Evidence in C#


This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.

Although you briefly encountered the concept of evidence in the earlier discussion of code groups, let's expand the concept here. Evidence is information that the CLR uses to make decisions regarding security policy. The CLR decides that the code has particular membership to a code group depending on evidence gathered about the code. Evidence can include digital signatures and the location where code originates.

Although the following list of all evidence types looks much like the list of coding groups, the two serve totally different purposes.

  • Application directory-the application's installation directory.
  • Hash-the cryptographic hash, such as SHA-1.
  • Publisher-the software publisher signature; that is, the Authenticode signer of the code.
  • Site-the site of origin, such as http://www.mindcracker.com.
  • Strong name-the cryptographically strong name of the assembly.
  • URL-the URL of origin.
  • Zone-the zone of origin, such as Internet Zone.
  • Custom-an application-or system-defined custom condition. Administrators and developers can define these new types of evidence and extend security policy to recognize and use them.

Other than the different types of evidence shown above (Application directory, Hash, Publisher, Site, Strong name, URL, Zone), application-defined or system-defined evidence can also be provided to the runtime by trusted application domain hosts. CLR uses this system-defined evidence to evaluate enterprise, machine, user policy and an application domain policy for assemblies and return the set of permissions to grant to the assembly or application domain. Objects of any type that are recognized by security policy represent evidence.

Let us look at an example of examining the evidence contained in an assembly. Listing 22.3 displays the evidence that is passed to the security system for the mscorlib.dll assembly. The .NET Framework generates a permission set for the assembly based on security policy using the evidence according to policy files adjusted by administrators.

Listing 22-3: Outputting Evidence from an Assembly


using
System;
using
System.Reflection;
using
System.Security.Policy;
using
System.Collections;

public
class XMLApp
{
    public static void Main(String[] args)
    {
        try
        {
            // temporary Int64 object
            Int64 bigint1 = new Int64();

            // get the target class type
            Type mytype = bigint1.GetType();

            // get the assembly which hosts the Integer type.
            Assembly myassembly = Assembly.GetAssembly(mytype);
            Evidence myevidence = myassembly.Evidence;
            Console.WriteLine("How many evidences? " + myevidence.Count +"\r\n");
            IEnumerator ienum = myevidence.GetEnumerator();

            while (ienum.MoveNext())
            {
                Console.WriteLine(ienum.Current);
            }

            /* The listing will output:

            How many evidences? 4
            <System.Security.Policy.Zone version="1">
            <Zone>MyComputer</Zone>
            </System.Security.Policy.Zone>
            <System.Security.Policy.Url version="1">
            <Url>file://C:/windows/microsoft.net/framework/v1.0.3705/
            mscorlib.dll</Url>
            </System.Security.Policy.Url>
            <StrongName version="1"
            Key="00000000000000000400000000000000"
            Name="mscorlib"
            Version="1.0.3300.0"/>
            <System.Security.Policy.Hash version="1">
            <RawData>
            .............................
            .............................
            .............................
            </RawData>
            </System.Security.Policy.Hash>
            */

        }

        catch (Exception e)
        {
            Console.WriteLine("Exception: {0}", e.ToString());
        }
    }
}


Conclusion

Hope this article would have helped you in understanding Evidence in C#. See other articles on the website on .NET and C#.

visual C-sharp.jpg The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer.

Up Next
    Ebook Download
    View all
    Learn
    View all