NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Introduction to Security Policy

Security policy is the configurable set of rules that the NGWS runtime follows when deciding which permissions to grant to code. The runtime determines what access to resources code should have by examining identifiable characteristics of the code, such as the web site or zone from which the code originates. Security policy defines several zones and associates each of them by default with a named set of permissions. If no other identifying characteristics of the code are known, the runtime uses the policy for the zone from which the code originates. The default security policy is suitable for many situations; however, administrators can modify or customize security policy to tailor it to the specific needs of their organizations.

Administrators can configure security policy so that individual sites and publishers are allowed to have more or fewer permissions than default policy allows. For example, an administrator might specify that all code downloaded from the website of XYZ Corporation, a trusted business partner, is allowed to have the set of all permissions. The same administrator might specify that all other code from the Internet be given a more restricted set of permissions, such as limited access to isolated storage and use of safe user interface functionality.

Based on policy, the runtime grants permissions to both assemblies and application domains. During execution, the runtime ensures that code accesses only the resources that it has been granted permission to access.

For more detailed information about permissions and how they are used, see Permissions. To learn how the runtime enforces security restrictions on managed code, see Code Access Security.