This documentation is archived and is not being maintained.

Permission Grants

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

The common language runtime grants permissions to both application domains and assemblies. The permission-granting process can involve one or both of the following steps:

  1. Compute the allowed permission set.

    1. At load time, the runtime determines the set of permissions that each policy level allows the code to have.

    2. The runtime then intersects the allowed permission sets for each relevant policy level, resulting in one set of allowed permissions for the application domain or assembly.

  2. Determine the granted permissions.

    The runtime compares the final set of allowed permissions with the permissions that the assembly requests, which results in a set of permissions that is granted to the assembly. This step does not apply to permission grants for application domains.