This documentation is archived and is not being maintained.

HostSecurityManager Class

Note: This class is new in the .NET Framework version 2.0.

Allows the control and customization of security behavior for application domains.

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

<SerializableAttribute> _
<ComVisibleAttribute(True)> _
Public Class HostSecurityManager
Dim instance As HostSecurityManager

/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public class HostSecurityManager
public class HostSecurityManager

When you create a new AppDomain, the common language runtime queries the AppDomainManager for the presence of a HostSecurityManager, which participates in making security decisions for the AppDomain. Host providers should implement a host security manager that inherits from the HostSecurityManager class.

Notes to Inheritors Some members of a HostSecurityManager are called whenever an assembly is loaded, either implicitly or explicitly. The get accessor for the DomainPolicy property and the ProvideAssemblyEvidence and ProvideAppDomainEvidence methods must not load any assemblies, because doing so will result in the members of the HostSecurityManager being recursively called. To avoid circular references, you should create new instances of classes that can cause assemblies to be loaded, either implicitly or explicitly, in the constructor of a class that derives from HostSecurityManager.

The following code example shows a very simple implementation of a HostSecurityManager.

' To replace the default security manager with MySecurityManager, add the 
' assembly to the GAC and call MySecurityManager in the
' custom implementation of the AppDomainManager.
Imports System
Imports System.Collections
Imports System.Net
Imports System.Reflection
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Security.Principal
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.Runtime.Hosting

<Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()> 
<Serializable()> _
<SecurityPermissionAttribute(SecurityAction.Demand, Flags:=SecurityPermissionFlag.Infrastructure)> _
Public Class MySecurityManager
    Inherits HostSecurityManager

    Public Sub New()
        Console.WriteLine(" Creating MySecurityManager.")

    End Sub 'New

    Private myDomainPolicy As PolicyLevel = Nothing

    Public Overrides ReadOnly Property DomainPolicy() As PolicyLevel
            If AppDomain.CurrentDomain.FriendlyName = "DefaultDomain" OrElse AppDomain.CurrentDomain.FriendlyName = "Compilation Domain" Then
                Return Nothing
            End If
            If myDomainPolicy Is Nothing Then
                myDomainPolicy = CreateAppDomainPolicy()
            End If
            Return myDomainPolicy
        End Get
    End Property

    Private hostFlags As HostSecurityManagerOptions = HostSecurityManagerOptions.HostDetermineApplicationTrust Or HostSecurityManagerOptions.HostAssemblyEvidence

    Public Overrides ReadOnly Property Flags() As HostSecurityManagerOptions
            Return hostFlags
        End Get
    End Property

    Public Overrides Function ProvideAssemblyEvidence(ByVal loadedAssembly As [Assembly], ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide assembly evidence for: " + IIf(loadedAssembly Is Nothing, "Unknown", loadedAssembly.ToString()) + ".") 'TODO: For performance reasons this should be changed to nested IF statements
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddAssembly(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAssemblyEvidence

    Public Overrides Function ProvideAppDomainEvidence(ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.")
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddHost(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAppDomainEvidence

    <SecurityPermissionAttribute(SecurityAction.Demand, Execution:=True), SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted:=True)> _
    Public Overrides Function DetermineApplicationTrust(ByVal applicationEvidence As Evidence, ByVal activatorEvidence As Evidence, ByVal context As TrustManagerContext) As ApplicationTrust
        If applicationEvidence Is Nothing Then
            Throw New ArgumentNullException("applicationEvidence")
        End If
        ' Get the activation context from the application evidence.
        ' This HostSecurityManager does not examine the activator evidence
        ' nor is it concerned with the TrustManagerContext;
        ' it simply grants the requested grant in the application manifest.
        Dim enumerator As IEnumerator = applicationEvidence.GetHostEnumerator()
        Dim activationArgs As ActivationArguments = Nothing
        While enumerator.MoveNext()
            activationArgs = enumerator.Current '
            If Not (activationArgs Is Nothing) Then
                Exit While
            End If
        End While
        If activationArgs Is Nothing Then
            Return Nothing
        End If
        Dim activationContext As ActivationContext = activationArgs.ActivationContext
        If activationContext Is Nothing Then
            Return Nothing
        End If
        Dim trust As New ApplicationTrust(activationContext.Identity)
        Dim asi As New ApplicationSecurityInfo(activationContext)
        trust.DefaultGrantSet = New PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing)
        trust.IsApplicationTrustedToRun = True
        Return trust

    End Function 'DetermineApplicationTrust
    Private Shared localIntranet As NamedPermissionSet

    Private Shared Function CreateAppDomainPolicy() As PolicyLevel
        Console.WriteLine("CreateAppDomainPolicy called.")
        Dim pLevel As PolicyLevel = PolicyLevel.CreateAppDomainLevel()
        ' The root code group of the policy level combines all
        ' permissions of its children.
        Dim rootCodeGroup As UnionCodeGroup
        Dim ps As New PermissionSet(PermissionState.None)
        ps.AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution))
        rootCodeGroup = New UnionCodeGroup(New AllMembershipCondition(), New PolicyStatement(ps, PolicyStatementAttribute.Nothing))

        ' The following code limits all code on this machine to local intranet permissions
        ' when running in this application domain.
        Dim virtualIntranet As New UnionCodeGroup(New ZoneMembershipCondition(SecurityZone.MyComputer), New PolicyStatement(localIntranet, PolicyStatementAttribute.Nothing))
        virtualIntranet.Name = "Virtual Intranet"
        ' Add the code groups to the policy level.
        pLevel.RootCodeGroup = rootCodeGroup
        Return pLevel

    End Function 'CreateAppDomainPolicy

    Private Shared Sub FindNamedPermissionSet(ByVal name As String)
        Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy()

        While policyEnumerator.MoveNext()
            Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current, PolicyLevel)

            If currentLevel.Label = "Machine" Then
                Dim namedPermissions As IList = currentLevel.NamedPermissionSets
                Dim namedPermission As IEnumerator = namedPermissions.GetEnumerator()

                While namedPermission.MoveNext()
                    If CType(namedPermission.Current, NamedPermissionSet).Name = name Then
                        Console.WriteLine("Named permission set " + CType(namedPermission.Current, NamedPermissionSet).Name + " found.")
                        ' Save the LocalIntranet permissions set for later use.
                        localIntranet = CType(namedPermission.Current, NamedPermissionSet)
                    End If
                End While
            End If
        End While

    End Sub 'FindNamedPermissionSet
End Class 'MySecurityManager
<Serializable()> _
Public Class CustomEvidenceType

    Public Sub New()

    End Sub 'New

    Public Overrides Function ToString() As String
        Return "CustomEvidenceType"

    End Function 'ToString
End Class 'CustomEvidenceType


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0