diff --git a/xml/System.Security.Policy/ApplicationDirectory.xml b/xml/System.Security.Policy/ApplicationDirectory.xml
index 50d10b900c1..4ce250a999a 100644
--- a/xml/System.Security.Policy/ApplicationDirectory.xml
+++ b/xml/System.Security.Policy/ApplicationDirectory.xml
@@ -34,14 +34,7 @@
Provides the application directory as evidence for policy evaluation. This class cannot be inherited.
-
-
-
+ The domain host can associate a file directory with an application domain. The evidence for policy evaluation is provided only when the application domain is associated with a file directory.
@@ -78,11 +71,11 @@
The path of the application directory.
Initializes a new instance of the class.
-
The parameter is .
@@ -200,11 +193,11 @@
if the two instances are equivalent; otherwise, .
-
@@ -281,11 +274,11 @@
Gets a string representation of the state of the evidence object.
A representation of the state of the evidence object.
-
diff --git a/xml/System.Security.Policy/ApplicationTrust.xml b/xml/System.Security.Policy/ApplicationTrust.xml
index bb9a0fd23c5..2335fb3c34f 100644
--- a/xml/System.Security.Policy/ApplicationTrust.xml
+++ b/xml/System.Security.Policy/ApplicationTrust.xml
@@ -183,8 +183,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- `fullTrustAssemblies` identifies strong-named assemblies within the that are to be granted full trust. This constructor is called by the method to create an that will be used as a sandbox. For more information about running an application in a sandbox, see [How to: Run Partially Trusted Code in a Sandbox](/dotnet/framework/misc/how-to-run-partially-trusted-code-in-a-sandbox).
-
]]>
@@ -414,8 +412,6 @@ The and that is associated with this instance. The assemblies are identified by their strong names.
-
]]>
diff --git a/xml/System.Security.Policy/CodeGroup.xml b/xml/System.Security.Policy/CodeGroup.xml
index a266f111e09..205b73e5f8c 100644
--- a/xml/System.Security.Policy/CodeGroup.xml
+++ b/xml/System.Security.Policy/CodeGroup.xml
@@ -34,16 +34,7 @@
Represents the abstract base class from which all implementations of code groups must derive.
-
-
-
+ To be added.
@@ -81,14 +72,7 @@
A membership condition that tests evidence to determine whether this code group applies policy.
The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition.
Initializes a new instance of .
-
- method.
-
- ]]>
-
+ To be added.
The parameter is .
The type of the parameter is not valid.
@@ -171,14 +155,7 @@
Gets a string representation of the attributes of the policy statement for the code group.
A string representation of the attributes of the policy statement for the code group.
-
-
-
+ To be added.
@@ -214,17 +191,7 @@
Gets or sets an ordered list of the child code groups of a code group.
A list of child code groups.
-
- [!NOTE]
-> The return value is a copy of the child code list. Do not use the returned list to add a child code group; instead, use the method.
-
- ]]>
-
+ To be added.
An attempt is made to set this property to .
An attempt is made to set this property with a list of children that are not objects.
@@ -263,14 +230,7 @@
When overridden in a derived class, makes a deep copy of the current code group.
An equivalent copy of the current code group, including its membership conditions and child code groups.
-
-
-
+ To be added.
@@ -311,16 +271,7 @@
The XML encoding to which to add the serialization.
The policy level within which the code group exists.
When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified .
-
- cannot be overridden. If you need to serialize members specific to a particular implementation of , you must override and serialize your members there. When the code group is serialized, calls and adds your serialization to the created by .
-
- The XML created using this method is deserialized by the method.
-
- ]]>
-
+ To be added.
If you implement this method, you must implement the method as well.
@@ -411,16 +362,7 @@
Determines whether the specified code group is equivalent to the current code group.
if the specified code group is equivalent to the current code group; otherwise, .
-
- , , and .
-
- This method tests the top-level code group only, not its child code groups.
-
- ]]>
-
+ To be added.
@@ -464,16 +406,7 @@
Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified.
if the specified code group is equivalent to the current code group; otherwise, .
-
- , , and .
-
- If the `compareChildren` parameter is `true`, this method will only return `true` if the current code group and all its child code groups are equivalent to the specified code group and all its child code groups.
-
- ]]>
-
+ To be added.
@@ -568,14 +501,7 @@
The XML encoding to use to reconstruct the security object.
The policy level within which the code group exists.
Reconstructs a security object with a given state and policy level from an XML encoding.
-
-
-
+ To be added.
The parameter is .
@@ -653,14 +579,7 @@
Gets or sets the code group's membership condition.
The membership condition that determines to which evidence the code group is applicable.
-
-
-
+ To be added.
An attempt is made to set this parameter to .
@@ -777,16 +696,7 @@
The XML encoding to use to reconstruct the security object.
The policy level within which the code group exists.
When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified .
-
- cannot be overridden. If you need to deserialize members specific to a particular implementation of , you must override and deserialize your members there. When the code group is deserialized, calls and reconstructs your members from the .
-
- This method deserializes XML created using .
-
- ]]>
-
+ To be added.
If you implement this method, you must implement the method as well.
