HostSecurityManager Class

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Allows the control and customization of security behavior for application domains.

Namespace:   System.Security
Assembly:  mscorlib (in mscorlib.dll)

System.Object
  System.Security.HostSecurityManager

<SerializableAttribute>
<SecurityCriticalAttribute>
<ComVisibleAttribute(True)>
<SecurityPermissionAttribute(SecurityAction.InheritanceDemand,
	Flags := SecurityPermissionFlag.Infrastructure)>
Public Class HostSecurityManager

NameDescription
System_CAPS_pubmethodHostSecurityManager()

Initializes a new instance of the HostSecurityManager class.

NameDescription
System_CAPS_pubpropertyDomainPolicy

Obsolete. When overridden in a derived class, gets the security policy for the current application domain.

System_CAPS_pubpropertyFlags

Gets the flag representing the security policy components of concern to the host.

NameDescription
System_CAPS_pubmethodDetermineApplicationTrust(Evidence, Evidence, TrustManagerContext)

Determines whether an application should be executed.

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGenerateAppDomainEvidence(Type)

Requests a specific evidence type for the application domain.

System_CAPS_pubmethodGenerateAssemblyEvidence(Type, Assembly)

Requests a specific evidence type for the assembly.

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetHostSuppliedAppDomainEvidenceTypes()

Determines which evidence types the host can supply for the application domain, if requested.

System_CAPS_pubmethodGetHostSuppliedAssemblyEvidenceTypes(Assembly)

Determines which evidence types the host can supply for the assembly, if requested.

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodProvideAppDomainEvidence(Evidence)

Provides the application domain evidence for an assembly being loaded.

System_CAPS_pubmethodProvideAssemblyEvidence(Assembly, Evidence)

Provides the assembly evidence for an assembly being loaded.

System_CAPS_pubmethodResolvePolicy(Evidence)

Determines what permissions to grant to code based on the specified evidence.

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

When you create a new AppDomain, the common language runtime queries the AppDomainManager for the presence of a HostSecurityManager, which participates in making security decisions for the AppDomain. Host providers should implement a host security manager that inherits from the HostSecurityManager class.

Notes to Inheritors:

Some members of a HostSecurityManager are called whenever an assembly is loaded, either implicitly or explicitly. The ProvideAssemblyEvidence and ProvideAppDomainEvidence methods must not load any assemblies, because doing so will result in the members of the HostSecurityManager being recursively called. To avoid circular references, you should create new instances of classes that can cause assemblies to be loaded, either implicitly or explicitly, in the constructor of a class that derives from HostSecurityManager.

The following example shows a very simple implementation of a HostSecurityManager.

' To replace the default security manager with MySecurityManager, add the 
' assembly to the GAC and call MySecurityManager in the
' custom implementation of the AppDomainManager.
Imports System
Imports System.Collections
Imports System.Net
Imports System.Reflection
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Security.Principal
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.Runtime.Hosting



<Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()> 

<Serializable(), SecurityPermissionAttribute(SecurityAction.Demand, Flags:=SecurityPermissionFlag.Infrastructure)> _
Public Class MySecurityManager
    Inherits HostSecurityManager

    Public Sub New()
        Console.WriteLine(" Creating MySecurityManager.")

    End Sub 'NewNew


    Private hostFlags As HostSecurityManagerOptions = HostSecurityManagerOptions.HostDetermineApplicationTrust Or HostSecurityManagerOptions.HostAssemblyEvidence

    Public Overrides ReadOnly Property Flags() As HostSecurityManagerOptions
        Get
            Return hostFlags
        End Get
    End Property

    Public Overrides Function ProvideAssemblyEvidence(ByVal loadedAssembly As [Assembly], ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide assembly evidence for: " + IIf(loadedAssembly Is Nothing, "Unknown", loadedAssembly.ToString()) + ".") 'TODO: For performance reasons this should be changed to nested IF statements
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddAssemblyEvidence(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAssemblyEvidence

    Public Overrides Function ProvideAppDomainEvidence(ByVal evidence As Evidence) As Evidence
        Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.")
        If evidence Is Nothing Then
            Return Nothing
        End If
        evidence.AddHostEvidence(New CustomEvidenceType())
        Return evidence

    End Function 'ProvideAppDomainEvidence

    <SecurityPermissionAttribute(SecurityAction.Demand, Execution:=True), SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted:=True)> _
    Public Overrides Function DetermineApplicationTrust(ByVal applicationEvidence As Evidence, ByVal activatorEvidence As Evidence, ByVal context As TrustManagerContext) As ApplicationTrust
        If applicationEvidence Is Nothing Then
            Throw New ArgumentNullException("applicationEvidence")
        End If
        ' Get the activation context from the application evidence.
        ' This HostSecurityManager does not examine the activator evidence
        ' nor is it concerned with the TrustManagerContext;
        ' it simply grants the requested grant in the application manifest.
        Dim enumerator As IEnumerator = applicationEvidence.GetHostEnumerator()
        Dim activationArgs As ActivationArguments = Nothing
        While enumerator.MoveNext()
            activationArgs = enumerator.Current '
            If Not (activationArgs Is Nothing) Then
                Exit While
            End If
        End While
        If activationArgs Is Nothing Then
            Return Nothing
        End If
        Dim activationContext As ActivationContext = activationArgs.ActivationContext
        If activationContext Is Nothing Then
            Return Nothing
        End If
        Dim trust As New ApplicationTrust(activationContext.Identity)
        Dim asi As New ApplicationSecurityInfo(activationContext)
        trust.DefaultGrantSet = New PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing)
        trust.IsApplicationTrustedToRun = True
        Return trust

    End Function 'DetermineApplicationTrust
End Class
<Serializable()> _
Public Class CustomEvidenceType
    Inherits EvidenceBase

    Public Sub New()

    End Sub

    Public Overrides Function ToString() As String
        Return "CustomEvidenceType"

    End Function 'ToString
End Class

SecurityCriticalAttribute

requires full trust for the immediate caller. This class cannot be used by partially trusted or transparent code.

InheritanceDemand

for full trust for inheritors. This class cannot be inherited by partially trusted code.

.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: