|
The CAS system has several extensibility points that enable it to be customized to meet the security requirements of a range of different environments. Authors of extensible applications can control the set of permissions granted to the assemblies running in their application domains by providing a CAS policy tree that maps an assembly's evidence to a set of granted permissions. The permissions granted by the extensible application are intersected with those granted at the enterprise, machine, and user policy levels to determine the final set of permissions that control which resources the assembly can access. The HostSecurityManager class in the System.Security namespace provides the infrastructure needed for extensible applications to customize CAS. By providing a class that derives from HostSecurityManager, authors of extensible applications can supply evidence for assemblies loaded into their application domains and supply application domain CAS policy. |
|