When clients access the server, by default, they have full access to shared objects. The ISharedObjectSecurity interface can be used to write handlers that deny certain actions on a given shared object or prevent the client from creating arbitrary shared objects.

Below is an example handler that only allows the creation of the persistent shared object "position". Any client may connect to it and only sending messages "drop" through the SO is allowed. Write access to properties is enabled.

public class SampleSOSecurityHandler : ISharedObjectSecurity 
{
  
  public bool IsConnectionAllowed(ISharedObject so) 
  {
      // Note: we don't check for the name here as only one SO can be
      //       created with this handler.
      return true;
  }
  
  public bool IsCreationAllowed(IScope scope, string name, bool persistent) {
      if (!"position".Equals(name) || !persistent)
          return false;
      else
          return true;
  }
  
  public bool IsDeleteAllowed(ISharedObject so, string key) 
  {
      return false;
  }
  
  public bool IsSendAllowed(ISharedObject so, string message, IList arguments) 
  {
      if (!"drop".Equals(message))
          return false;
      else
          return true;
  }
  
  public boolean IsWriteAllowed(ISharedObject so, string key, object value) 
  {
      return true;
  }
}

To register this handler in the application, add the following code in the AppStart method:

RegisterSharedObjectSecurity(new SampleSOSecurityHandler());

To register a security handler only for a given shared object:

ISharedObject so = GetSharedObject(scope, "MySharedObject");
so.RegisterSharedObjectSecurity(new MySOSecurityHandler());

Note: Property changes through server-side are never protected by the security handlers.