@@ -826,14 +736,7 @@
Gets the name of the named permission set for the code group.
The name of a named permission set of the policy level.
-
-
-
+ To be added.
@@ -869,25 +772,7 @@
Gets or sets the policy statement associated with the code group.
The policy statement for the code group.
-
- for a code group.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic CodeGroup.PolicyStatement Example/CPP/source.cpp" id="Snippet1":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/CodeGroup/PolicyStatement/source.cs" id="Snippet1":::
- :::code language="vb" source="~/snippets/visualbasic/System.Security.Policy/CodeGroup/PolicyStatement/source.vb" id="Snippet1":::
-
- ]]>
-
+ To be added.
@@ -926,14 +811,7 @@
The code group to be removed as a child.
Removes the specified child code group.
-
-
-
+ To be added.
The parameter is not an immediate child code group of the current code group.
@@ -974,18 +852,7 @@
The evidence for the assembly.
When overridden in a derived class, resolves policy for the code group and its descendants for a set of evidence.
A policy statement that consists of the permissions granted by the code group with optional attributes, or if the code group does not apply (the membership condition does not match the specified evidence).
-
- , all child code groups whose membership condition match the specified evidence are also resolved, and all resulting policy statements are combined with the policy statement of the parent union code group. Each child code group type determines how all child groups under it are applied, depending on how the methods of these child groups work.
-
- The .NET Framework security system uses on the policy levels to determine which permissions to grant to loaded code from the resulting policy statements and the code request on the assembly.
-
- ]]>
-
+ To be added.
@@ -1025,14 +892,7 @@
The evidence for the assembly.
When overridden in a derived class, resolves matching code groups.
A that is the root of the tree of matching code groups.
-
- . The code group that is returned contains child code groups, which in turn can have child code groups as necessary to reflect the complete set of code groups that were matched by the evidence provided.
-
- ]]>
-
+ To be added.
@@ -1123,14 +983,7 @@
The policy level within which the code group exists.
Creates an XML encoding of the security object, its current state, and the policy level within which the code exists.
An XML encoding of the security object, including any state information.
-
-
-
+ To be added.
and cannot be overridden. If you need to change the way in which your code group implementation handles XML, override the and methods.
diff --git a/xml/System.Security.Policy/EvidenceBase.xml b/xml/System.Security.Policy/EvidenceBase.xml
index 9ee8b60ec75..e93a47f54f0 100644
--- a/xml/System.Security.Policy/EvidenceBase.xml
+++ b/xml/System.Security.Policy/EvidenceBase.xml
@@ -44,17 +44,12 @@
Provides a base class from which all objects to be used as evidence must derive.
- objects as evidence. The common language runtime (CLR) considered evidence objects as references, and did not apply any type safety to them.
-
- This presented a problem because there were implicit restrictions on which types could be used as evidence objects. Specifically, any object used as evidence had to be serializable and could not be `null`. If these requirements were not met, the CLR threw an exception whenever an operation that required one of these assumptions was performed.
-
- The class, which all evidence objects must derive from, was introduced in the .NET Framework 4 to enable constraints on the types of objects that can be used as evidence and to provide the ability to add new features and requirements to all evidence objects. The class ensures, upon instantiation, that the evidence object is serializable. In addition, it enables new evidence requirements to be created by adding new default implementations to the base class.
-
- All the types used by the CLR as evidence objects have been updated in the .NET Framework 4 to derive from .
-
+ class, which all evidence objects must derive from, enables constraints on the types of objects that can be used as evidence, and provides the ability to add new features and requirements to all evidence objects. The class ensures, upon instantiation, that the evidence object is serializable. In addition, it enables new evidence requirements to be created by adding new default implementations to the base class.
+
]]>
@@ -91,11 +86,11 @@
Initializes a new instance of the class.
-
An object to be used as evidence is not serializable.
@@ -139,11 +134,11 @@
Creates a new object that is a complete copy of the current instance.
A duplicate copy of this evidence object.
-
diff --git a/xml/System.Security.Policy/FileCodeGroup.xml b/xml/System.Security.Policy/FileCodeGroup.xml
index af26bf92937..442be943757 100644
--- a/xml/System.Security.Policy/FileCodeGroup.xml
+++ b/xml/System.Security.Policy/FileCodeGroup.xml
@@ -47,12 +47,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups. Each child code group can have their own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.
-
- has the same child matching semantics as . However, returns a permission set containing a dynamically-calculated that grants file access to the directory from which the code is run; only returns a static permission set. The type of file access granted is passed as a parameter to the constructor.
-
- This code group only matches assemblies run over a file protocol, that is, assemblies that have URLs that point to a file or UNC path.
-
]]>
@@ -92,16 +86,7 @@
A membership condition that tests evidence to determine whether this code group applies policy.
One of the values. This value is used to construct the that is granted.
Initializes a new instance of the class.
-
- method.
-
- returns a permission set containing a dynamically-calculated that grants file access to the directory from which the code is run. The type of access granted is determined by the `access` parameter.
-
- ]]>
-
+ To be added.
The parameter is .
The type of the parameter is not valid.
