Code access security is used to ensure that access to protected resources and operations is allowed only if the security policy allows it.
To use CAS, the code should be verifiably type-safe code - i.e., code that can be verified by the JIT compiler to be type-safe (note that in some cases, the code may be type-safe, but the JIT compiler cannot verify it to be type-safe). Type-safe code accesses only the memory locations it is authorized to access, and only in well-defined, allowable ways.
At runtime, the .NET security system ensures controlled access to protected resources and operations by walking the call stack - each caller in the stack must have the permissions being demanded for the operation being performed. If not, the operation fails and an exception is thrown.
In the .NET Framework, code access security performs the following functions:
To use CAS, the code should be verifiably type-safe code - i.e., code that can be verified by the JIT compiler to be type-safe (note that in some cases, the code may be type-safe, but the JIT compiler cannot verify it to be type-safe). Type-safe code accesses only the memory locations it is authorized to access, and only in well-defined, allowable ways.
At runtime, the .NET security system ensures controlled access to protected resources and operations by walking the call stack - each caller in the stack must have the permissions being demanded for the operation being performed. If not, the operation fails and an exception is thrown.
In the .NET Framework, code access security performs the following functions:
- Defines permissions and permission sets that represent the right to access various system resources.
- Enables administrators to configure security policy by associating sets of permissions with groups of code .
- Enables code to request the permissions it requires in order to run, as well as the permissions that would be useful to have, and specifies which permissions the code must never have.
- Grants permissions to each assembly that is loaded, based on the permissions requested by the code and on the operations permitted by security policy.
- Enables code to demand that its callers have specific permissions.
- Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
- Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have.