Security Policy Model
Important |
---|
In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4. |
The .NET Framework security policy model comprises the following elements:
Security policy levels: enterprise, machine, user, and sometimes application domain.
A hierarchy of code groups within the enterprise, machine, and user policy levels.
Named permission sets associated with each code group.
Evidence that provides information about the identity of code.
Application domain hosts that provide evidence about code to the common language runtime.
Each security policy level has its own hierarchy of code groups that provides infrastructure for establishing and configuring security policy. Code groups map evidence to a set of allowed permissions. Often, code groups are associated with a named permission set that specifies the allowable permissions for code in that group. The runtime uses evidence provided by a trusted host or by the loader to determine which code groups the code belongs to and, therefore, which permissions the code is granted.