@@ -143,14 +128,7 @@
Gets a string representation of the attributes of the policy statement for the code group.
Always .
-
- does not use , so this property is always `null`.
-
- ]]>
-
+ To be added.
@@ -187,14 +165,7 @@
Makes a deep copy of the current code group.
An equivalent copy of the current code group, including its membership conditions and child code groups.
-
-
-
+ To be added.
@@ -466,18 +437,7 @@
The evidence for the assembly.
Resolves policy for the code group and its descendants for a set of evidence.
A policy statement consisting of the permissions granted by the code group with optional attributes, or if the code group does not apply (the membership condition does not match the specified evidence).
-
- on the policy levels to determine which permissions to grant to loaded code from the resulting policy statements and the code request on the assembly.
-
- uses union semantics and forms a permission set based on the specified by `evidence`.
-
- ]]>
-
+ To be added.
The parameter is .
The current policy is .
@@ -523,16 +483,7 @@
The evidence for the assembly.
Resolves matching code groups.
A that is the root of the tree of matching code groups.
-
- uses union semantics and forms a permission set based on the specified by `evidence`.
-
- ]]>
-
+ To be added.
The parameter is .
diff --git a/xml/System.Security.Policy/FirstMatchCodeGroup.xml b/xml/System.Security.Policy/FirstMatchCodeGroup.xml
index ebed41217df..9511dea4dac 100644
--- a/xml/System.Security.Policy/FirstMatchCodeGroup.xml
+++ b/xml/System.Security.Policy/FirstMatchCodeGroup.xml
@@ -47,12 +47,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups. Each child code group can have their own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.
-
- Like any code group, only applies when its membership condition matches evidence for an assembly. If there is a match, it tests the membership condition of each child in order, stopping when the first match occurs. The result of is the union of the policy statement of the root code group and the policy statement of the first child group of that code group that matches.
-
- is intended for programmatic use by application domain hosts to set domain policy.
-
]]>
@@ -92,14 +86,7 @@
A membership condition that tests evidence to determine whether this code group applies policy.
The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition.
Initializes a new instance of the class.
-
- method.
-
- ]]>
-
+ To be added.
The type of the parameter is not valid.
-or-
@@ -141,14 +128,7 @@
Makes a deep copy of the code group.
An equivalent copy of the code group, including its membership conditions and child code groups.
-
-
-
+ To be added.
@@ -224,22 +204,7 @@
The evidence for the assembly.
Resolves policy for the code group and its descendants for a set of evidence.
A policy statement consisting of the permissions granted by the code group with optional attributes, or if the code group does not apply (the membership condition does not match the specified evidence).
-
- methods of these child groups work.
-
- The .NET Framework security system uses on the policy levels to determine which permissions to grant to loaded code from the resulting policy statements and the code request on the assembly.
-
- This operation of this method is as follows:
-
- If the membership condition does not match the specified evidence, return `null`; otherwise, set the permission set to be returned (P) equal to the code group's policy statement and continue. For each child code group, resolve the code group with the same evidence; if the result is not `null`, return that policy statement. If no child code group matched, return P (the parent's policy statement).
-
- ]]>
-
+ To be added.
The parameter is .
More than one code group (including the parent code group and any child code groups) is marked .
@@ -281,16 +246,7 @@
The evidence for the assembly.
Resolves matching code groups.
A that is the root of the tree of matching code groups.
-
- methods of these child groups work.
-
- ]]>
-
+ To be added.
The parameter is .
diff --git a/xml/System.Security.Policy/GacInstalled.xml b/xml/System.Security.Policy/GacInstalled.xml
index 2759d1cb64d..af4c69ce9eb 100644
--- a/xml/System.Security.Policy/GacInstalled.xml
+++ b/xml/System.Security.Policy/GacInstalled.xml
@@ -50,8 +50,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- The presence of evidence produces a in the grant set. If there is a for , the that corresponds to the evidence is compared with the demanded permission.
-
]]>
@@ -84,14 +82,7 @@
Initializes a new instance of the class.
-
- object has no properties.
-
- ]]>
-
+ To be added.
@@ -169,14 +160,7 @@
The from which to construct the identity permission.
Creates a new identity permission that corresponds to the current object.
A new identity permission that corresponds to the current object.
-
- can be used to determine whether the calling code is in the global assembly cache.
-
- ]]>
-
+ To be added.
@@ -216,14 +200,7 @@
Indicates whether the current object is equivalent to the specified object.
if is a object; otherwise, .
-
- objects have no properties to distinguish one from another, so all objects are equal.
-
- ]]>
-
+ To be added.
@@ -259,14 +236,7 @@
Returns a hash code for the current object.
A hash code for the current object.
-
- method returns 0 (zero) because objects have no properties to distinguish one from another.
-
- ]]>
-
+ To be added.
@@ -302,14 +272,7 @@
Returns a string representation of the current object.
A string representation of the current object.
