Security Policy Best Practices
In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.
The .NET Framework provides a code access security model that allows administrators to modify security policy to meet their individual needs. While code access security generally increases the reliability and security of applications, improperly administering code access security policy can potentially create security weaknesses. This section explains basic administration concepts and describes some of the best practices to use when administering code access security policy.
In This Section
Security Policy Administration Overview
Provides an overview of basic administration concepts related to code access security.
General Security Policy Administration
Describes security practices that apply to all levels of policy.
Enterprise Policy Administration
Describes security practices that apply to the enterprise policy level.
Machine Policy Administration
Describes security practices that apply to the machine policy level.
User Policy Administration
Describes security practices that apply to the user policy level.
Key Security Concepts
Describes the basic concepts and definitions needed to understand the .NET Framework security system.
Code Access Security
Describes the code access security system and how to programmatically interact with it.
Security Policy Management
Describes how security policy grants permissions to code.
Security Policy Configuration
Describes tasks to configure security policy.