Chapter Eight. .NET Code Access Security

Traditionally, security models have been purely logon-oriented and process-centric. This approach on its own is not sufficiently flexible for dealing with the new component-oriented world of mobile code. Code Access Security (CAS) deals with this new challenge by layering a flexible component-oriented security model over the user -based security model provided by the operating system.

Chapter 7 introduced the first part of the .NET security story, but we focused only on user-based security techniques. In this chapter we continue our study of .NET security programming by investigating its other major aspect, known as CAS. In contrast to user-based security, CAS allows you to restrict actions based on certain characteristics of the assemblies that are executing rather than on the identity of the current user. As we shall see, there are several characteristics of a loaded assembly, collectively known as security evidence, which together with security policy may be used by the CLR to make code access decisions for your programs. We will also investigate security policy management and the use of several of the code access permission classes, as well as how to implement both imperative and declarative CAS.