Security of the application is probably one of the most important requirements for development and deployment. In this network-computing age in which servers are really accessible beyond a certain set of users (or beyond the company's own private networks), ensuring secure access to applications is the topmost concern of IT administrators.
A combination of various security methods is used to ensure secure access to an application. This includes basic physical security (typically of the servers hosting the application), authentication (to ensure that the right user has access), authorization (to ensure that the user has the appropriate level of privileges), communication channel and data encryption, and code access security ”all applied using a set of security best practices.
With the introduction of the zero-install client application deployment architecture, .NET Framework allows partially trusted downloadable assemblies to be accessed from Internet resources, removing the need for explicit installation on the user's workstation.
With the notion of downloadable code comes the requirement of added security as partially trusted downloadable code can pose a security hazard by running malicious code on the user workstation and getting access to protected local resources.
CAS (Code Access Security) provides an elaborate evidence- and permissions-based security model, where identified code, based on its identity, can be provided a limited list of custom permissions for proper execution.
MSIL code is an easy target for code decompilation, essentially a process that can be used to convert the MSIL code back into a programming language (such as C#). A number of decompilers are already available. Fortunately, also available at the same time is a set of tools called code obfuscators, which convert the normally generated MSIL code into a functionality equivalent (yet harder to decompile) MSIL code, making code decompilation much harder.
