Chapter 6. Evidence and Code Identity

Computerized security systems often use biometric characteristics, such as fingerprints, retina patterns, and keyboard dynamics to establish the identity of a person.In an analogous manner, .NET establishes the identity of an assembly based on characteristics derived from the assembly's content, structure, and source location. .NET refers to these identifying characteristics as evidence, and uses them to determine the actions and resources that code in the assembly has permission to access.

Our discussion of evidence begins with an explanation of what it is and where it comes from. We describe the purpose and use of the different types of evidence, including the standard evidence classes provided with the. NET Framework. Then we demonstrate how to use evidence programmatically in order to control the access permissions of your code. Finally, we show you how to extend CAS by developing custom evidence classes.

Evidence is most commonly used to determine the permissions to grant to an assembly but also plays an important role in securing application domains. To simplify our discussion, we focus on using evidence with assemblies. In almost all instances, the techniques we discuss are applicable without change to application domains, and we highlight where this is not the case.