views:

107

answers:

2

I've seen a couple threads here on SO that ask about what CAS is and how to use it.My specific is specifically focused on real-world usages of CAS.

For example:

  • DotNetNuke did some efforts in the past to be able to run under Medium Trust: is that still true? what is the % of DNN that run in partial trust (i.e. not full trust)? what & of DNN modules run in partial trust?)
  • Sharepoint defaults to a Partially-Trusted environment on dlls executed from the bin folder: How many 'commercially' available WebParts can run in this bin folder (without changing the policy)?

The key here is to be able to point to CAS success stories, so that other companies feel that they should also invest in writing CAS-enabled apps

+1  A: 

Since .NET 4 Beta 2, the policy portion of code access security (CAS) has been made obsolete. See Code Access Security Is No Longer Used in .NET 4 Beta 2. It's still an interesting feature of .NET to manage or enforce internal access rights, but any feature that relies on IT admins to sep policies would create confusion.

eed3si9n
I know that Microsoft is giving up on CAS in .NET 4.0, but I since I usually make the comment that 'CAS is not really used in the real world' I just want to make sure that I am not missing anything obvious (since it there are 'Real world CAS' apps out there they will already have been published :) )
Dinis Cruz
+1  A: 

I've found that IT Admins couldn't understand CAS or know that it actually existed. The Control Panel application is painful to use and differs in Operating System and .net editions.

Software Developers generally didn't understand the Microsoft CAS implemenation and over time it's not been made any easier to configure, deploy or manage. Considering we are 8 years into .net it's a fairly sad reflection on Microsofts attempts with Security with .net.

Jamie Clayton