Export (0) Print
Expand All

Evidence Class

Defines the set of information that constitutes input to security policy decisions. This class cannot be inherited.

Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[ComVisibleAttribute(true)] 
public sealed class Evidence : ICollection, IEnumerable
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class Evidence implements ICollection, IEnumerable
SerializableAttribute 
ComVisibleAttribute(true) 
public final class Evidence implements ICollection, IEnumerable

Common forms of evidence include signatures and location of origin of code, but can potentially be anything. Objects of any type that are recognized by security policy represent evidence.

Security policy is composed of code groups; a particular assembly (the basic unit of code for granting security permissions) is a member of a code group if it satisfies the code group's membership condition. Evidence is the set of inputs to policy that membership conditions use to determine to which code groups an assembly belongs.

The Evidence class is a collection (see ICollection) that holds a set of objects that represent evidence. This class holds two sets that correspond to the source of the evidence: host evidence and assembly evidence.

Policy can get evidence from two different sources when evaluating permissions for code.

  • Host evidence is provided by the host, and can only be provided by hosts that have been granted the ControlEvidence permission. Typically, this is evidence of the origin of the code and digital signatures on the assembly. Evidence about origin typically includes Url, Site, and Zone evidence. Signatures refer to software publisher (AuthentiCode X.509v3 signature) and strong name identities. Both kinds of digital signature-based identity are built into the assembly, but must be validated and passed to policy by the host; when loaded, the security system verifies the signature. The system then creates the appropriate evidence and passes it to policy only if the corresponding signature is valid.

  • Assembly evidence is part of the assembly itself. Developers or administrators can attach custom evidence to the assembly to extend the set of evidence for policy. Assembly evidence can only be added at the time of assembly generation, which occurs before the assembly is signed. The default policy of the security system ignores assembly-provided evidence, but policy can be extended to accept it.

The following code example demonstrates how to create new Evidence classes with both host evidence and assembly evidence.


using System;
using System.Collections;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Globalization;

public class Evidence_Example
{
    public bool CreateEvidence()
    {
        bool retVal = true;

        try
        {
            // Create empty evidence using the default contructor.
            Evidence ev1 = new Evidence();
            Console.WriteLine("Created empty evidence with the default constructor.");

            // Constructor used to create null host evidence.
            Evidence ev2a = new Evidence(null);
            Console.WriteLine("Created an Evidence object with null host evidence.");

            // Constructor used to create host evidence.
            Url url = new Url("http://www.treyresearch.com");
            Console.WriteLine("Adding host evidence " + url.ToString());
            ev2a.AddHost(url);
            Evidence ev2b = new Evidence(ev2a);
            Console.WriteLine("Copy evidence into new evidence");
            IEnumerator enum1 = ev2b.GetHostEnumerator();
            enum1.MoveNext();
            Console.WriteLine(enum1.Current.ToString());
			
            // Constructor used to create both host and assembly evidence.
            Object [] oa1 = {};
            Site site = new Site("www.wideworldimporters.com");
            Object [] oa2 = { url, site };
            Evidence ev3a = new Evidence(oa1, oa2);
            enum1 = ev3a.GetHostEnumerator();
            IEnumerator enum2 = ev3a.GetAssemblyEnumerator();
            enum2.MoveNext();
            Object obj1 = enum2.Current;
            enum2.MoveNext();
            Console.WriteLine("URL = " + obj1.ToString() + "  Site = " + enum2.Current.ToString());
			
            // Constructor used to create null host and null assembly evidence.
            Evidence ev3b = new Evidence(null, null);
            Console.WriteLine("Create new evidence with null host and assembly evidence");
			
