This documentation is archived and is not being maintained.

Evidence Class

Defines the set of information that constitutes input to security policy decisions. This class cannot be inherited.

For a list of all members of this type, see Evidence Members.


[Visual Basic]
NotInheritable Public Class Evidence
   Implements ICollection, IEnumerable
public sealed class Evidence : ICollection, IEnumerable
public __gc __sealed class Evidence : public ICollection,
class Evidence implements ICollection, IEnumerable

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.


Common forms of evidence include signatures and location of origin of code, but can potentially be anything. Objects of any type that are recognized by security policy represent evidence.

Security policy is composed of code groups; a particular assembly (the basic unit of code for granting security permissions) is a member of a code group if it satisfies the code group's membership condition. Evidence is the set of inputs to policy that membership conditions use to determine to which code groups an assembly belongs.

The Evidence class is a collection (see ICollection) that holds a set of objects that represent evidence. This class holds two sets that correspond to the source of the evidence: host evidence and assembly evidence.

Policy can get evidence from two different sources when evaluating permissions for code.

  • Host evidence is provided by the host, and can only be provided by hosts that have been granted the ControlEvidence permission. Typically, this is evidence of the origin of the code and digital signatures on the assembly. Evidence about origin typically includes Url, Site, and Zone evidence. Signatures refer to software publisher (AuthentiCode X.509v3 signature) and strong name identities. Both kinds of digital signature-based identity are built into the assembly, but must be validated and passed to policy by the host; when loaded, the security system verifies the signature. The system then creates the appropriate evidence and passes it to policy only if the corresponding signature is valid.
  • Assembly evidence is part of the assembly itself. Developers or administrators can attach custom evidence to the assembly to extend the set of evidence for policy. Assembly evidence can only be added at the time of assembly generation, which occurs before the assembly is signed. The default policy of the security system ignores assembly-provided evidence, but policy can be extended to accept it.


[Visual Basic, C#] The following example demonstrates how to create new Evidence classes with both host evidence and assembly evidence.

[Visual Basic] 
Imports System
Imports System.Collections
Imports System.Security
Imports System.Security.Policy
Imports System.Security.Permissions

    Module Module1


    Public Class Evidence_Constructors

        Public Function CreateEvidence() As Boolean
            Dim retVal As Boolean = True

                ' Create default contructor.
                Dim ev1 As New Evidence()
                Console.WriteLine("Created empty evidence with the default constructor")

                ' Constructor for null host evidence.
                Dim ev2a As New Evidence(Nothing)
                Console.WriteLine("Created evidence with a null host evidence ")

                ' Constructor to copy host evidence.
                Dim url As New Url("")
                Console.WriteLine(("Adding host evidence " + url.ToString()))
                Dim ev2b As New Evidence(ev2a)
                Console.WriteLine("Copy evidence into new evidence")
                Dim enum1 As IEnumerator = ev2b.GetHostEnumerator()

                ' Constructor to copy host and assembly evidence separately.
                Dim oa1() As [Object]
                Dim site As New Site("")
                Dim oa2 As [Object]() = {url, site}
                Dim ev3a As New Evidence(oa1, oa2)
                enum1 = ev3a.GetHostEnumerator()
                Dim enum2 As IEnumerator = ev3a.GetAssemblyEnumerator()
                Dim obj1 As [Object] = enum2.Current
                Console.WriteLine(("URL = " + obj1.ToString() + "  Site = " + enum2.Current.ToString()))

                ' Constructor to copy null host and assembly evidence.
                Dim ev3b As New Evidence(Nothing, Nothing)
                Console.WriteLine("Create new evidence with null host and assembly evidence")

            Catch e As Exception
                Console.WriteLine("Fatal error: {0}", e.ToString())
                Return False
            End Try

            Return retVal
        End Function 'CreateEvidence

        Public Shared Sub Main()
                Dim EvidenceTest As New Evidence_Constructors()
                Dim ret As Boolean = EvidenceTest.CreateEvidence()
                If ret Then
                    Console.WriteLine("Evidence_Constructors -- Done.")
                    Console.WriteLine("Evidence_Constructors -- Fail.")
                End If
            Catch e As Exception
                Environment.ExitCode = 101
            End Try
        End Sub 'Main
    End Class 'Evidence_Constructors

End Module


using System;
using System.Collections;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;

public class Evidence_Constructors
    public bool CreateEvidence()
        bool retVal = true;

            // Create default contructor.
            Evidence ev1 = new Evidence();
            Console.WriteLine("Created empty evidence with the default constructor");

            // Constructor for null host evidence.
            Evidence ev2a = new Evidence(null);
            Console.WriteLine("Created evidence with a null host evidence ");

            // Constructor to copy host evidence.
            Url url = new Url("");
            Console.WriteLine("Adding host evidence " + url.ToString());
            Evidence ev2b = new Evidence(ev2a);
            Console.WriteLine("Copy evidence into new evidence");
            IEnumerator enum1 = ev2b.GetHostEnumerator();
            // Constructor to copy host and assembly evidence separately.
            Object [] oa1 = {};
            Site site = new Site("");
            Object [] oa2 = { url, site };
            Evidence ev3a = new Evidence(oa1, oa2);
            enum1 = ev3a.GetHostEnumerator();
            IEnumerator enum2 = ev3a.GetAssemblyEnumerator();
            Object obj1 = enum2.Current;
            Console.WriteLine("URL = " + obj1.ToString() + "  Site = " + enum2.Current.ToString());
            // Constructor to copy null host and assembly evidence.
            Evidence ev3b = new Evidence(null, null);
            Console.WriteLine("Create new evidence with null host and assembly evidence");
        catch (Exception e)
            Console.WriteLine("Fatal error: {0}", e.ToString());
            return false;

        return retVal;

    public static void Main()
            Evidence_Constructors EvidenceTest = new Evidence_Constructors();
            bool ret = EvidenceTest.CreateEvidence();
            if (ret)
                Console.WriteLine("Evidence_Constructors -- Done.");
                Console.WriteLine("Evidence_Constructors -- Fail.");
        catch(Exception e)
            Environment.ExitCode = 101;

[C++, JScript] No example is available for C++ or JScript. To view a Visual Basic or C# example, click the Language Filter button Language Filter in the upper-left corner of the page.


Namespace: System.Security.Policy

Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family, .NET Compact Framework

Assembly: Mscorlib (in Mscorlib.dll)

See Also

Evidence Members | System.Security.Policy Namespace