Evidence in VB.NET
In this article I will explain you about Evidence in VB.NET.
Evidence is information that the CLR uses to make decisions regarding security policy. The CLR decides that the code has particular membership to a code group depending on evidence gathered about the code. Evidence can include digital signatures and the location where code originates.
Although the following list of all evidence types looks much like the list of coding groups, the two serve totally different purposes.
- Application directory-the application's installation directory.
- Hash-the cryptographic hash, such as SHA-1.
- Publisher-the software publisher signature; that is, the Authenticode signer of the code.
- Strong name-the cryptographically strong name of the assembly.
- URL-the URL of origin.
- Zone-the zone of origin, such as Internet Zone.
- Custom-an application-or system-defined custom condition. Administrators and developers can define these new types of evidence and extend security policy to recognize and use them.
Other than the different types of evidence shown above (Application directory, Hash, Publisher, Site, Strong name, URL, Zone), application-defined or system-defined evidence can also be provided to the runtime by trusted application domain hosts. CLR uses this system-defined evidence to evaluate enterprise, machine, user policy and an application domain policy for assemblies and return the set of permissions to grant to the assembly or application domain. Objects of any type that are recognized by security policy represent evidence.
Let us look at an example of examining the evidence contained in an assembly. Listing 11.0 displays the evidence that is passed to the security system for the mscorlib.dll assembly. The .NET Framework generates a permission set for the assembly based on security policy using the evidence according to policy files adjusted by administrators.
Listing 11.0: Outputting Evidence from an Assembly
Imports System.Reflection
Imports System.Security.Policy
Imports System.Collections
Module Module1
Public Class XMLApp
Shared Sub Main(ByVal args As [String]())
Try
' temporary Int64 object
Dim bigint1 As New Int64()
' get the target class type
Dim mytype As Type = bigint1.[GetType]()
' get the assembly which hosts the Integer type.
Dim myassembly As Assembly = Assembly.GetAssembly(mytype)
Dim myevidence As Evidence = myassembly.Evidence
Console.WriteLine("How many evidences? " & myevidence.Count & vbCr & vbLf)
Dim ienum As IEnumerator = myevidence.GetEnumerator()
While ienum.MoveNext()
End While
Console.WriteLine(ienum.Current)
' The listing will output:
' How many evidences?
' <System.Security.Policy.Zone version="1">
' <Zone>MyComputer</Zone>
' </System.Security.Policy.Zone>
' <System.Security.Policy.Url version="1">
' <Url>file://C:/windows/microsoft.net/framework/v1.0.3705/
' mscorlib.dll</Url>
' </System.Security.Policy.Url>
' <StrongName version="1"
' Key="00000000000000000400000000000000"
' Name="mscorlib"
' Version="1.0.3300.0"/>
' <System.Security.Policy.Hash version="1">
' <RawData>
' .............................
' .............................
' .............................
' </RawData>
' </System.Security.Policy.Hash>
'
Catch e As Exception
Console.WriteLine("Exception: {0}", e.ToString())
End Try
Console.ReadLine()
End Sub
End Class
End Module
OUTPUT:
CONCLUSION
Hope this article would have helped you in understanding Evidence in VB.NET.