NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Policy for the domain

The domain is the boundary for policy: hosts can influence policy on a domain basis within the same process. However, even the most trusted host cannot completely control policy – it will always be affected by the machine and user policy, over which the host has no influence. Hosts can control policy to the extent of possibly reducing permissions from the maximum allowed by machine policy, but never to increase it.

The basic structure of security policy applied to managed code is as shown in the diagram below – policy levels are shown from top (first evaluated) to bottom (subject to restrictions from above). Machine policy and per-user policy – if specified – will always apply. A host may provide additional policy that can only make further restrictions (never escalations) to the permissions that will ultimately be granted to code.

    specified by applies to
Machine policy <— administrator all code on the machine
Per-user policy <— administrator code in user’s processes
Host policy <— host code code in host’s domain

Host provided policy

Typically, immediately after creating a new domain, a host specifies the policy it wants to provide to be applied to code within the domain. This host-specified policy is called application domain policy and may only be set once for an domain, so if a set has been previously done a new set operation will fail and have no effect. To provide application domain policy the host must have SecurityPermission.ControlDomainPolicy permission.

   AppDomain.SetAppDomainPolicy (PolicyLevel DomainPolicy);

Setting application domain policy will cause all subsequently loaded assemblies to be granted permissions under the new policy. All previously loaded policies will get grants under the pre-existing policy (i.e. Machine/User only) with no application domain policy. That is, assemblies that have already been loaded into the domain will not have their grants reevaluated under the newly set application domain policy.

Care should be taken by the host to set application domain policy before any assemblies are loaded that it is intended for the application domain policy to apply to. If an assembly is explicitly loaded, or if any code in an assembly is run prior to setting application domain policy then that policy will not apply to its grant.