What does the "ApplicaionDirectory" Membership condition mean in .NET Code Access Security?

Question

I am not sure about the semantic of "ApplicationDirectory" membership condition.

I am trying to use it in the .NET Framework 2.0 configuration tool. The tool's explanation to it is as below:

The Application Directory membership condition is true for all assemblies in the same directory or in a child directory of the running application. Assemblies that meet this membership condition will be granted the permissions associated with this code group.

All the other membership conditions such as strong name, hash, allow me to input some criterias, only the Application Directory has not. So how to use it? Could someone give an explanation by example? Many thanks.

Do I have to start a bounty to get any reply?

Answer 1

When a .NET host executes an application, the host sets the ApplicationDirectory evidence for all loaded assemblies to match the source directory of the application. If a given assembly's path is in the application directory, that assembly will match an ApplicationDirectoryMembershipCondition.

There's actually very little practical reason to use an ApplicationDirectoryMembershipCondition when configuring machine policy, although it could theoretically be used for scenarios like denying permissions to a DLL unless the DLL is loaded by an application "above" it on its path. This particular membership condition is much more useful when programatically configuring policy for a AppDomain.

Answer 2

My impression is that this is fairly static and that assemblies within that directory are influenced by the static policy.