This documentation is archived and is not being maintained.

Assembly Binding Redirection Security Permission

Explicit assembly binding redirection in an application configuration file requires a security permission. This applies to redirection of .NET Framework assemblies and assemblies from third parties. The permission is granted by setting the BindingRedirects flag on the SecurityPermission Class. Managed assemblies have no permissions by default.

The security permission is granted to applications running in the Trusted Zone (local machine) and Intranet Zone. Applications running in the Internet Zone are strictly prohibited from performing assembly binding redirection.

The permission is not required if assembly redirection is performed in a publisher policy file that is controlled by the component publisher, or in the machine configuration file that is controlled by the administrator. However, the permission is required for an application to explicitly ignore publisher policy using the <publisherPolicy apply="no"/> element in the application configuration file.

The following table shows the default security settings for the BindingRedirects flag.


BindingRedirects flag setting

Trusted Zone (local machine)


Intranet Zone


Internet Zone


Untrusted zones


An administrator can change these security settings to support or restrict specific scenarios on a given computer. There are no tools for changing the BindingRedirects flag setting from the default; an administrator must manually edit the Security.config file on a user's computer.