Code access security is a feature of .NET that manages code, dependent on our level of trust. If the CLR trusts the code enough to allow it to run, it will begin executing the code. Depending on the permissions provided to the assembly, however, it might run within a restricted environment. If the code is not trusted enough to run, or if it runs but then attempts to perform an action, for which it does not have the relevant permissions, a SecurityException is thrown. The code access security system means that we can stop malicious code running, but we can also allow code to run within a protected environment where we are confident that it cannot do any damage.

CAS is part of .Net security model that determines whether or not a piece of code is allowed to run and what resources it can use while running. CAS grants rights to program depending on the security configuration of the machine. For e.g. the program has rights to edit or create a new file but the security configuration of machine does not allow the program to delete a file.

Code access security is based on two concepts Code Groups and Permissions. The following sections will discuss both in detail.

Code Group

Code Group is the concept of bringing together the code with similar characteristics. Two examples for code groups are Internet and Intranet. The group Internet defines code that is sourced from the Internet, the group Intranet defines code sourced from the LAN. Code groups have an entry requirement called membership condition . Each code group has one, and only one, membership condition.

Following is the available list of code group memberships:

• Zone: The region from which the code originated. A zone is one of the commonly used condition. A zone is the region of origin of a piece of code and refers to one of the following: My Computer, Internet, Intranet, Trusted, or  not trusted.


• Site: The Web site from which the code originated.


• Strong Name: A unique, verifiable name for the code.


• Publisher: The publisher of the code.


• URL: The specific location from which the code originated.


• Hash Value: The hash value for the assembly.


• Skip Verification: This condition requests that it bypasses code verification checks.


• Application Directory: The location of the assembly within the application.


• All Code: All code fulfills this condition.


• Custom: A user-specified condition.

Code groups are arranged hierarchically with the All Code membership condition at the root.

Permissions

Permissions are the actions we allow each code group to perform? For example, permissions include “able to access the user interface” and “able to access local storage.” The system administrator usually manages the permissions at the enterprise, machine, and user levels.