When does the .NET CLR evaluate security attributes?

Question

I've just read the following in the CLI specification regarding SecurityExceptions upon method calls:

The security check can occur when the CIL is converted to native code rather than at runtime.

How does Microsoft's implementation handle this?

If, for example, only a certain usergroup is allowed to access some class, and i have placed a security attribute checking for this group.

If the user runs the application, it is jitted, and possibly the security checks are performed at that time and not at runtime.

If so, does the jitter cache the native image so that it could pose problems if i change the user's group at a later time (i.e. the cached native image doesn't reflect his updated permissions)? Or is it jitted every time it is run unless i preinstall the native image? I'm still not quite sure how the native image cache works exactly.

Answer 1

Any jitted image is only valid within the same security context where it is generated.

This applies both to the cache and ngen:ed assemblies.

As soon as the loader sees that the current security context differs it will load the IL image and JIT the assembly.

This is why you can't ngen an image on your pc and distribute to someone else.

This also applies to the .Net core assemblies. They are ngen:ed (or placed in the ngen queue) at installation to match the security context on the computer.

You can read more about it here: msdn ngen.exe