This documentation is archived and is not being maintained.

Security Policy Management

Security policy is the configurable set of rules that the common language runtime follows when determining the permissions to grant to code. The runtime examines identifiable characteristics of the code, such as the Web site or zone where the code originates, to determine the access that code can have to resources. During execution, the runtime ensures that code accesses only the resources that it has been granted permission to access.

Security policy defines several code groups and associates each of them with a set of permissions. Code groups categorize code by characteristics such as its publisher, digital signature, the URL from where it originates, and so on. After all evidence is considered, code is placed into code groups and the resulting permission grant is the total set of permissions associated with every code group that the code obtains membership in. Although the default security policy is suitable for most situations, administrators can modify or customize security policy to tailor it to the specific needs of their organizations. The runtime grants permissions to both assemblies and application domains based on security policy.

In This Section

Security Policy Model
Describes the components of the security policy system.
Permission Grants
Describes how the common language runtime grants permission to code.
Default Security Policy
Describes how security policy is configured by default.
Administering Security Policy
Describes how administrators can view and modify security policy.
Internet Explorer Security and Managed Execution
Describes how Microsoft Internet Explorer security settings affect managed execution.

Related Sections

Security Policy Best Practices
Describes techniques that administrators can use to maintain security policy on a machine or in an enterprise.
Key Security Concepts
Introduces fundamental concepts you must understand before using .NET Framework security.
Describes permission objects and how they are used by the runtime.
Code Access Security
Describes .NET Framework code access security in detail and provides instructions for using it in your code.
Security Tools
Lists and briefly describes the security tools included in the .NET Framework SDK.