|
|
|
|
|
|
|
Author Rank :
|
|
|
Page Views :
|
3660
|
|
Downloads :
|
24
|
|
Rating :
|
Rate it
|
|
Level :
|
Beginner
|
|
|
|
|
Download
Files:
|
|
|
|
|
|
|
|
|
|
|
|
This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.
Although you briefly encountered the concept of evidence in the earlier discussion of code groups, let's expand the concept here. Evidence is information that the CLR uses to make decisions regarding security policy. The CLR decides that the code has particular membership to a code group depending on evidence gathered about the code. Evidence can include digital signatures and the location where code originates.
Although the following list of all evidence types looks much like the list of coding groups, the two serve totally different purposes.
-
Application directory-the application's installation directory.
-
Hash-the cryptographic hash, such as SHA-1.
-
Publisher-the software publisher signature; that is, the Authenticode signer of the code.
-
-
Strong name-the cryptographically strong name of the assembly.
-
URL-the URL of origin.
-
Zone-the zone of origin, such as Internet Zone.
-
Custom-an application-or system-defined custom condition. Administrators and developers can define these new types of evidence and extend security policy to recognize and use them.
Other than the different types of evidence shown above (Application directory, Hash, Publisher, Site, Strong name, URL, Zone), application-defined or system-defined evidence can also be provided to the runtime by trusted application domain hosts. CLR uses this system-defined evidence to evaluate enterprise, machine, user policy and an application domain policy for assemblies and return the set of permissions to grant to the assembly or application domain. Objects of any type that are recognized by security policy represent evidence.
Let us look at an example of examining the evidence contained in an assembly. Listing 22.3 displays the evidence that is passed to the security system for the mscorlib.dll assembly. The .NET Framework generates a permission set for the assembly based on security policy using the evidence according to policy files adjusted by administrators.
Listing 22-3: Outputting Evidence from an Assembly
using System;
using System.Reflection;
using System.Security.Policy;
using System.Collections;
public class XMLApp
{
public static void Main(String[] args)
{
try
{
// temporary Int64 object
Int64 bigint1 = new Int64();
// get the target class type
Type mytype = bigint1.GetType();
// get the assembly which hosts the Integer type.
Assembly myassembly = Assembly.GetAssembly(mytype);
Evidence myevidence = myassembly.Evidence;
Console.WriteLine("How many evidences? " + myevidence.Count +"\r\n");
IEnumerator ienum = myevidence.GetEnumerator();
while (ienum.MoveNext())
{
Console.WriteLine(ienum.Current);
}
/* The listing will output:
How many evidences? 4
<System.Security.Policy.Zone version="1">
<Zone>MyComputer</Zone>
</System.Security.Policy.Zone>
<System.Security.Policy.Url version="1">
<Url>file://C:/windows/microsoft.net/framework/v1.0.3705/
mscorlib.dll</Url>
</System.Security.Policy.Url>
<StrongName version="1"
Key="00000000000000000400000000000000"
Name="mscorlib"
Version="1.0.3300.0"/>
<System.Security.Policy.Hash version="1">
<RawData>
.............................
.............................
.............................
</RawData>
</System.Security.Policy.Hash>
*/
}
catch (Exception e)
{
Console.WriteLine("Exception: {0}", e.ToString());
}
}
}
Conclusion
Hope this article would have helped you in understanding Evidence in C#. See other articles on the website on .NET and C#.
 |
The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer. |
|
|
Comment Request!
Thank you for reading this post. Please post your feedback, question, or comments about this post
Here.
|
|
|
|
|
Login
to add your contents and source code to this article
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional
consulting company, our consultants are well-known experts in .NET and many of them
are MVPs, authors, and trainers. We specialize in Microsoft .NET development and
utilize Agile Development and Extreme Programming practices to provide fast pace
quick turnaround results. Our software development model is a mix of Agile Development,
traditional SDLC, and Waterfall models.
|
|
Click here to learn more about C# Consulting. |
|
|
|
|
|
|
|
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon.
Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees.
As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
|
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
|
Nevron Chart for .NET 2010.1 Now Available
The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.
|
ASP.NET 4 Hosting
Get 2 Months Free of ASP.NET Hosting for Only $4.95/month! Receive FREE MS SQL and MySQL Databases Including ASP.NET 4/3.5, MVC 3.0, Silverlight 4, Windows 2008/IIS 7.0 Plus FREE IIS 7 Modules. Host UNLIMITED ASP.NET Web Sites – Click Here!
|
|
|
|
|
|
|
|
|
|
|
|
|