-
-
-
+ To be added.
diff --git a/xml/System.Security.Policy/IIdentityPermissionFactory.xml b/xml/System.Security.Policy/IIdentityPermissionFactory.xml
index aa3a50a2197..0c1ba81e06f 100644
--- a/xml/System.Security.Policy/IIdentityPermissionFactory.xml
+++ b/xml/System.Security.Policy/IIdentityPermissionFactory.xml
@@ -45,8 +45,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Some types of evidence have a corresponding identity permission that is granted to assemblies with that evidence. This allows other code to make identity demands, so that only code with a specific piece of evidence will pass. For example, you can demand that your callers have a specific strong name; only callers with that strong name will pass the demand. By implementing for an evidence object, you provide an implementation of that the .NET Framework security system can call to get an identity permission that represents that piece of evidence. During policy resolution, the security system will call that method on all evidence objects that implement and grant the resulting identity permissions to the appropriate assembly.
-
]]>
diff --git a/xml/System.Security.Policy/NetCodeGroup.xml b/xml/System.Security.Policy/NetCodeGroup.xml
index 58910b124a8..25fff65a051 100644
--- a/xml/System.Security.Policy/NetCodeGroup.xml
+++ b/xml/System.Security.Policy/NetCodeGroup.xml
@@ -34,37 +34,7 @@
Grants Web permission to the site from which the assembly was downloaded. This class cannot be inherited.
-
- has the same merge semantics as that of ; it forms the union of the objects of all matching child code groups and the it generates from the input evidence. However, returns a permission containing a dynamically calculated that grants connect access to the site from which the code is run; simply returns a static permission set.
-
- When a is created, it contains the default connection access rules shown in the following table.
-
-|URI Scheme|Rule|
-|----------------|----------|
-|file|No connection access to the origin server is permitted.|
-|http|HTTP and HTTPS access is permitted using the origin port.|
-|https|HTTPS access is permitted using the origin port.|
-
- You can control the scheme and port that code is permitted to use when connecting back to its site of origin by passing a object with the appropriate and property values to the method. You can create a connection access rule that applies when the origin scheme is not present in the evidence or is not recognized by specifying ("") as the scheme. You can also create a connection access rule that applies when there is no connection access rule with a matching scheme by specifying ("*") as the scheme.
-
-> [!NOTE]
-> If code does not submit the URI scheme as evidence, access is permitted using any scheme back to the origin site.
-
-
-
-## Examples
- The following code example demonstrates creating a and adding objects for code downloaded using the HTTP scheme.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_Remoting/NclCodeGroup/cpp/sample.cpp" id="Snippet3":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/CodeConnectAccess/Overview/sample.cs" id="Snippet3":::
-
- ]]>
-
+ To be added.
@@ -100,28 +70,7 @@
A membership condition that tests evidence to determine whether this code group applies code access security policy.
Initializes a new instance of the class.
-
- is created, it contains the default connection access rules shown in the following table.
-
-|Scheme|Rule|
-|------------|----------|
-|file|No connection access to the origin server is permitted.|
-|http|HTTP and HTTPS access is permitted using the origin port.|
-|https|HTTPS access is permitted using the origin port.|
-
-
-
-## Examples
- The following code example demonstrates creating a and adding objects for code downloaded using the HTTP scheme.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_Remoting/NclCodeGroup/cpp/sample.cpp" id="Snippet3":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/CodeConnectAccess/Overview/sample.cs" id="Snippet3":::
-
- ]]>
-
+ To be added.
The parameter is .
The type of the parameter is not valid.
@@ -157,18 +106,7 @@
Contains a value used to specify connection access for code with an unknown or unrecognized origin scheme.
-
- method, you specify a scheme and an associated object. Any objects that you add to the using as the origin scheme are applied when the code's origin scheme is not present in its evidence, or is not a scheme recognized by the object.
-
- To specify the objects to use when the code's origin scheme does not match any of the schemes contained in the set of origin schemes added to the current object, use the value.
-
- The value of the field is an empty string ("").
-
- ]]>
-
+ To be added.
@@ -208,22 +146,7 @@
A containing the scheme to match against the code's scheme.
A that specifies the scheme and port code can use to connect back to its origin server.
Adds the specified connection access to the current code group.
-
- objects for the same `origin scheme`. If an `origin scheme` already has one or more associated objects, specifying `null` for `connectAccess` has no effect. If the origin scheme does not have associated objects, specifying `null` for `connectAccess` prevents code with an origin scheme that matches `originScheme` from accessing its origin server.
-
-
-
-## Examples
- The following code example demonstrates creating and adding objects to a .
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_Remoting/NclCodeGroup/cpp/sample.cpp" id="Snippet3":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/CodeConnectAccess/Overview/sample.cs" id="Snippet3":::
-
- ]]>
-
+ To be added.
is .
@@ -265,20 +188,7 @@
Contains a value used to specify any other unspecified origin scheme.
-
- method, you specify a scheme and an associated object. You can use the value of the field to specify the objects that should be used for any scheme that is not explicitly contained in the set of origin schemes added to the current object.
-
- The objects specified with the field are only used if the code's origin scheme does not match any of the schemes contained in the set of origin schemes added to the current object.
-
- To specify the objects to apply when the code's origin scheme is not available in its evidence or is not recognized, use the value.
-
- The value of the field is "*".
-
- ]]>
-
+ To be added.
