.NET Security Policies and Groups



The .NET Framework offers a robust security model for dealing with application security. Each application that runs on System must pass the security System.


Let us learn about the .NET Security model and its related policies.


Security Policies

The .Net Framework controls applications in the Common Language Runtime (CLR) with strict security policies. These policies determine how applications are allowed to run and access resources within the CLR.

The CLR security policy is the set of rules, configured by the system administrator that matches permissions with system resources. All managed code within the CLR is governed by the security policies. There are four levels of security policy in the CLR:


1.       Enterprise – level Policies.


2.       Machine – level policies.


3.       User-level policies.


4.       Application Domain Policies.


All the above Security policies mentioned are hierarchical that is security rights flow from Enterprise-level. Lower-level policies cannot increase permissions set at a higher level but they can decrease the permission level.


Enterprise Level Policies


Enterprise-level policies are the highest level of security policies that govern applications in the CLR. These can only be set by the system administrator (or a user within the Administrators group), and they affect all applications running in the enterprise domain.


Machine Level Policies


Machine-level security policies define the security rules for all applications running on an individual computer system. This is the level at which application policies for a system are most commonly set. All applications running on the system are controlled by the machine-level policies.


User Level Policies


User-level policies define the security rules applied to individual user accounts on the computer system. Individual users can be restricted from accessing resources on the system based on user-level policies.


Application Domain Policies


Application domain policies define the security rules applied to all applications running in a set application domain. There may be more than one application domain running on a single system at a time, so an individual application can be affected by several application domain policies.










Security Groups


Security groups are defined to control what policies are applicable for a set of applications. Groups are defined based on Characteristic of the applications such as the application creator or the original location of the application.


Let us have a close look with the CLR Application Groups



Membership Affected

All code

All Applications of the System

Application Directory

The Application’s Installation Directory

Cryptographic hash

The Application’s cryptographic hash value

Software publisher

The orginator of the application, based on a digital signature.

Site Membership

The HTTP, HTTPS, or FTP site from which the code originates

Strong Name

The cryptographically strong name of the application


The URL Path where the code originates


The Zone where the code originates


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.