Training
Assembly Binding Redirection Security Permission
Note
This article is specific to .NET Framework. It doesn't apply to newer implementations of .NET, including .NET 6 and later versions.
Explicit assembly binding redirection in an application configuration file requires a security permission. This applies to redirection of .NET Framework assemblies and assemblies from third parties. The permission is granted by setting the SecurityPermissionFlag flag on the SecurityPermission. Managed assemblies have no permissions by default.
The security permission is granted to applications running in the Trusted Zone (local machine) and Intranet Zone. Applications running in the Internet Zone are strictly prohibited from performing assembly binding redirection.
The permission is not required if assembly redirection is performed in a publisher policy file that is controlled by the component publisher, or in the machine configuration file that is controlled by the administrator. However, the permission is required for an application to explicitly ignore publisher policy using the <publisherPolicy apply="no"/> element in the application configuration file.
The following table shows the default security settings for the BindingRedirects flag.
Zone | BindingRedirects flag setting |
---|---|
Trusted Zone (local machine) | ON |
Intranet Zone | ON |
Internet Zone | OFF |
Untrusted zones | OFF |
An administrator can change these security settings to support or restrict specific scenarios on a given computer. There are no tools for changing the BindingRedirects flag setting from the default; an administrator must manually edit the Security.config file on a user's computer.
.NET feedback
.NET is an open source project. Select a link to provide feedback: