Code access security, commonly referred to as CAS, defines the execution permissions granted to a piece of code that runs in a partially trusted location. This concept is similar to user authorization, although it is the code and not a user account that is authorized. A partially trusted location does not fully trust the code that it contains and creates a restricted security context (that is, a sandbox) to isolate its code from the rest of the system.

Because the partially trusted location runs with restrictive permissions, it limits the attack surface of the system and is the most secure location from which to run code. The partially trusted location allows code to run in predefined security contexts without ...