Evidence in VB.NET

In this article I will explain you about Evidence in VB.NET.
  • 1434

Evidence is information that the CLR uses to make decisions regarding security policy. The CLR decides that the code has particular membership to a code group depending on evidence gathered about the code. Evidence can include digital signatures and the location where code originates.

Although the following list of all evidence types looks much like the list of coding groups, the two serve totally different purposes.

  • Application directory-the application's installation directory.
  • Hash-the cryptographic hash, such as SHA-1.
  • Publisher-the software publisher signature; that is, the Authenticode signer of the code.
  • Strong name-the cryptographically strong name of the assembly.
  • URL-the URL of origin.
  • Zone-the zone of origin, such as Internet Zone.
  • Custom-an application-or system-defined custom condition. Administrators and developers can define these new types of evidence and extend security policy to recognize and use them.

Other than the different types of evidence shown above (Application directory, Hash, Publisher, Site, Strong name, URL, Zone), application-defined or system-defined evidence can also be provided to the runtime by trusted application domain hosts. CLR uses this system-defined evidence to evaluate enterprise, machine, user policy and an application domain policy for assemblies and return the set of permissions to grant to the assembly or application domain. Objects of any type that are recognized by security policy represent evidence.

Let us look at an example of examining the evidence contained in an assembly. Listing 11.0 displays the evidence that is passed to the security system for the mscorlib.dll assembly. The .NET Framework generates a permission set for the assembly based on security policy using the evidence according to policy files adjusted by administrators.

Listing 11.0: Outputting Evidence from an Assembly

Imports System.Reflection
Imports System.Security.Policy
Imports System.Collections
    Public Class XMLApp
        Shared Sub Main(ByVal args As [String]())
                ' temporary Int64 object
                Dim bigint1 As New Int64() 
                ' get the target class type         
                Dim mytype As Type = bigint1.[GetType]()
                ' get the assembly which hosts the Integer type.
               Dim myassembly As Assembly = Assembly.GetAssembly(mytype)
                Dim myevidence As Evidence = myassembly.Evidence
                Console.WriteLine("How many evidences? " & myevidence.Count & vbCr & vbLf)
                Dim ienum As IEnumerator = myevidence.GetEnumerator()
                While ienum.MoveNext()
                End While
                ' The listing will output:
                '            How many evidences? 
                '            <System.Security.Policy.Zone version="1">
                '            <Zone>MyComputer</Zone>
                '            </System.Security.Policy.Zone>
                '            <System.Security.Policy.Url version="1">
                '            <Url>file://C:/windows/microsoft.net/framework/v1.0.3705/
                '            mscorlib.dll</Url>
                '            </System.Security.Policy.Url>
                '            <StrongName version="1"
                '            Key="00000000000000000400000000000000"
                '            Name="mscorlib"
                '            Version="1.0.3300.0"/>
                '            <System.Security.Policy.Hash version="1">
                '            <RawData>
                '            .............................
                '            .............................
                '            .............................
                '            </RawData>
                '            </System.Security.Policy.Hash>
            Catch e As Exception
                Console.WriteLine("Exception: {0}", e.ToString())
            End Try
        End Sub
End Module




Hope this article would have helped you in understanding Evidence in VB.NET.


More Articles

© 2020 DotNetHeaven. All rights reserved.