Chapter 13. Understanding Code Access Security
The .NET framework has two major security mechanisms: role-based security and code access security (CAS). Both of these features are threaded throughout the .NET framework. CAS ensures that code does not perform actions or access resources it should not be able to, and provides an extra layer of safety on top of the operating system security functions. The environment in which your application runs can be configured to only allow a subset of the full .NET framework functionality. It is important that you know how to properly request permissions at run-time, rather than assuming your application has access to everything a machine can do.
In this chapter you will learn about the following
What CAS is
How to ask for permissions in your code
How CAS and the ASP.NET trust levels fit together
How the Global Assembly Cache (GAC) affects trust levels
Note
This chapter covers the basics of CAS. This is a wide-ranging subject that touches on ClickOnce, plug-in architecture, isolation of third-party components, and other things that you may end up requiring as your applications become more advanced. If you want to know more, MSDN has an entire section on CAS at http://msdn.microsoft.com/en-us/library/930b76w0.aspx.
UNDERSTANDING CODE ACCESS SECURITY
Traditionally, software runs using the operating system-level identity, roles, and permissions of the user who executes the program. But, in today's world of mobile code, where software can come from the Internet ...
Get Beginning ASP.NET Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
