This documentation is archived and is not being maintained.

HostSecurityPolicyResolver Class

Provides a way to customize ASP.NET behavior at run time that overrides the ASP.NET code access security policy.


Namespace:  System.Web.Hosting
Assembly:  System.Web (in System.Web.dll)

[PermissionSetAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)]
public class HostSecurityPolicyResolver

The HostSecurityPolicyResolver type exposes the following members.

Public methodHostSecurityPolicyResolverInitializes a new instance of the HostSecurityPolicyResolver class.

Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodResolvePolicyGets a value that indicates the security policy that should be applied to an assembly.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)


The HostSecurityPolicyResolverType attribute has an invalid value or cannot be found.

In complex Web hosting environments such as SharePoint and Web farms, you might have to extend the ASP.NET code access security policy. By extending the HostSecurityPolicyResolver type, you can implement custom security policy behavior that overrides the ASP.NET code access security policy.

Configuring a HostSecurityPolicyResolver Class

In the configuration files, you can configure a custom HostSecurityPolicyResolver instance by adding the HostSecurityPolicyResolverType attribute to the trust element. The HostSecurityPolicyResolverType attribute can be set to the name of the custom HostSecurityPolicyResolver type that will be loaded by ASP.NET. The attribute value contains the fully qualified name of the derived type. By default, .NET Framework 4 does not set this attribute.

The following syntax shows how to configure the attribute:

  Level = "[Full|High|Medium|Low|Minimal]"
  permissionSetName = "name of the permission set"
  hostSecurityPolicyResolverType = "security policy resolution type"

The PermissionSetName attribute in the trust element can be set to a string value that indicates which named permission set in a partial trust configuration file should be used. By default, ASP.NET 4 sets this attribute to "ASP.Net".

The HostSecurityPolicyResolverType attribute in the trust element indicates the custom HostSecurityPolicyResolver object that will be loaded by ASP.NET. If the attribute is set to an empty string, the application uses the ASP.NET default logic for determining the permissions for the assembly. The HostSecurityPolicyResolver type attribute cannot be set to a null value.

Important noteImportant

The assembly that contains a derived HostSecurityPolicyResolver type must run with full trust, because the custom type provides information that ASP.NET can use to elevate assemblies to full trust. In general, you should deploy a custom policy resolver type in the global assembly cache, where it will run with full trust.

When you implement this class, you must override the ResolvePolicy method. Depending on the Evidence instance that is passed as a parameter, the method returns an enumeration value that indicates the security policy to apply to the assembly. The set of available security policies is determined by the HostSecurityPolicyResults enumeration.

.NET Framework

Supported in: 4

  • InheritanceDemand 

    for full trust for the inheriting type. This class cannot be inherited by partially trusted code.

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.