Evidence Class
Defines the set of information that constitutes input to security policy decisions. This class cannot be inherited.
For a list of all members of this type, see Evidence Members.
System.Object
System.Security.Policy.Evidence
[Visual Basic] <Serializable> NotInheritable Public Class Evidence Implements ICollection, IEnumerable [C#] [Serializable] public sealed class Evidence : ICollection, IEnumerable [C++] [Serializable] public __gc __sealed class Evidence : public ICollection, IEnumerable [JScript] public Serializable class Evidence implements ICollection, IEnumerable
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Remarks
Common forms of evidence include signatures and location of origin of code, but can potentially be anything. Objects of any type that are recognized by security policy represent evidence.
Security policy is composed of code groups; a particular assembly (the basic unit of code for granting security permissions) is a member of a code group if it satisfies the code group's membership condition. Evidence is the set of inputs to policy that membership conditions use to determine to which code groups an assembly belongs.
The Evidence class is a collection (see ICollection) that holds a set of objects that represent evidence. This class holds two sets that correspond to the source of the evidence: host evidence and assembly evidence.
Policy can get evidence from two different sources when evaluating permissions for code.
- Host evidence is provided by the host, and can only be provided by hosts that have been granted the ControlEvidence permission. Typically, this is evidence of the origin of the code and digital signatures on the assembly. Evidence about origin typically includes Url, Site, and Zone evidence. Signatures refer to software publisher (AuthentiCode X.509v3 signature) and strong name identities. Both kinds of digital signature-based identity are built into the assembly, but must be validated and passed to policy by the host; when loaded, the security system verifies the signature. The system then creates the appropriate evidence and passes it to policy only if the corresponding signature is valid.
- Assembly evidence is part of the assembly itself. Developers or administrators can attach custom evidence to the assembly to extend the set of evidence for policy. Assembly evidence can only be added at the time of assembly generation, which occurs before the assembly is signed. The default policy of the security system ignores assembly-provided evidence, but policy can be extended to accept it.
Example
[Visual Basic, C#] The following example demonstrates how to create new Evidence classes with both host evidence and assembly evidence.
[Visual Basic] Imports System Imports System.Collections Imports System.Security Imports System.Security.Policy Imports System.Security.Permissions Module Module1 _ Public Class Evidence_Constructors Public Function CreateEvidence() As Boolean Dim retVal As Boolean = True Try ' Create default contructor. Dim ev1 As New Evidence() Console.WriteLine("Created empty evidence with the default constructor") ' Constructor for null host evidence. Dim ev2a As New Evidence(Nothing) Console.WriteLine("Created evidence with a null host evidence ") ' Constructor to copy host evidence. Dim url As New Url("http://www.treyresearch.com") Console.WriteLine(("Adding host evidence " + url.ToString())) ev2a.AddHost(url) Dim ev2b As New Evidence(ev2a) Console.WriteLine("Copy evidence into new evidence") Dim enum1 As IEnumerator = ev2b.GetHostEnumerator() enum1.MoveNext() Console.WriteLine(enum1.Current.ToString()) ' Constructor to copy host and assembly evidence separately. Dim oa1() As [Object] Dim site As New Site("www.wideworldimporters.com") Dim oa2 As [Object]() = {url, site} Dim ev3a As New Evidence(oa1, oa2) enum1 = ev3a.GetHostEnumerator() Dim enum2 As IEnumerator = ev3a.GetAssemblyEnumerator() enum2.MoveNext() Dim obj1 As [Object] = enum2.Current enum2.MoveNext() Console.WriteLine(("URL = " + obj1.ToString() + " Site = " + enum2.Current.ToString())) ' Constructor to copy null host and assembly evidence. Dim ev3b As New Evidence(Nothing, Nothing) Console.WriteLine("Create new evidence with null host and assembly evidence") Catch e As Exception Console.WriteLine("Fatal error: {0}", e.ToString()) Return False End Try Return retVal End Function 'CreateEvidence Public Shared Sub Main() Try Dim EvidenceTest As New Evidence_Constructors() Dim ret As Boolean = EvidenceTest.CreateEvidence() If ret Then Console.WriteLine("Evidence_Constructors -- Done.") Else Console.WriteLine("Evidence_Constructors -- Fail.") End If Catch e As Exception Console.WriteLine(e.ToString()) Environment.ExitCode = 101 End Try End Sub 'Main End Class 'Evidence_Constructors End Module [C#] using System; using System.Collections; using System.Security; using System.Security.Policy; using System.Security.Permissions; public class Evidence_Constructors { public bool CreateEvidence() { bool retVal = true; try { // Create default contructor. Evidence ev1 = new Evidence(); Console.WriteLine("Created empty evidence with the default constructor"); // Constructor for null host evidence. Evidence ev2a = new Evidence(null); Console.WriteLine("Created evidence with a null host evidence "); // Constructor to copy host evidence. Url url = new Url("http://www.treyresearch.com"); Console.WriteLine("Adding host evidence " + url.ToString()); ev2a.AddHost(url); Evidence ev2b = new Evidence(ev2a); Console.WriteLine("Copy evidence into new evidence"); IEnumerator enum1 = ev2b.GetHostEnumerator(); enum1.MoveNext(); Console.WriteLine(enum1.Current.ToString()); // Constructor to copy host and assembly evidence separately. Object [] oa1 = {}; Site site = new Site("www.wideworldimporters.com"); Object [] oa2 = { url, site }; Evidence ev3a = new Evidence(oa1, oa2); enum1 = ev3a.GetHostEnumerator(); IEnumerator enum2 = ev3a.GetAssemblyEnumerator(); enum2.MoveNext(); Object obj1 = enum2.Current; enum2.MoveNext(); Console.WriteLine("URL = " + obj1.ToString() + " Site = " + enum2.Current.ToString()); // Constructor to copy null host and assembly evidence. Evidence ev3b = new Evidence(null, null); Console.WriteLine("Create new evidence with null host and assembly evidence"); } catch (Exception e) { Console.WriteLine("Fatal error: {0}", e.ToString()); return false; } return retVal; } public static void Main() { try { Evidence_Constructors EvidenceTest = new Evidence_Constructors(); bool ret = EvidenceTest.CreateEvidence(); if (ret) { Console.WriteLine("Evidence_Constructors -- Done."); } else { Console.WriteLine("Evidence_Constructors -- Fail."); } } catch(Exception e) { Console.WriteLine(e.ToString()); Environment.ExitCode = 101; } } }
[C++, JScript] No example is available for C++ or JScript. To view a Visual Basic or C# example, click the Language Filter button
in the upper-left corner of the page.
Requirements
Namespace: System.Security.Policy
Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family, .NET Compact Framework
Assembly: Mscorlib (in Mscorlib.dll)