The .NET security administration tools (discussed in Chapter 9) are sufficient for most users and security administrators to configure their security policy, but to have complete control over all security policy features, you must do so programmatically. As with evidence and permissions, .NET represents each of the security policy elements with classes, meaning that you can manipulate them in your own code very easily.
In the following sections, we provide explanations of how to program the key components of security policy, starting with code groups and membership conditions, then moving on to policy levels, and finally the security manager. We do not discuss individual permissions or permission sets, because we covered them in Chapter 7. We conclude with an example that brings together all elements of security policy programming; we demonstrate how to manipulate the policy of an application domain to control the policy resolution process applied to the assemblies loaded into it.
class provides the base representation of
a code group and defines the functionality that lies at the heart of
the policy resolution process. Four noninheritable subclasses extend
CodeGroup to provide concrete implementations that
you can use in security policy programming; these are shown in Figure 8-8.
Figure 8-8. Concrete ...