In the process of creating a code group, you are briefly familiar with the membership condition of the code group, and you can assume that all assemblies that conform to the membership condition of the code group belong to that code group during the implementation of the security policy. The implementation form of a membership condition is a type, and each member condition corresponds to one type.
All code
"All code" represents a membership condition that matches all code, and the implementation class for that member condition is the AllMembershipCondition class. This membership condition is typically used for the root code group at the policy level to apply the policy to all code. The AllMembershipCondition class definition is shown in code listing 4-6.
Code Listing 2-1 AllMembershipCondition class definition
[SerializableAttribute]
[ComVisibleAttribute (True)]
Public sealed classallmembershipcondition:imembershipcondition, isecurityencodable, isecuritypolicyencodable
The AllMembershipCondition class inherits three interfaces:
IMembershipCondition interface: Defines a test to determine whether the code assembly is a member of a code group. The check method of the interface is used to determine whether the specified evidence satisfies the membership condition.
ISecurityEncodable Interface: Defines a method that converts the state of a permission object to the representation of an XML element. Any custom permission must implement this interface. The FromXml method of this interface reconstructs the security object with the specified state using XML encoding, ToXml the method to create the XML encoding of the security object and its current state.
Isecuritypolicyencodable interface: A method that supports the conversion of the state of a permission object to the representation of an XML element. This interface is similar to the ISecurityEncodable interface, but it contains a policy-level context, which requires policy-level context information when parsing a reference to a named permission set. The Isecuritypolicyencodable interface also provides a fromxml and ToXml method, with the same functionality as the ISecurityEncodable interface.
Application directory
The application directory membership condition determines whether the assembly belongs to a code group by testing the application directory of the Assembly. The implementation class for the membership condition is the Applicationdirectorymembershipcondition class, which is defined as shown in code listing 2-2.
Code Listing 2-2 Applicationdirectorymembershipcondition class definition
[SerializableAttribute]
[ComVisibleAttribute (True)]
Public sealed class Applicationdirectorymembershipcondition:imembershipcondition, isecurityencodable, Isecuritypolicyencodable
Applicationdirectorymembershipcondition can determine whether the Applicationdirectory property contains an assembly URL evidence path. For example, if Applicationdirectory is C:\app1, an assembly that has URL evidence (for example, C:\app1, C:\app1\main.aspx, C:\app1\folder1, or C:\app1\folder1\ Main1.aspx) meets the membership condition. Code that is not in the C:\APP1 directory or one of its subdirectories failed to pass the membership condition test. Code that has no applicationdirectory or URL evidence can never be tested by a membership condition.
Hash
The hash membership condition determines whether the assembly belongs to a code group by testing the hash value of the assembly. The implementation class for the membership condition is the Hashmembershipcondition class, which is defined as shown in code listing 4-8.
Code Listing 2-3 Hashmembershipcondition class definition
[SerializableAttribute]
[ComVisibleAttribute (True)]
Public sealed classhashmembershipcondition:iserializable, Ideserializationcallback, IMembershipCondition,
ISecurityEncodable, isecuritypolicyencodable
The Hashmembershipcondition analogy AllMembershipCondition class implements more than two interfaces:
ISerializable interface: Allows an object to control its own serialization and deserialization process.
Ideserializationcallback interface: Indicates the notification class when the deserialization of an entire object is complete.
Publisher
The publisher membership condition determines whether an assembly belongs to a code group by testing the software publisher Authenticode X.509v3 Certificate of the assembly. The implementation class for the membership condition is the PublisherMembershipCondition class, which is defined as shown in code listing 2-3.
Code Listing 2-3 PublisherMembershipCondition class definition
[SerializableAttribute]
[ComVisibleAttribute (True)]
Public sealed class Publishermembershipcondition:imembershipcondition, isecurityencodable, isecuritypolicyencodable
The PublisherMembershipCondition class has a public property named certificate that Gets or sets the Authenticode X.509v3 certificate for which to test the membership condition with the class.
Site
The site membership condition tests the site from which the assembly is generated to determine whether the assembly belongs to a code group, where the code can originate from an HTTP site, an HTTPS site, and an FTP site. The implementation class for the membership condition is the SiteMembershipCondition class, which is defined as shown in code listing 2-4.
Code Listing 2-4 SiteMembershipCondition class definition
[SerializableAttribute]
[ComVisibleAttribute (True)]
Public sealed class Sitemembershipcondition:imembershipcondition, isecurityencodable, isecuritypolicyencodable
If the code originates from a Web site specified by site, the code assembly satisfies the site membership condition. The site is a string between the "//" and the following "/" (if present) that is behind the URL protocol identifier. For example, Www.xuanhun.com is the site identity of the URL http://www.xuanhun.com/process/grind.htm, which does not include the port number. If the given URL is http://www.xuanhun.com:8000/, then the site is www.xuanhun.com, not www.fourthcoffee.com:8000.
Sites can match exactly, or they can be matched by using the wildcard ("*") prefix at the point separator location. For example, the site name *.xuanhun.com matches xuanhun.com and www.xuanhun.com. If there are no wildcard characters, the site name must be an exact match. The site name * will match all sites, but will not match code without site evidence.