HostSecurityManager Class
Allows the control and customization of security behavior for application domains.
Assembly: mscorlib (in mscorlib.dll)
'Declaration <SerializableAttribute> _ <ComVisibleAttribute(True)> _ <SecurityPermissionAttribute(SecurityAction.InheritanceDemand, Flags := SecurityPermissionFlag.Infrastructure)> _ <SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags := SecurityPermissionFlag.Infrastructure)> _ Public Class HostSecurityManager 'Usage Dim instance As HostSecurityManager
When you create a new AppDomain, the common language runtime queries the AppDomainManager for the presence of a HostSecurityManager, which participates in making security decisions for the AppDomain. Host providers should implement a host security manager that inherits from the HostSecurityManager class.
Notes to Inheritors:Some members of a HostSecurityManager are called whenever an assembly is loaded, either implicitly or explicitly. The get accessor for the DomainPolicy property and the ProvideAssemblyEvidence and ProvideAppDomainEvidence methods must not load any assemblies, because doing so will result in the members of the HostSecurityManager being recursively called. To avoid circular references, you should create new instances of classes that can cause assemblies to be loaded, either implicitly or explicitly, in the constructor of a class that derives from HostSecurityManager.
The following code example shows a very simple implementation of a HostSecurityManager.
' To replace the default security manager with MySecurityManager, add the ' assembly to the GAC and call MySecurityManager in the ' custom implementation of the AppDomainManager. Imports System Imports System.Collections Imports System.Net Imports System.Reflection Imports System.Security Imports System.Security.Permissions Imports System.Security.Policy Imports System.Security.Principal Imports System.Threading Imports System.Runtime.InteropServices Imports System.Runtime.Hosting <Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()> <Serializable()> _ <SecurityPermissionAttribute(SecurityAction.Demand, Flags:=SecurityPermissionFlag.Infrastructure)> _ Public Class MySecurityManager Inherits HostSecurityManager Public Sub New() Console.WriteLine(" Creating MySecurityManager.") End Sub 'New Private myDomainPolicy As PolicyLevel = Nothing Public Overrides ReadOnly Property DomainPolicy() As PolicyLevel Get If AppDomain.CurrentDomain.FriendlyName = "DefaultDomain" OrElse AppDomain.CurrentDomain.FriendlyName = "Compilation Domain" Then Return Nothing End If If myDomainPolicy Is Nothing Then myDomainPolicy = CreateAppDomainPolicy() End If Return myDomainPolicy End Get End Property Private hostFlags As HostSecurityManagerOptions = HostSecurityManagerOptions.HostDetermineApplicationTrust Or HostSecurityManagerOptions.HostAssemblyEvidence Public Overrides ReadOnly Property Flags() As HostSecurityManagerOptions Get Return hostFlags End Get End Property Public Overrides Function ProvideAssemblyEvidence(ByVal loadedAssembly As [Assembly], ByVal evidence As Evidence) As Evidence Console.WriteLine("Provide assembly evidence for: " + IIf(loadedAssembly Is Nothing, "Unknown", loadedAssembly.ToString()) + ".") 'TODO: For performance reasons this should be changed to nested IF statements If evidence Is Nothing Then Return Nothing End If evidence.AddAssembly(New CustomEvidenceType()) Return evidence End Function 'ProvideAssemblyEvidence Public Overrides Function ProvideAppDomainEvidence(ByVal evidence As Evidence) As Evidence Console.WriteLine("Provide evidence for the " + AppDomain.CurrentDomain.FriendlyName + " AppDomain.") If evidence Is Nothing Then Return Nothing End If evidence.AddHost(New CustomEvidenceType()) Return evidence End Function 'ProvideAppDomainEvidence <SecurityPermissionAttribute(SecurityAction.Demand, Execution:=True), SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted:=True)> _ Public Overrides Function DetermineApplicationTrust(ByVal applicationEvidence As Evidence, ByVal activatorEvidence As Evidence, ByVal context As TrustManagerContext) As ApplicationTrust If applicationEvidence Is Nothing Then Throw New ArgumentNullException("applicationEvidence") End If ' Get the activation context from the application evidence. ' This HostSecurityManager does not examine the activator evidence ' nor is it concerned with the TrustManagerContext; ' it simply grants the requested grant in the application manifest. Dim enumerator As IEnumerator = applicationEvidence.GetHostEnumerator() Dim activationArgs As ActivationArguments = Nothing While enumerator.MoveNext() activationArgs = enumerator.Current ' If Not (activationArgs Is Nothing) Then Exit While End If End While If activationArgs Is Nothing Then Return Nothing End If Dim activationContext As ActivationContext = activationArgs.ActivationContext If activationContext Is Nothing Then Return Nothing End If Dim trust As New ApplicationTrust(activationContext.Identity) Dim asi As New ApplicationSecurityInfo(activationContext) trust.DefaultGrantSet = New PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing) trust.IsApplicationTrustedToRun = True Return trust End Function 'DetermineApplicationTrust Private Shared localIntranet As NamedPermissionSet Private Shared Function CreateAppDomainPolicy() As PolicyLevel Console.WriteLine("CreateAppDomainPolicy called.") Dim pLevel As PolicyLevel = PolicyLevel.CreateAppDomainLevel() ' The root code group of the policy level combines all ' permissions of its children. Dim rootCodeGroup As UnionCodeGroup Dim ps As New PermissionSet(PermissionState.None) ps.AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution)) rootCodeGroup = New UnionCodeGroup(New AllMembershipCondition(), New PolicyStatement(ps, PolicyStatementAttribute.Nothing)) ' The following code limits all code on this machine to local intranet permissions ' when running in this application domain. FindNamedPermissionSet("LocalIntranet") Dim virtualIntranet As New UnionCodeGroup(New ZoneMembershipCondition(SecurityZone.MyComputer), New PolicyStatement(localIntranet, PolicyStatementAttribute.Nothing)) virtualIntranet.Name = "Virtual Intranet" ' Add the code groups to the policy level. rootCodeGroup.AddChild(virtualIntranet) pLevel.RootCodeGroup = rootCodeGroup Return pLevel End Function 'CreateAppDomainPolicy Private Shared Sub FindNamedPermissionSet(ByVal name As String) Dim policyEnumerator As IEnumerator = SecurityManager.PolicyHierarchy() While policyEnumerator.MoveNext() Dim currentLevel As PolicyLevel = CType(policyEnumerator.Current, PolicyLevel) If currentLevel.Label = "Machine" Then Dim namedPermissions As IList = currentLevel.NamedPermissionSets Dim namedPermission As IEnumerator = namedPermissions.GetEnumerator() While namedPermission.MoveNext() If CType(namedPermission.Current, NamedPermissionSet).Name = name Then Console.WriteLine("Named permission set " + CType(namedPermission.Current, NamedPermissionSet).Name + " found.") ' Save the LocalIntranet permissions set for later use. localIntranet = CType(namedPermission.Current, NamedPermissionSet) End If End While End If End While End Sub 'FindNamedPermissionSet End Class 'MySecurityManager <Serializable()> _ Public Class CustomEvidenceType Public Sub New() End Sub 'New Public Overrides Function ToString() As String Return "CustomEvidenceType" End Function 'ToString End Class 'CustomEvidenceType
- SecurityPermission
for operating with infrastructure code. Associated enumeration: SecurityPermissionFlag.Infrastructure Security action: InheritanceDemand
- SecurityPermission
for operating with infrastructure code. Associated enumeration: SecurityPermissionFlag.Infrastructure Security action: LinkDemand
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.