@@ -438,20 +348,7 @@
Determines whether the specified code group is equivalent to the current code group.
if the specified code group is equivalent to the current code group; otherwise, .
-
- objects:
-
-- The and properties.
-
-- The property.
-
-- The set of origin schemes and the associated objects.
-
- ]]>
-
+ To be added.
@@ -487,22 +384,7 @@
Gets the connection access information for the current code group.
A array containing connection access information.
-
- property value is the origin scheme, and the property value is the array of associated objects. If there are no associated objects, returns an empty array.
-
-
-
-## Examples
- The following code example demonstrates displaying the connection access rules for a object.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_Remoting/NclCodeGroup/cpp/sample.cpp" id="Snippet8":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/CodeConnectAccess/Overview/sample.cs" id="Snippet8":::
-
- ]]>
-
+ To be added.
@@ -686,30 +568,7 @@
Removes all connection access information for the current code group.
-
-
-
+ To be added.
@@ -749,18 +608,7 @@
The for the assembly.
Resolves policy for the code group and its descendants for a set of evidence.
A that consists of the permissions granted by the code group with optional attributes, or if the code group does not apply (the membership condition does not match the specified evidence).
-
-
-
+ To be added.
The parameter is .
More than one code group (including the parent code group and any child code groups) is marked .
@@ -802,14 +650,7 @@
The evidence for the assembly.
Resolves matching code groups.
The complete set of code groups that were matched by the evidence.
-
-
-
+ To be added.
The parameter is .
diff --git a/xml/System.Security.Policy/PermissionRequestEvidence.xml b/xml/System.Security.Policy/PermissionRequestEvidence.xml
index 463b8cb30a6..b3d289c8e14 100644
--- a/xml/System.Security.Policy/PermissionRequestEvidence.xml
+++ b/xml/System.Security.Policy/PermissionRequestEvidence.xml
@@ -41,14 +41,12 @@
Defines evidence that represents permission requests. This class cannot be inherited.
-
@@ -90,14 +88,7 @@
The permissions the code can use if they are granted, but that are not required.
The permissions the code explicitly asks not to be granted.
Initializes a new instance of the class with the permission request of a code assembly.
-
- to determine which permissions the code should be granted.
-
- ]]>
-
+ To be added.
@@ -279,14 +270,7 @@
Gets a string representation of the state of the .
A representation of the state of the .
-
- .
-
- ]]>
-
+ To be added.
diff --git a/xml/System.Security.Policy/PolicyLevel.xml b/xml/System.Security.Policy/PolicyLevel.xml
index b7c355a7b6a..466ca94ce54 100644
--- a/xml/System.Security.Policy/PolicyLevel.xml
+++ b/xml/System.Security.Policy/PolicyLevel.xml
@@ -34,27 +34,7 @@
Represents the security policy levels for the common language runtime. This class cannot be inherited.
-
- [!IMPORTANT]
-> We recommend that you use [Windows Software Restriction Policies (SRP) or AppLocker as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to the .NET Framework 4 and later. For more information about this and other changes, see [Security Changes](/dotnet/framework/security/security-changes).
-
- The highest level of security policy is enterprise-wide. Successive lower levels of hierarchy represent further policy restrictions, but can never grant more permissions than allowed by higher levels. The following policy levels are implemented:
-
-1. Enterprise: Security policy for all managed code in an enterprise.
-2. Machine: Security policy for all managed code run on the computer.
-3. User: Security policy for all managed code run by the user.
-4. Application domain: Security policy for all managed code in an application.
-
- A policy level consists of a set of code groups organized into a single rooted tree (see ), a set of named permission sets that are referenced by the code groups to specify permissions to be granted to code belonging to the code group, and a list of fully-trusted assemblies.
-
- Use to enumerate the policy levels.
-
- ]]>
-
+ To be added.
@@ -113,17 +93,9 @@
The used to create the to add to the list of objects used to determine whether an assembly is a member of the group of assemblies that should not be evaluated.
Adds a corresponding to the specified to the list of objects used to determine whether an assembly is a member of the group of assemblies that should not be evaluated.
-
- method is not supported in version 2.0 or later of the .NET Framework because the list of full trust assemblies is not used in those versions.
-
- ]]>
-
+ To be added.
The parameter is .
The specified by the parameter already has full trust.
-
@@ -172,17 +144,9 @@
The to add to the list of objects used to determine whether an assembly is a member of the group of assemblies that should not be evaluated.
Adds the specified to the list of objects used to determine whether an assembly is a member of the group of assemblies that should not be evaluated.
-
- method is not supported in version 2.0 or later of the .NET Framework because the list of full trust assemblies is not used in those versions.
-
- ]]>
-
+ To be added.
The parameter is .
The specified by the parameter already has full trust.
-
@@ -234,8 +198,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Named permission sets are scoped by policy level.
-
]]>
The parameter is .
@@ -355,8 +317,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- This method creates a new with the "AppDomain". The new will initially contain the same objects as in the default computer policy, and will have a single root code group that grants `FullTrust` to all code.
-
]]>
@@ -445,16 +405,7 @@
Gets a list of objects used to determine whether an assembly is a member of the group of assemblies used to evaluate security policy.
