27.2. Code Access Security

Code access security provides both developers and system administrators with a standardized mechanism to control and limit the actions that an application can perform. It allows applications to be trusted to varying degrees and to perform only the actions that are expected. Code access security also provides a formal process for applications to determine whether they have the necessary permissions to execute a particular function. This is a much more elegant solution than simply attempting the action, and handling an exception if it fails.

Code access security comes into play whenever an assembly is loaded, and provides the following functions:

  • Defines permissions and permission sets that represent the right to access various system resources

  • Defines different groups of assemblies, termed code groups, based on certain characteristics that the code shares

  • Enables administrators to specify a security policy by associating sets of permissions with code groups

  • Enables code to request the permissions it requires in order to run, as well as the permissions that would be useful to have, and specifies which permissions the code must never have

  • Grants permissions to each assembly that is loaded, based on the permissions requested by the code and on the operations permitted by the security policy

27.2.1. Permission Sets

A permission set is a collection of related permissions, grouped together for administrative purposes. An individual permission expresses a specific ...

Get Professional Visual Studio® 2008 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.