Chapter 13. Understanding Code Access Security

The .NET framework has two major security mechanisms: role-based security and code access security (CAS). Both of these features are threaded throughout the .NET framework. CAS ensures that code does not perform actions or access resources it should not be able to, and provides an extra layer of safety on top of the operating system security functions. The environment in which your application runs can be configured to only allow a subset of the full .NET framework functionality. It is important that you know how to properly request permissions at run-time, rather than assuming your application has access to everything a machine can do.

In this chapter you will learn about the following

  • What CAS is

  • How to ask for permissions in your code

  • How CAS and the ASP.NET trust levels fit together

  • How the Global Assembly Cache (GAC) affects trust levels


This chapter covers the basics of CAS. This is a wide-ranging subject that touches on ClickOnce, plug-in architecture, isolation of third-party components, and other things that you may end up requiring as your applications become more advanced. If you want to know more, MSDN has an entire section on CAS at


Traditionally, software runs using the operating system-level identity, roles, and permissions of the user who executes the program. But, in today's world of mobile code, where software can come from the Internet ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.