Before the net_v40_long, almost any object could be used as an evidence object if the hosting code wanted to apply it as evidence. For example, some .NET Framework code recognized Uri objects as evidence. The common language runtime (CLR) considered evidence objects as object references, and did not apply any type safety to them.

This presented a problem because there were implicit restrictions on which types could be used as evidence objects. Specifically, any object used as evidence had to be serializable and could not be null. If these requirements were not met, the CLR threw an exception whenever an operation that required one of these assumptions was performed.

The System.Security.Policy.EvidenceBase class, which all evidence objects must derive from, was introduced in the net_v40_short to enable constraints on the types of objects that can be used as evidence and to provide the ability to add new features and requirements to all evidence objects. The System.Security.Policy.EvidenceBase class ensures, upon instantiation, that the evidence object is serializable. In addition, it enables new evidence requirements to be created by adding new default implementations to the base class.

All the types used by the CLR as evidence objects have been updated in the net_v40_short to derive from System.Security.Policy.EvidenceBase.

Namespace: System.Security.Policy
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions: 4.0.0.0