By passing identity information (user name and role) to the constructor, System.Security.Permissions.PrincipalPermission can be used to demand that the identity of the active principal matches this information.

To match the active System.Security.Principal.IPrincipal and associated System.Security.Principal.IIdentity, both the specified identity and role must match. If null identity string is used, it is interpreted as a request to match any identity. Use of null role string will match any role. By implication, passing null parameter for name or role to System.Security.Permissions.PrincipalPermission will match the identity and roles in any System.Security.Principal.IPrincipal. It is also possible to construct a System.Security.Permissions.PrincipalPermission that only determines whether the System.Security.Principal.IIdentity represents an authenticated or unauthenticated entity. In this case, name and role are ignored.

Unlike most other permissions, System.Security.Permissions.PrincipalPermission does not extend System.Security.CodeAccessPermission. It does, however, implement the System.Security.IPermission interface. This is because System.Security.Permissions.PrincipalPermission is not a code access permission; that is, it is not granted based on the identity of the executing assembly. Instead, it allows code to perform actions (PrincipalPermission.Demand, PrincipalPermission.Union(System.Security.IPermission), PrincipalPermission.Intersect(System.Security.IPermission), and so on) against the current user identity in a manner consistent with the way those actions are performed for code access and code identity permissions.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0, 4.0.0.0