Customizing the Microsoft .NET Framework Common Language Runtime

Customizing the Code Access Security System Using a HostSecurityManager

The HostSecurityManager class in the System.Security namespace provides the infrastructure through which an extensible application can customize the CAS system for individual application domains. By providing a class derived from HostSecurityManager, an extensible application can assign evidence to assemblies as they are loaded, supply a CAS policy tree for an application domain, and so on. Table 10-1 lists the members of HostSecurityManager.

Table 10-1. The Members of HostSecurityManager

Method

Description

DomainPolicy

A property through which an extensible application can supply an application domain CAS policy level.

ProvideAssemblyEvidence

A method used to supply evidence to assemblies as they are loaded. Extensible applications implement this method to supply hostspecific evidence to augment the evidence provided by the CLR.

DetermineApplicationTrust

A method by which extensible applications can decide whether an application defined by a formal manifest is allowed to run. Note: I don't cover the topic of application manifests at all in this book. Refer to the .NET Framework SDK for more information on this property.

Flags

A set of flags of type HostSecurityManagerFlags through which the extensible application tells the CLR which CAS customizations it is interested in supplying. For example, the CLR won't consult your HostSecurityManager implementation for an applicationdomain-level policy tree unless this property includes the HostSecurityManagerFlags.HostPolicyLevel flag.

A HostSecurityManager is part of the application domain manager infrastructure that extensible applications use to customize new application domains. When initializing a new application domain, the CLR checks to see whether an implementation of HostSecurityManager has been provided for the new domain by accessing the HostSecurityManager property on the domain's application domain manager.

Now that I've covered the core concepts of the CAS system and have taken a first look at the HostSecurityManager class, I will go ahead and write an extensible application that extends CAS to enforce application-specific security requirements.

    Related

    Категории