27.2. Code Access Security
Code access security provides both developers and system administrators with a standardized mechanism to control and limit the actions that an application can perform. It allows applications to be trusted to varying degrees and to perform only the actions that are expected. Code access security also provides a formal process for applications to determine whether they have the necessary permissions to execute a particular function. This is a much more elegant solution than simply attempting the action, and handling an exception if it fails.
Code access security comes into play whenever an assembly is loaded, and provides the following functions:
Defines permissions and permission sets that represent the right to access various system resources
Defines different groups of assemblies, termed code groups, based on certain characteristics that the code shares
Enables administrators to specify a security policy by associating sets of permissions with code groups
Enables code to request the permissions it requires in order to run, as well as the permissions that would be useful to have, and specifies which permissions the code must never have
Grants permissions to each assembly that is loaded, based on the permissions requested by the code and on the operations permitted by the security policy
27.2.1. Permission Sets
A permission set is a collection of related permissions, grouped together for administrative purposes. An individual permission expresses a specific ...