Security Policy Management
Updated: September 2008
Security policy is the configurable set of rules that the common language runtime follows when determining the permissions to grant to code. The code is identified by its assembly file, which is either an executable (.exe) or a library (.dll). The runtime examines identifiable characteristics of the assembly, such as the Web site or zone where the code originates, to determine the access that the code can have to resources. Those characteristics are defined as System.Security.Policy.Evidence, which is associated with the assembly. Typical Evidence for an assembly is Url, Zone, StrongName, and Hash. During execution, the runtime uses the Evidence to ensure that code accesses only the resources that it has been granted permission to access.
Security policy defines several code groups and associates each group with a set of permissions. The security system uses Evidence to determine the code groups an assembly belongs in. After all evidence is considered, the assembly is associated with one or more code groups, and the resulting permission grant is the total set of permissions associated with all the matching code groups.
By default, assemblies that reside on the computer they are to run on are in the MyComputer zone. The MyComputer zone evidence places the code in the My_Computer_Zone code group and grants it full-trust permission. The full-trust permission set bypasses security checks and grants code access to all protected resources. For that reason, it is very important that you install applications on your computer only from sources that you completely trust. In the .NET Framework version 3.5 Service Pack 1 (SP1), full trust is extended to assemblies that you run from an intranet as well as from your computer. Again, you should only run intranet applications that you fully trust. Security policy administrators can decide to restore the policy for intranet applications to the partial-trust status they were previously granted.
Although the default security policy is suitable for most situations, administrators can modify or customize security policy according to the specific needs of their organizations. The runtime grants permissions to both assemblies and application domains based on security policy.