Sunday, December 21, 2008

Code Access Security (CAS) of .NET Framework

Code Access Security (CAS) is a security system that allows administrators/developers to control application authorization to access system resources in a similar way like they authorize users. (Role-Based Secuirty, RBS)

CAS: authorize applications (managed assemblies)
RBS: authorize roles

CAS is implmented by using the following components:
  • Evidence: identify an assembly
  • Permissions: describe which resources an assembly (decided by Evidence) can access
  • Permission Sets: collect multiple permissions
  • Code Groups: assign permissions (permission set) to an assembly based on evidence
A Security Policy: a logical grouping of code groups and permission sets.

An assembly receives the most restrictive set of permissions assigned by each of the policy levels within CAS control. Moreover, the final effective permissions of an assembly are the intersection of permissions granted by CAS and by OS.

Two ways to configure any aspect of CAS:
  1. .NET Framework Configuration tool: It's a graphical tool. Go to "Control Panel" > "Administrative Tools" > "Microsoft .NET Framework 2.0 Configuration"
  2. Caspol (The Code Access Security Policy Tool): It's a command-line tool. For more information about this tool, please refer to this MSDN page: http://msdn.microsoft.com/en-us/library/cb6t8dtz(VS.80).aspx
Posted by Will at 3:08 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)