Summary

Security systems are in the business of protecting resources from illicit or erroneous access. User-identity “based security systems protect resources based on the identity of the user. This leads to a situation in which all code run within the same user context has all the access rights given to that user . In a world of highly interconnected computing, where code can come from many different locations and publishers, it is necessary to limit access to resources not just based on who is running code, but also based on the origin of the code that is running. Code-identity “based security allows administrators to make such per-code trust decisions. The .NET Framework ships with a code-identity “based security system ”Code Access Security ”that allows administrators to fine-tune security policy based on criteria of the code itself, independent of who is running the code. Code-identity “based security systems, such as CAS, are not intended to replace user-identity “based security, such as Windows Access control settings. Rather, code-identity “ and user-identity “based security together allow administrators to place the right set of limits on code, making resource access dependent both on who is running the code and where the code that is run comes from.

It is now time to further investigate what exactly is meant by the "origin" of managed code. The next chapter will explain in more detail the concept of managed-code evidence ”the necessary input for any CAS policy decisions.