April 2002
Intermediate to advanced
816 pages
20h 56m
English
book
.NET Framework Security
by Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
Content preview from .NET Framework SecurityBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Summary
Because the .NET Framework assigns trust to code and not users, evidence about code is a fundamental piece of .NET Framework security. Evidence can be viewed as the credentials for .NET Framework code. Generally, the same .NET application will have the same evidence, regardless of which user executes it.
Evidence is applied to assemblies and app domains. The Common Language Runtime provides default evidence when assemblies are loaded. Hosts can provide evidence for both assemblies and app domains, and assemblies can also provide evidence about themselves. However, assembly evidence does nothing unless security policy recognizes and uses it. Unmanaged hosts can only provide evidence regarding app domains, while managed hosts can provide ...