        }
        catch (Exception e)
        {
            Console.WriteLine("Fatal error: {0}", e.ToString());
            return false;
        }

        return retVal;
    }
    public Evidence DemonstrateEvidenceMembers()
    {
        Evidence myEvidence = new Evidence();
        string sPubKeyBlob =	"00240000048000009400000006020000" + 
            "00240000525341310004000001000100" + 
            "19390E945A40FB5730204A25FA5DC4DA" + 
            "B18688B412CB0EDB87A6EFC50E2796C9" + 
            "B41AD3040A7E46E4A02516C598678636" + 
            "44A0F74C39B7AB9C38C01F10AF4A5752" + 
            "BFBCDF7E6DD826676AD031E7BCE63393" + 
            "495BAD2CA4BE03B529A73C95E5B06BE7" + 
            "35CA0F622C63E8F54171BD73E4C8F193" + 
            "CB2664163719CA41F8159B8AC88F8CD3";
        Byte[] pubkey = HexsToArray(sPubKeyBlob);

        // Create a strong name.
        StrongName mSN = new StrongName(new StrongNamePublicKeyBlob(pubkey), "SN01", new Version("0.0.0.0"));

        // Create assembly and host evidence.
        Console.WriteLine("Adding assembly evidence.");
        myEvidence.AddAssembly("SN01");
        myEvidence.AddAssembly(new Version("0.0.0.0"));
        myEvidence.AddAssembly(mSN);
        Console.WriteLine("Count of evidence items = " + myEvidence.Count.ToString());
        Url url = new Url("http://www.treyresearch.com");
        Console.WriteLine("Adding host evidence " + url.ToString());
        myEvidence.AddHost(url);
        PrintEvidence(myEvidence).ToString();
        Console.WriteLine("Count of evidence items = " + myEvidence.Count.ToString());
        Console.WriteLine("\nCopy the evidence to an array using CopyTo, then display the array.");
        object[] evidenceArray = new object[myEvidence.Count];
        myEvidence.CopyTo(evidenceArray, 0);
        foreach (object obj in evidenceArray)
        {
            Console.WriteLine(obj.ToString());
        }
        Console.WriteLine("\nDisplay the contents of the properties.");
        Console.WriteLine("Locked is the only property normally used by code.");
        Console.WriteLine("IsReadOnly, IsSynchronized, and SyncRoot properties are not normally used.");
        Console.WriteLine("\nThe default value for the Locked property = " + myEvidence.Locked.ToString());
		
        Console.WriteLine("\nGet the hashcode for the evidence.");
        Console.WriteLine("HashCode = " + myEvidence.GetHashCode().ToString());
        Console.WriteLine("\nGet the type for the evidence.");
        Console.WriteLine("Type = " + myEvidence.GetType().ToString());
        Console.WriteLine("\nMerge new evidence with the current evidence.");
        Object [] oa1 = {};
        Site site = new Site("www.wideworldimporters.com");
        Object [] oa2 = { url, site };
        Evidence newEvidence = new Evidence(oa1, oa2);
        myEvidence.Merge(newEvidence);
        Console.WriteLine("Evidence count = " + PrintEvidence(myEvidence).ToString());
        Console.WriteLine("\nRemove URL evidence.");
        myEvidence.RemoveType(url.GetType());
        Console.WriteLine("Evidence count is now: " + myEvidence.Count.ToString());
        Console.WriteLine("\nMake a copy of the current evidence.");
        Evidence evidenceCopy = new Evidence(myEvidence);
        Console.WriteLine("Count of new evidence items = " + evidenceCopy.Count);
        Console.WriteLine("Does the copy equal the current evidence? " + myEvidence.Equals(evidenceCopy));
        Console.WriteLine("\nClear the current evidence.");
        myEvidence.Clear();
        Console.WriteLine("Count is now " + myEvidence.Count.ToString());
        return myEvidence;
    }
    public static int PrintEvidence(Evidence myEvidence)
    {
        int p = 0;
        Console.WriteLine("\nCurrent evidence = ");
        if (null == myEvidence) return 0;
        IEnumerator list = myEvidence.GetEnumerator();
        while (list.MoveNext())
        {
            Console.WriteLine(list.Current.ToString());
        }

        Console.WriteLine("\n");
        return p;
    }
    // Convert a hexidecimal string to an array.
    public static byte[] HexsToArray(string sHexString)
    {
        Byte[] array = new Byte[sHexString.Length/2];
        for (int i = 0; i < sHexString.Length; i += 2)
        {
            array[i / 2] = Byte.Parse(sHexString.Substring(i, 2), NumberStyles.HexNumber);
        }
        return array;
    }



