This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
Permission Grants
The runtime grants permissions to both application domains and assemblies. The process the runtime follows when granting permissions can involve two steps, which are discussed in the remainder of this topic.
Computing the Allowed Permission Set
- The runtime determines at load time the set of permissions that each type of policy allows the code to have. This task is accomplished by examining the code group hierarchy for each relevant policy level, using evidence to determine group membership.
- The runtime intersects the allowed permission sets for each relevant policy level, resulting in one set of allowed permissions.
Determining the Granted Permissions
- The runtime compares this final set of allowed permissions with the permissions that the assembly requests, resulting in a set of permissions that is granted to the assembly. For permission grants for application domains, this step does not apply.