A list of objects used to determine whether an assembly is a member of the group of assemblies used to evaluate security policy. These assemblies are granted full trust during security policy evaluation of assemblies not in the list.
-
- are granted full trust during security policy evaluation of assemblies not in the list, but are not automatically granted full trust when directly evaluated by the security policy system.
-
- The property is not supported in version 2.0 or later of the .NET Framework because the list of full trust assemblies is not used in those versions.
-
- ]]>
-
+ To be added.
@@ -631,8 +582,6 @@
## Remarks
This method does not make modifications to the current . Instead, it updates the object's file and the that the security system uses to evaluate policy.
- This method is used by the caspol -recover option (see [Caspol.exe (Code Access Security Policy Tool)](/dotnet/framework/tools/caspol-exe-code-access-security-policy-tool)).
-
]]>
The policy level does not have a valid configuration file.
@@ -694,14 +643,7 @@
The of the assembly to remove from the list of assemblies used to evaluate policy.
Removes an assembly with the specified from the list of assemblies the policy level uses to evaluate policy.
-
- method is not supported in version 2.0 or later of the .NET Framework because the list of full trust assemblies is not used in those versions.
-
- ]]>
-
+ To be added.
The parameter is .
The assembly with the specified by the parameter does not have full trust.
@@ -752,14 +694,7 @@
The of the assembly to remove from the list of assemblies used to evaluate policy.
Removes an assembly with the specified from the list of assemblies the policy level uses to evaluate policy.
-
- method is not supported in version 2.0 or later of the .NET Framework because the list of full trust assemblies is not used in those versions.
-
- ]]>
-
+ To be added.
The parameter is .
The specified by the parameter does not have full trust.
@@ -971,25 +906,7 @@
The used to resolve the .
Resolves policy based on evidence for the policy level, and returns the resulting .
The resulting .
-
- is the basic policy evaluation operation for policy levels. Given a set of evidence as input, this method tests membership conditions of code groups starting at the root and working down as matched. The combination of permissions resulting from the matching code groups produces a that is returned.
-
- In granting permissions to code, security policy uses the resolved policy statements for all applicable policy levels, together with the code request for permissions.
-
-
-
-## Examples
- The following code shows the use of the method. This code example is part of a larger example provided for the class.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_System/system.Security.policy.policylevel/CPP/policylevel.cpp" id="Snippet13":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/PolicyLevel/Resolve/policylevel.cs" id="Snippet13":::
- :::code language="vb" source="~/snippets/visualbasic/System.Security.Policy/PolicyLevel/Resolve/policylevel.vb" id="Snippet13":::
-
- ]]>
-
+ To be added.
The policy level contains multiple matching code groups marked as exclusive.
The parameter is .
@@ -1122,18 +1039,7 @@
Gets the path where the policy file is stored.
The path where the policy file is stored, or if the does not have a storage location.
-
- class.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_System/system.Security.policy.policylevel/CPP/policylevel.cpp" id="Snippet15":::
- :::code language="csharp" source="~/snippets/csharp/System.Security.Policy/PolicyLevel/Resolve/policylevel.cs" id="Snippet15":::
- :::code language="vb" source="~/snippets/visualbasic/System.Security.Policy/PolicyLevel/Resolve/policylevel.vb" id="Snippet15":::
-
- ]]>
-
+ To be added.
@@ -1205,24 +1111,7 @@
Gets the type of the policy level.
One of the values.
-
- .
-
- ]]>
-
+ To be added.
diff --git a/xml/System.Security.Policy/Publisher.xml b/xml/System.Security.Policy/Publisher.xml
index b58358a840a..10e62491154 100644
--- a/xml/System.Security.Policy/Publisher.xml
+++ b/xml/System.Security.Policy/Publisher.xml
@@ -51,12 +51,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- The presence of evidence produces a in the grant set. If there is a for , the that corresponds to the evidence will be compared with the demanded permission.
-
- Publisher evidence is based on Authenticode X.509v3 signatures.
-
- By default, code access security (CAS) does not check for evidence. Unless your computer has a custom code group based on the class, you can improve performance by bypassing Authenticode signature verification. This is accomplished by configuring the runtime to not provide evidence for CAS. For more information about how to configure this option and which applications can use it, see the [\](/dotnet/framework/configure-apps/file-schema/runtime/generatepublisherevidence-element) element.
-
]]>
@@ -253,14 +247,7 @@
Compares the current to the specified object for equivalence.
if the two instances of the class are equal; otherwise, .
-
- objects are equal if they designate the same software publisher certificate.
-
- ]]>
-
+ To be added.
The parameter is not a object.
diff --git a/xml/System.Security.Policy/PublisherMembershipCondition.xml b/xml/System.Security.Policy/PublisherMembershipCondition.xml
index 7b4b3bd43d0..9cbc41884c1 100644
--- a/xml/System.Security.Policy/PublisherMembershipCondition.xml
+++ b/xml/System.Security.Policy/PublisherMembershipCondition.xml
@@ -44,16 +44,7 @@
Determines whether an assembly belongs to a code group by testing its software publisher's Authenticode X.509v3 certificate. This class cannot be inherited.