    // Main method.
    public static void Main()
    {
        try
        {
            Evidence_Example EvidenceTest = new Evidence_Example();
            bool ret = EvidenceTest.CreateEvidence();
            if (ret)
            {
                Console.WriteLine("Evidence successfully created.");
            }
            else
            {
                Console.WriteLine("Evidence creation failed.");
            }
			
            EvidenceTest.DemonstrateEvidenceMembers();
        }
        catch(Exception e)
        {
	
            Console.WriteLine(e.ToString());
            Environment.ExitCode = 101;
        }
    }
}

import System.*;
import System.Collections.*;
import System.Security.*;
import System.Security.Policy.*;
import System.Security.Permissions.*;
import System.Globalization.*;
import System.Byte;

public class EvidenceExample
{
    public boolean CreateEvidence()
    {
        boolean retVal = true;

        try {
            // Create empty evidence using the default contructor.
            Evidence ev1 = new Evidence();
            Console.WriteLine("Created empty evidence with the " 
                + " default constructor.");

            // Constructor used to create null host evidence.
            Evidence ev2a = new Evidence(null);
            Console.WriteLine("Created an Evidence object with " 
                + " null host evidence.");

            // Constructor used to create host evidence.
            Url url = new Url("http://www.treyresearch.com");
            Console.WriteLine(("Adding host evidence " + url.ToString()));
            ev2a.AddHost(url);
            Evidence ev2b = new Evidence(ev2a);
            Console.WriteLine("Copy evidence into new evidence");

            IEnumerator enum1 = ev2b.GetHostEnumerator();
            enum1.MoveNext();
            Console.WriteLine(enum1.get_Current().ToString());

            // Constructor used to create both host and assembly evidence.
            Object oa1[] = null;
            Site site = new Site("www.wideworldimporters.com");
            Object oa2[] =  { url, site };
            Evidence ev3a = new Evidence(oa1, oa2);
            enum1 = ev3a.GetHostEnumerator();
            IEnumerator enum2 = ev3a.GetAssemblyEnumerator();
            enum2.MoveNext();
            Object obj1 = enum2.get_Current();
            enum2.MoveNext();
            Console.WriteLine(("URL = " + obj1.ToString() + "  Site = " 
                + enum2.get_Current().ToString()));

            // Constructor used to create null host and null assembly evidence.
            Evidence ev3b = new Evidence(null, null);
            Console.WriteLine("Create new evidence with null host and " 
                + " assembly evidence");
        }
        catch (System.Exception e) {
            Console.WriteLine("Fatal error: {0}", e.ToString());
            return false;
        }
        return retVal;
    } //CreateEvidence

    public Evidence DemonstrateEvidenceMembers()
    {
        Evidence myEvidence = new Evidence();
        String sPubKeyBlob = "00240000525341310004000001000100" 
            + "19390E945A40FB5730204A25FA5DC4DA" 
            + "B18688B412CB0EDB87A6EFC50E2796C9" 
            + "B41AD3040A7E46E4A02516C598678636" 
            + "44A0F74C39B7AB9C38C01F10AF4A5752" 
            + "BFBCDF7E6DD826676AD031E7BCE63393" 
            + "495BAD2CA4BE03B529A73C95E5B06BE7" 
            + "35CA0F622C63E8F54171BD73E4C8F193" 
            + "CB2664163719CA41F8159B8AC88F8CD3";
        Byte pubkey[] = HexsToArray(sPubKeyBlob);

        // Create a strong name.
        StrongName mSN = new StrongName(
            new StrongNamePublicKeyBlob((ubyte[])pubkey), "SN01", 
                new Version("0.0.0.0"));

        // Create assembly and host evidence.
        Console.WriteLine("Adding assembly evidence.");
        myEvidence.AddAssembly("SN01");
        myEvidence.AddAssembly(new Version("0.0.0.0"));
        myEvidence.AddAssembly(mSN);
        Console.WriteLine(("Count of evidence items = " 
            + myEvidence.get_Count()));

