Code-access security, introduced in .NET 1.0, is probably the single differentiating capability-wise aspect of .NET compared with unmanaged code. The core advantage of .NET compared with the unmanaged world of C++ and COM is one of productivity, not capability. With the exception of code-access security, virtually anything that can be done by .NET can be done with unmanaged code. Code-access security is built into the very fabric of .NET, affecting every operation in managed code—something that unmanaged code can never achieve. The first release of WCF offered no support for code-access security. The System.ServiceModel assembly did not allow any partially trusted callers, and by demanding full trust of all its callers, WCF disabled code-access security support. This meant that developers wanting to take advantage of code-access security were very limited in their endeavor. Developers could use permission attributes to restrict the permissions granted to their services, but as discussed next, this came at a nontrivial cost and liability. Developers could manipulate the proxy to enable partially trusted clients to call WCF services (by granting it and asserting full trust, as discussed next), but in so doing, they waived all benefits of code-access security toward the clients. Furthermore, developers had no way of hosting a WCF service in a partial-trust environment.

The second release of WCF introduced rudimentary support for code-access security ...