-
- evidence. Unless your computer has a custom code group based on the class, you can improve performance by bypassing Authenticode signature verification. This is accomplished by configuring the runtime to not provide evidence for CAS. For more information about how to configure this option and which applications can use it, see the \ element.
-
- ]]>
-
+ To be added.
@@ -89,14 +80,7 @@
An that contains the software publisher's public key.
Initializes a new instance of the class with the Authenticode X.509v3 certificate that determines membership.
-
-
-
+ To be added.
The parameter is .
@@ -178,14 +162,7 @@
Determines whether the specified evidence satisfies the membership condition.
if the specified evidence satisfies the membership condition; otherwise, .
-
- evidence.
-
- ]]>
-
+ To be added.
The property is .
@@ -271,14 +248,7 @@
Determines whether the publisher certificate from the specified object is equivalent to the publisher certificate contained in the current .
if the publisher certificate from the specified object is equivalent to the publisher certificate contained in the current ; otherwise, .
-
- .
-
- ]]>
-
+ To be added.
The property is .
diff --git a/xml/System.Security.Policy/Site.xml b/xml/System.Security.Policy/Site.xml
index d7729d1aab3..6c07117551b 100644
--- a/xml/System.Security.Policy/Site.xml
+++ b/xml/System.Security.Policy/Site.xml
@@ -51,10 +51,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
-The presence of evidence produces a in the grant set. If there is a for , the that corresponds to the evidence will be compared with the demanded permission.
-
-Site identity is defined for code from URLs with any protocol except FILE. A site is the string between the "//" after the protocol of a URL and the following "/", if present. For example, `www.fourthcoffee.com` is the site identity in the URL `http://www.fourthcoffee.com/process/grind.htm`. This excludes port numbers. If a given URL is `http://www.fourthcoffee.com:8000/`, the site is `www.fourthcoffee.com`, not `www.fourthcoffee.com:8000`.
-
]]>
@@ -259,14 +255,7 @@ Site identity is defined for code from URLs with any protocol except FILE. A sit
Compares the current to the specified object for equivalence.
if the two instances of the class are equal; otherwise, .
-
- objects are equal if they designate the same website name.
-
- ]]>
-
+ To be added.
diff --git a/xml/System.Security.Policy/StrongName.xml b/xml/System.Security.Policy/StrongName.xml
index 9193f89f87c..531be157b45 100644
--- a/xml/System.Security.Policy/StrongName.xml
+++ b/xml/System.Security.Policy/StrongName.xml
@@ -45,18 +45,12 @@
Provides the strong name of a code assembly as evidence for policy evaluation. This class cannot be inherited.
- class represents evidence of a unique, cryptographically strong name of a code assembly. The strong name consists of a public key, a given name, and a version. The public key corresponds to the publisher's private key which is kept secret, and with which the assembly must be signed in order for the strong name to be valid.
-
- Strong names are typically assigned to assemblies using either , or in conjunction with the SN utility (see [Sn.exe (Strong Name Tool)](/dotnet/framework/tools/sn-exe-strong-name-tool)).
-
- uses this class to confirm that calling code is in a particular strong-named code assembly.
-
]]>
@@ -98,24 +92,15 @@
The simple name section of the strong name.
The of the strong name.
Initializes a new instance of the class with the strong name public key blob, name, and version.
-
- and .
-
- ]]>
-
- The parameter is .
-
- -or-
-
- The parameter is .
-
- -or-
-
+ To be added.
+ The parameter is .
+
+ -or-
+
+ The parameter is .
+
+ -or-
+
The parameter is .
The parameter is an empty string ("").
@@ -197,14 +182,7 @@
The from which to construct the .
Creates a that corresponds to the current .
A for the specified .
-
-
-
+ To be added.
@@ -354,16 +332,7 @@
Gets the of the current .
The of the current .
-
-
-
+ To be added.
@@ -400,14 +369,7 @@
Creates a string representation of the current .
A representation of the current .
-
-
-
+ To be added.
diff --git a/xml/System.Security.Policy/StrongNameMembershipCondition.xml b/xml/System.Security.Policy/StrongNameMembershipCondition.xml
index 803e1bb4eae..a673f42a377 100644
--- a/xml/System.Security.Policy/StrongNameMembershipCondition.xml
+++ b/xml/System.Security.Policy/StrongNameMembershipCondition.xml
@@ -57,8 +57,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Strong names are well suited to specifying code assemblies to which you give a rich set of powerful permissions. Since strong names are cryptographically verified, attackers cannot impersonate rightful assemblies and use their permissions.
-
]]>
@@ -100,16 +98,7 @@
The simple name section of the strong name.
The version number of the strong name.
Initializes a new instance of the class with the strong name public key blob, name, and version number that determine membership.
-
- that checks for and (but not ) by passing `null` into the `version` parameter. If `name` is an empty string (""), an is thrown.
-
- ]]>
-
+ To be added.
The parameter is .
The parameter is .
@@ -159,16 +148,7 @@
Determines whether the specified evidence satisfies the membership condition.
if the specified evidence satisfies the membership condition; otherwise, .
