting permission.

The moral of this story, MS hasn't done a very good job of documenting the security requirements of many of the classes in the BCL.  When you have a sneaking suspicion that an operation requires a permission that isn't documented, you might just be right.  Fire up reflector and take a closer look.