Sidebar 4: About .NET Security Policy Levels


Background: .NET security configuration is split into four levels Enterprise, Machine, User and Application Domain. Although the algorithms to get the permissions for a .NET assembly are quite straight forward there are some pitfalls using especially application domain policies.



The first aspect is that the permissions from each level are combined using a logical AND. So if one level disallows something there is no chance that the related right can be enabled by configuring any other level. This is the main reason why by default security is only configured on the machine level - enterprise and user will give full trust to anything and application domain policy is empty. In addition machine policy assings each .NET assembly to a zone with everything coming from the local machine having full trust.

First you can set the application domain policy let's say to the Internet zone and run some .NET code locally simulating reduced rights - there are a couple of samples on the Internet. You can not get this effect by configuring the .NET security in any way without changing the machine policy in a way that may crash a couple of other applications. In addition additional rights granted to the .NET code on the machine level can not be used - if for example the rights are bound to the strong name of a .NET assembly.

The Visual Studio for Microsoft Office 2003 extensions seem to be able to use .NET security configuration to give a .NET assembly reduced trust even if it's located on the local system - there are some excellent articles on this on the Internet. Actually this is kind of a fake using the application domain policy in a funny way: finally the overall security configuration will be loaded and most of the full trust assignments removed - especially from then enterprise and user level and from the MyComputer zone of the machine policy. Personally I think this is not how Microsoft expected the .NET security configuration to be used: if you try to check some .NET assembly against the security extensions made in the user level it will still report full trust if located on the local system. But it will not run as an Microsoft Office 2003 extension reporting that it does not have full trust.


Back to List of Sidebars

Back to Projects Home Page