-
- evidence object.
-
- The membership condition is satisfied if the specified evidence contains a with the same (public key, name, and version) as specified by the .
-
- ]]>
-
+ To be added.
@@ -252,14 +232,7 @@
Determines whether the from the specified object is equivalent to the contained in the current .
if the from the specified object is equivalent to the contained in the current ; otherwise, .
-
- classes to be equal, their name, version, and public key blob must match exactly.
-
- ]]>
-
+ To be added.
The property of the current object or the specified object is .
@@ -432,14 +405,7 @@
Gets or sets the simple name of the for which the membership condition tests.
The simple name of the for which the membership condition tests.
-
- property to an empty string (""), an is thrown.
-
- ]]>
-
+ To be added.
The value is .
-or-
@@ -480,16 +446,7 @@
Gets or sets the of the for which the membership condition tests.
The of the for which the membership condition tests.
-
-
-
+ To be added.
An attempt is made to set the to .
diff --git a/xml/System.Security.Policy/UnionCodeGroup.xml b/xml/System.Security.Policy/UnionCodeGroup.xml
index ef8fa210feb..dcb5dff031a 100644
--- a/xml/System.Security.Policy/UnionCodeGroup.xml
+++ b/xml/System.Security.Policy/UnionCodeGroup.xml
@@ -47,12 +47,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups (and so on), forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it or not, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.
-
- is the most common type of code group; the policy statement of all matching child code groups (and by extension their child code groups) are combined with the permission set of the matching parent code group. Thus, if its membership condition matches, this code group forms the union of its policy statement and those of all its child code groups that also match the evidence.
-
- code groups are the code groups created by the CASPOL utility (see [Caspol.exe (Code Access Security Policy Tool)](/dotnet/framework/tools/caspol-exe-code-access-security-policy-tool)).
-
]]>
@@ -92,14 +86,7 @@
A membership condition that tests evidence to determine whether this code group applies policy.
The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition.
Initializes a new instance of the class.
-
- method.
-
- ]]>
-
+ To be added.
The type of the parameter is not valid.
-or-
@@ -141,14 +128,7 @@
Makes a deep copy of the current code group.
An equivalent copy of the current code group, including its membership conditions and child code groups.
-
-
-
+ To be added.
@@ -224,20 +204,7 @@
The evidence for the assembly.
Resolves policy for the code group and its descendants for a set of evidence.
A policy statement consisting of the permissions granted by the code group with optional attributes, or if the code group does not apply (the membership condition does not match the specified evidence).
-
- methods work.
-
- The .NET Framework security system uses on the policy levels to determine which permissions to grant to loaded code from the resulting policy statements and the code request on the assembly.
-
- If the membership condition does not match the specified evidence, this method returns `null`; otherwise, it sets the permission set to be returned (P) equal to the code group's policy statement, and then continues. For each child code group, the method resolves the code group with the same evidence; if the result is not `null`, it sets P equal to the union of P and the child code group's policy statement. It then returns P, which is now the union of the current code group's policy statement and all child group policy statements.
-
- ]]>
-
+ To be added.
The parameter is .
More than one code group (including the parent code group and any child code groups) is marked .
@@ -279,14 +246,7 @@
The evidence for the assembly.
Resolves matching code groups.
The complete set of code groups that were matched by the evidence.
-
-
-
+ To be added.
The parameter is .
diff --git a/xml/System.Security.Policy/Url.xml b/xml/System.Security.Policy/Url.xml
index 40fcb3a4de4..8c11e5e2c2d 100644
--- a/xml/System.Security.Policy/Url.xml
+++ b/xml/System.Security.Policy/Url.xml
@@ -51,12 +51,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- The presence of evidence produces a in the grant set. If there is a for , the that corresponds to the evidence is compared to the demanded permission.
-
- The complete URL is considered, including the protocol (HTTP, HTTPS, FTP) and the file. For example, `http://www.fourthcoffee.com/process/grind.htm` is a complete URL.
-
- URLs can be matched exactly or by a wildcard in the final position. For example, `http://www.fourthcoffee.com/process/*` is a wildcard URL.
-
]]>
diff --git a/xml/System.Security.Policy/Zone.xml b/xml/System.Security.Policy/Zone.xml
index c91fa5afae3..b6721396681 100644
--- a/xml/System.Security.Policy/Zone.xml
+++ b/xml/System.Security.Policy/Zone.xml
@@ -51,10 +51,6 @@
[!INCLUDE[cas-deprecated](~/includes/cas-deprecated.md)]
- The presence of evidence produces a in the grant set. If there is a for , the that corresponds to the evidence will be compared with the demanded permission.
-
- Zones are defined by the enumeration.
-
]]>
@@ -170,14 +166,7 @@
The URL from which to create the zone.
Creates a new zone with the specified URL.
A new zone with the specified URL.
-
-
-
+ To be added.
The parameter is .
@@ -262,14 +251,7 @@
Compares the current evidence object to the specified object for equivalence.
if the two objects are equal; otherwise, .
-
- objects are equal if they designate the same .
-
- ]]>
-
+ To be added.
The parameter is not a object.