IApplicationTrustManager Interface


Determines whether an application should be executed and which set of permissions should be granted to it.

Namespace:   System.Security.Policy
Assembly:  mscorlib (in mscorlib.dll)

public interface IApplicationTrustManager : ISecurityEncodable

System_CAPS_pubmethodDetermineApplicationTrust(ActivationContext, TrustManagerContext)

Determines whether an application should be executed and which set of permissions should be granted to it.


Reconstructs a security object with a specified state from an XML encoding.(Inherited from ISecurityEncodable.)


Creates an XML encoding of the security object and its current state.(Inherited from ISecurityEncodable.)

Trust managers must implement the IApplicationTrustManager interface. The host calls the IApplicationTrustManager.DetermineApplicationTrust method to determine whether an application should be executed and which permissions should be granted to the application.

In the .NET Framework 4 and later, there is only one trust manager, which can be a custom implementation of the IApplicationTrustManager interface. The default trust manager implementation prompts the user for permission to install the application and to elevate the permissions granted to the application. Other trust manager implementations might provide different user experiences. For example, an implementation might check an enterprise list for trusted applications instead of prompting the user for that information.

The following example shows a simple implementation of IApplicationTrustManager.

// To use the custom trust manager MyTrustManager, compile it into CustomTrustManager.dll, 
// place that assembly in the GAC, and  put the following elements in
// an ApplicationTrust.config file in the config folder in the Microsoft .NET framework
// installation folder.

//<?xml version="1.0" encoding="utf-8" ?>
//    <mscorlib>
//        <security>
//            <policy>
//                <ApplicationSecurityManager>
//                    <ApplicationEntries />
//                    <IApplicationTrustManager class="MyNamespace.MyTrustManager, CustomTrustManager, Version=, Culture=neutral, PublicKeyToken=5659fc598c2a503e"/>
//                </ApplicationSecurityManager>
//            </policy>
//        </security>
//    </mscorlib>

using System;
using System.Security;
using System.Security.Policy;
using System.Windows.Forms;
namespace MyNamespace
	public class MyTrustManager : IApplicationTrustManager
		public ApplicationTrust DetermineApplicationTrust(ActivationContext appContext, TrustManagerContext context)
			ApplicationTrust trust = new ApplicationTrust(appContext.Identity);
			trust.IsApplicationTrustedToRun = false;

			ApplicationSecurityInfo asi = new ApplicationSecurityInfo(appContext);
			trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
			if (context.UIContext == TrustManagerUIContext.Run)
				string message = "Do you want to run " + asi.ApplicationId.Name + " ?";
				string caption = "MyTrustManager";
				MessageBoxButtons buttons = MessageBoxButtons.YesNo;
				DialogResult result;

				// Displays the MessageBox.

				result = MessageBox.Show(message, caption, buttons);

				if (result == DialogResult.Yes)
					trust.IsApplicationTrustedToRun = true;
					if (context != null)
						trust.Persist = context.Persist;
						trust.Persist = false;

			return trust;

		public SecurityElement ToXml()
			SecurityElement se = new SecurityElement("IApplicationTrustManager");
			se.AddAttribute("class", typeof(MyTrustManager).AssemblyQualifiedName);
			return se;

		public void FromXml(SecurityElement se)
			if (se.Tag != "IApplicationTrustManager" || (string)se.Attributes["class"] != typeof(MyTrustManager).AssemblyQualifiedName)
				throw new ArgumentException("Invalid tag");

.NET Framework
Available since 2.0
Return to top