Chapter 11-Lesson 1

• Code Access Security (CAS) may be used by .NET applications to put restriction on code regarding certain actions.
• An Application is called partially trusted when some kind of CAS is applied on it, others are called fully trusted.
• Evidence is something that proves as an identity and describes an individual as deserving a certain level of trust.
• Permissions determine which applications are trusted to what extent.
• There are 19 pre-defined Permissions in NET 2.0 (pertaining to different areas such as Web Access, Registry Access, File IO Access, etc.)
• Permission Sets combine a set of Permissions to represent particular level of security e.g. FullTrust, Internet, LocalIntranet, etc.
• Applications are brought under CAS using Code Groups which define a set of Permissions (and their respective settings/levels).
• Each Code Group requires an Evidence object. The assemblies that provide a particular Evidence become eligible to Permissions defined by the code group.
• Code Groups may be nested within one another and therefore may require more than one Evidence. (e.g My_Computer_Zone is a Code Group that requires a Zone:My Computer type of Evidence and grants FullTrust Permissions to assemblies bearing that Evidence.)
• Nesting one code group into another would result in a Union Code Group with all the Permissions set by both of them.
• There are four configurable Security Policies (Unions of Code Groups) built-in for .NET applications; Enterprise, Machine, User and Application Domain.
• However, if an Assembly falls under more than one Security Policy, the CLR uses the most restrictive one.