This documentation is archived and is not being maintained.

Security Policy Model

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

The .NET Framework security policy model comprises the following elements:

Each security policy level has its own hierarchy of code groups that provides infrastructure for establishing and configuring security policy. Code groups map evidence to a set of allowed permissions. Often, code groups are associated with a named permission set that specifies the allowable permissions for code in that group. The runtime uses evidence provided by a trusted host or by the loader to determine which code groups the code belongs to and, therefore, which permissions the code is granted.