What is it and Why is Host Evidence Needed?

Host Evidence is an evidence class, defining the set of information that constitutes input to security policy decisions, (non-inherited), needs to be specified in the System.Security.Policy namespace, using the mscorlib (in mscorlib.dll) assembly.

Hosting proof or confirmation-verification, that a particular assembly host puts forward. It describes the assembly source and origin for he most part. Examples of it would be, application directory, URL or a web-site. It is more or less signatures and location of origin of code, security policy data/support confirmation.

Where do you access, find and specify it? How does it work in .NET?

Creating and starting domains and assemblies  means you have full control over them and the information about you (creator/originator) – the hosting evidence, identity, location, author-specification et al. Run-time gathered information about this is captured, to determine to which code-groups it belongs. It gives proof of privileges, permissions, access, authorizations, authentication, security allowances,  involved and that the source / creator has. Assigning this evidence through and object System.Security.Policy.Evidence, becoming a operational and system related parameter, identified and specified in the ExecuteAssembly Method. It is done using a constructor, with two objects: (i) host evidence, (ii) assembly evidence (custom-user, developer-provided evidence).

Host evidence pertains to origin, identity, hash, publisher or strong name, provided by the host granted ControlEvidence permission. It answers the questions, where does the code come from, or originate, as well as digital signatures on the assembly. It can include site and zone evidence. The host evidence must be validated and passed to policy by the host, when loaded, the security system verifies the signature. The system then creates the appropriate evidence and passes it to policy only if the corresponding signature is valid.

Key Exam Points

1. Read and review the chapters, relevant content and references pertaining to host evidence, security, applications, user-permissions and security policies, verification processes and requirements, CAS, application security.
2. For the exam, study examples hands-on, code-illustrative, real-life applications, that help you to gain a better understanding of this topic, security and permissions in the .NET framework/environment.
3. Take the practice exam, work-lab exercises, theory and application Q&A (multiple-choice, demonstrable practical skills) , scenarios and contexts.

Related Terms

Security Policy, Permission, Permission set, Evidence.

This article is based on the 2nd edition of the Microsoft .Net Framework Application Training Kit with the purpose to help 70-536 Exam takers to succeed. I constantly look for ways to improve the content.   Please leave a comment about this article or drop me a message if you would like to see changes for this site.