The security configuration files for the .NET Framework consist of three XML-based files. While the machine configuration and application configuration files contain XML elements dealing with runtime versions and assembly binding, the security configuration files contain only XML elements that apply to security policy. These XML files are used to configure code groups and permission sets that affect .NET Framework security policy. For an overview of .NET Framework security policy, see Administering .NET Framework Security Policy in the .NET Framework SDK documentation.
Security policy is expressed using three policy levels: machine policy, user policy, and enterprise policy, and these three policy levels correspond to the three security configuration files.
| Policy level | Corresponding configuration file |
|---|---|
| Enterprise policy | %CLR installDir%\Config\Enterprise.config |
| Machine policy | %CLR InstallDir%\Config\Security.config |
| User policy | %USERPROFILE%\Application data\Microsoft\CLR security config\vxx.xx\Security.config |
The set of permissions that an assembly receives is determined by the intersection of the permission sets allowed by these three policy levels. Each policy level is represented by a hierarchical structure of code groups. Every code group has a membership condition that determines which code is a member of that group. A named permission set is also associated with each code group. This permission set specifies the permissions the runtime allows code that satisfies the membership condition to have. A code group hierarchy, along with its associated named permission sets, defines and maintains each level of security policy.
See the following topics in the .NET Framework SDK documentation: Security Policy Management, Key Security Concepts, .NET Framework Configuration Tool.