Defines the set of information that constitutes input to security policy decisions. This class cannot be inherited.
See Also: Evidence Members
Common forms of evidence include signatures and location of origin of code, but can potentially be anything. Objects of any type that are recognized by security policy represent evidence.
Security policy is composed of code groups; a particular assembly (the basic unit of code for granting security permissions) is a member of a code group if it satisfies the code group's membership condition. Evidence is the set of inputs to policy that membership conditions use to determine to which code groups an assembly belongs.
The System.Security.Policy.Evidence class is a collection (see ICollection) that holds a set of objects that represent evidence. This class holds two sets that correspond to the source of the evidence: host evidence and assembly evidence.
Policy can get evidence from two different sources when evaluating permissions for code.
Host evidence is provided by the host, and can only be provided by hosts that have been granted the System.Security.Permissions.SecurityPermissionFlag.ControlEvidence permission. Typically, this is evidence of the origin of the code and digital signatures on the assembly. Evidence about origin typically includes System.Security.Policy.Url, System.Security.Policy.Site, and System.Security.Policy.Zone evidence. Signatures refer to software publisher (AuthentiCode X.509v3 signature) and strong name identities. Both kinds of digital signature-based identity are built into the assembly, but must be validated and passed to policy by the host; when loaded, the security system verifies the signature. The system then creates the appropriate evidence and passes it to policy only if the corresponding signature is valid.
Assembly evidence is part of the assembly itself. Developers or administrators can attach custom evidence to the assembly to extend the set of evidence for policy. Assembly evidence can only be added at the time of assembly generation, which occurs before the assembly is signed. The default policy of the security system ignores assembly-provided evidence, but policy can be extended to accept it.