Summary

This chapter has served two primary functions. It has given you an overview of the different, administrable security mechanisms that can come into play when managed code gets executed. It has also offered an overview of the interaction between Windows access protection settings, Windows Software Restriction Policies, and managed code. The following are some key points to take away from this chapter:

• The .NET Framework Code Access Security (CAS) system does not replace or circumnavigate access protection settings done at the operating system level.

• There are resources, such as the registry, file system, and printers, that are protected by both the Code Access Security system and Windows access protections .

• Managed applications trying to access resources protected both by the CAS system and Windows Access protection settings must be granted the appropriate access permissions both by the CAS policy system and the Windows Access protection settings.

• The Code Access Security System is based on code-identity, whereas Windows access protections are based on user identity. As such, the CAS and Windows Access protection system complement each other.

• Windows XP and .NET Server ship with a code-identity “based security system called Software Restriction Policies. This system is only efficient over unmanaged code and does not replace or duplicate code-identity “based access protection for any managed application.

• Finally, you have been given pointers to the appropriate administration tools for the respective Windows security settings introduced in this chapter.

It is now time to show exactly how Code Access Security Policy is administered using the .NET Framework Configuration tool, as is shown in the next chapter.