What is CAS, evidence, permission set & code groups?

When we want to execute any code in our environment we would first like to know from where the code came from. Depending from where it came from, then we would like to give him access rights. For instance a code compiled from your own computer would have greater rights than code downloaded from the internet.

So, Code Access security is a security model which grants or denies permission to your assembly depending on evidences like from where the code has emerged, who the publisher is? , strong names etc

What is evidence in CAS?

Evidences are like who is the publisher of the code , from which site has this code from , from which zone has it come from ( internet , intranet etc) etc.

What is a permission and permission set?

There are various permissions which you can assign to the code like Can the code create a file, can we write to registry, can the code execute reflection, can the code open file dialog box etc.

These permissions are collect permission sets and those permission sets are allocated to the code.

What is code group?

A code group is a logical grouping of code that has a specified condition for membership. Any code that meets the membership condition is included in thegroup. Code groups have associated permission sets that are evaluated during a policy grant.


So how does CAS work on runtime?

• Evidences are gathered about the assembly. In other words from where did this assembly come?
• Depending on evidences the assembly is assigned to a code group. In other words what rights does the assembly depending on the evidence gathered.
• Depending on code group the assembly is allocated security rights.
• Using the security rights the assembly is run with in those rights.



CAS is completely deprecated in .NET 4.0, there are two big changes:-

• Granting of permission is no more dependent on the .NET CAS, it’s now the job of the host. So the host who runs the .NET DLL will define what kind of rights will the assembly have. NET Framework 4.0 comes with CAS a disabled which means all applications started via Windows Explorer or the command prompt run with full trust. Hosted .NET applications, those running inside Internet Explorer or ASP.NET, will run at the trust level granted by their host, being partially trusted.

• Security transparent model is introduced which divides a .NET code in to 3 categories Security critical, Security transparent and security safe critical.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s