        Url url = new Url("http://www.treyresearch.com");
        Console.WriteLine(("Adding host evidence " + url.ToString()));
        myEvidence.AddHost(url);
        String.valueOf(PrintEvidence(myEvidence));
        Console.WriteLine(("Count of evidence items = " 
            + myEvidence.get_Count()));

        Console.WriteLine("\nCopy the evidence to an array using CopyTo," 
            + " then display the array.");
        Object evidenceArray[] = new Object[myEvidence.get_Count()];
        myEvidence.CopyTo(evidenceArray, 0);
        for (int objCount = 0; objCount < evidenceArray.length; objCount++) {
            Object obj = evidenceArray[objCount];
            Console.WriteLine(obj.ToString());
        }

        Console.WriteLine("\nDisplay the contents of the properties.");
        Console.WriteLine("Locked is the only property normally used by code.");
        Console.WriteLine("IsReadOnly, IsSynchronized, and SyncRoot " 
            + " properties are not normally used.");

        Console.WriteLine(("\nThe default value for the Locked property = " 
            + System.Convert.ToString(myEvidence.get_Locked())));

        Console.WriteLine("\nGet the hashcode for the evidence.");
        Console.WriteLine(("HashCode = " + myEvidence.GetHashCode()));

        Console.WriteLine("\nGet the type for the evidence.");
        Console.WriteLine(("Type = " + myEvidence.GetType().ToString()));

        Console.WriteLine("\nMerge new evidence with the current evidence.");
        Object oa1[] = null;
        Site site = new Site("www.wideworldimporters.com");
        Object oa2[] =  { url, site };
        Evidence newEvidence = new Evidence(oa1, oa2);
        myEvidence.Merge(newEvidence);
        Console.WriteLine(("Evidence count = " + PrintEvidence(myEvidence)));

        Console.WriteLine("\nRemove URL evidence.");
        myEvidence.RemoveType(url.GetType());
        Console.WriteLine(("Evidence count is now: " + myEvidence.get_Count()));

        Console.WriteLine("\nMake a copy of the current evidence.");
        Evidence evidenceCopy = new Evidence(myEvidence);
        Console.WriteLine(("Count of new evidence items = " 
            + evidenceCopy.get_Count()));
        Console.WriteLine(("Does the copy equal the current evidence? " 
            + System.Convert.ToString(myEvidence.Equals(evidenceCopy))));

        Console.WriteLine("\nClear the current evidence.");
        myEvidence.Clear();
        Console.WriteLine(("Count is now " + myEvidence.get_Count()));
        return myEvidence;
    } //DemonstrateEvidenceMembers

    public static int PrintEvidence(Evidence myEvidence)
    {
        int p = 0;
        Console.WriteLine("\nCurrent evidence = ");
        if (null == myEvidence) {
            return 0;
        }
        IEnumerator list = myEvidence.GetEnumerator();

        while (list.MoveNext()) {
            Console.WriteLine(String.valueOf(list.get_Current()));
        }
        Console.WriteLine("\n");
        return p;
    } //PrintEvidence

    public static System.Byte[] HexsToArray(String sHexString)
    {
        Byte array[] = new Byte[sHexString.get_Length() / 2];
        for (int i = 0; i < sHexString.get_Length(); i += 2) {
            array[i / 2] = (Byte)Byte.Parse(sHexString.Substring(i, 2), 
                NumberStyles.HexNumber);
        }
        return array;
    } //HexsToArray

    public static void main(String[] args)
    {
        try {
            EvidenceExample EvidenceTest = new EvidenceExample();
            boolean ret = EvidenceTest.CreateEvidence();
            if (ret) {
                Console.WriteLine("Evidence successfully created.");
            }
            else {
                Console.WriteLine("Evidence creation failed.");
            }
            EvidenceTest.DemonstrateEvidenceMembers();
        }
        catch (System.Exception e) {
            Console.WriteLine(e.ToString());
            Environment.set_ExitCode(101);
        }
    } //main
} //EvidenceExample

System.Object
  System.Security.Policy.Evidence

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 2.0, 1.0

Community Additions

ADD
Show:
© 2014 Microsoft