IVsaEngine.Evidence Property
Sets or retrieves evidence for the purpose of checking security permissions.
public: __property Evidence* get_Evidence();
public: __property void set_Evidence(Evidence* value);
public Evidence Evidence {get; set;}
Public Property Get Evidence() As Evidence
Public Property Set Evidence(ByVal value As Evidence)
function get Evidence() : Evidence
function set Evidence(value : Evidence)
Type
System.Security.Policy.Evidence
Return Value
Returns a reference to an Evidence object.
Remarks
The Evidence property is used by the .NET security system to assign permissions to the code running in the customization assembly. The evidence is applied when the engine loads an assembly into the application domain, generally as a result of calling the IVsaEngine.Run or IVsaEngine.Compile method. The default setting for this property is null. If a host does not set the Evidence property, the security level for the loading assembly will be set to full trust.
Warning
Because the default setting for this property is the zone in which the host is running, it is advisable for the host to run customization code under the Internet zone. Users requiring less restrictive permission settings will need to set the Evidence property accordingly. However, when elevating permission settings, consider the security implications of running untrusted code with elevated privileges. The Internet zone permission set is carefully designed to allow only those things that untrusted code can reasonably be allowed to perform. Any additional privileges you assign to an assembly (by giving it specific Evidenceevidence) may be misused by untrusted callers. Even seemingly innocuous permissions, like the ability to read and write to the TEMP directory, can result in privilege escalation and other serious security breaches. For example, if someone can read and write to a local directory, they can create and then load an assembly that will be granted full trust by the security system. Also, even when using restricted evidence, assemblies are still able to discover other assemblies running in the same application domain, and will be able to call public methods of any public types on those assemblies.
The Evidence property can be set after initializing the script engine, but it must be set before making calls to the Compile or Run methods. While the Evidence property can be set repeatedly, only the most recently set value will be used when the assembly is loaded.
This property is not persisted by the IVsaEngine.SaveSourceState or IVsaEngine.SaveCompiledState methods, as it applies only to the currently running combination of host and customization code.
The following table shows the exceptions that the Evidence property can throw.
Exception Type |
Condition |
|---|---|
EngineClosed |
The IVsaEngine.Close method has been called and the engine is closed. |
EngineRunning |
The engine is currently running (IVsaEngine.IsRunning is true). |
EngineBusy |
The engine is currently executing code for another thread. |
EngineNotInitialized |
The engine has not been initialized. |