AddressOfCallBacks: The VA of a null-terminated array of TLS callback function pointers.The array is null terminated, and as a result this field is never null and points to an all-zero pointer if no callback functions are specified. The IL assembler does not support TLS callback functions, so the entire array of TLS callback function pointers consists of a null terminator. This null terminator immediately follows the TLS directory structure in the .sdata section.



This permission identifies the Web site from which the code originates. The attribute class has one property, Site, of type string, which

contains part of the Web site’s URL with a stripped protocol specification at the start and the filename at the end—for example, in the URL The protocol is presumed to be HTTP, HTTPS, or FTP. The wildcard character (*) is allowed in the site specifications, this time as the left part of the specification. 

l         SiteIdentityPermission 该许可权限标识了代码来自于哪个Web站点。特性类有一个属性Site,类型为string,它包含着Web站点的URL的一部分,其开始部分是剥离的协议说明,结束位置为文件名——例如,在URL中的。假定该协议为HTTPHTTPSFTP。在站点的说明中可以使用通配符,此时通配符位于说明的左边部分。 


 This permission definesthe right to access the isolated storage. Briefly, the isolated storage is a storage space allocated specifically for the user’s application, providing a data store independent of the structure of the local file system, a sort of “sandbox” for the application to play in without touching the rest of the file system. Data compartments within the isolated storage are defined by the identity of the application or component code. Thus, there’s no need to work magic with the file paths to ensure that the data storages specific to different applications don’t overlap. The attribute class has two properties:

该访问权限拒绝对独立存储的访问。简而言之,独立存储(isolated storage),就是专门为用户应用程序分配的存储空间,提供了独立于本地文件系统结构的数据存储,对于应用程序来说是一种触及不到文件系统其余部分的“沙盒”sandbox)。独立存储中的数据舱(data compartment)是由应用程序代码或组件代码的标识定义的。这样,就不需要处理文件路径了,从而保证了用于不同应用程序的数据存储不会重叠。特性类有两个属性:

Permission Sets

     Individual permissionobjects (the instances of the permission classes) can be combined into permission sets. A permission set is an instance of the [mscorlib]System.Security.PermissionSet class or of the [mscorlib]System.Security.NamedPermissionSet class, which

is derived from the former. A permission set can be constructed, such as by combining all permissions relevant to a certain resource or to a certain metadata item (the assembly, a class, or a method).

     The PermissionSet class, after its constituent permission classes, implements the interface IPermission with its methods Copy, Intersect, Union, IsSubsetOf, and Demand.

The declarative security is represented in the metadata by the unnamed permission sets, grouped by the security action. Each such permission set is attributed toone metadata item(assembly, class, or method).