As per MSDN, the definition of Code Group is "a logical grouping of code that has a specified condition for membership." A code group has some permission sets associated with it. Based on these permission sets, the security policy will be configured by the administrators. A named permission set consists of at least one permission set and a name and description for the permission set. Administrators can use named permission sets to establish or modify the security policy for code groups. Please find the built-in named permission sets provided by the common language runtime.

·         Nothing - no permissions (code cannot run)

·         Execution - permission to run (execute), but no permissions to use protected resources

·         Internet - the default policy permission set suitable for content from unknown origin

·         LocalIntranet - the default policy permission set within an enterprise

·         Everything - all standard (built-in) permissions, except permission to skip verification

·         FullTrust - full access to all resources

Let us see how a code group forms in configuration file and then discuss each element in detail. Listing 2 forms a code group. The code group is of the type NetCodeGroup. This is from the assembly “mscorlib.” The NetCodeGroup class provides the Web permission to the site from which the assembly is downloaded. It forms the union of PolicyStatement objects and grants permission based on the same. A PolicyStatement consists of a set of granted permissions and possible special attributes for the code group. There are three types of schemes available for NetCodeGroup: Http, Https and File. The IMembershipCondition defines the test to determine whether a code assembly is a member of a code group. The IMembershipCondition has a method Check which does the same. AllMembershipCondition is the class which represents the membership condition that matches all the code.

Listing 2

<CodeGroup
 class="System.Security.Policy.NetCodeGroup, mscorlib, Version=2.0.0.0,
 Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Name="Internet_Same_Site_Access"
Description="All Internet code gets the right to connect back to the site of its origin.">
<IMembershipCondition
 class="System.Security.Policy.AllMembershipCondition, mscorlib,
 Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"/>
<connectAccessRules>
<codeOrigin scheme="file"/>
<codeOrigin scheme="http">
<connectAccess scheme="http"
port="$origin"/>

The figure below shows different types of code groups that inherit from the abstract class code group.

Figure 1