tags:

views:

33

answers:

1
+2  Q: 

Question about Code Access Security (CAS).

Hi guys,

I am studying the Code Access Security of .NET 2.0. My current understanding is as below:

The basic mechanism of the CAS is for the CLR to collect certain evidences from the assembly, and then use the evidence and policy to work out a permission set for the assembly's code. And the assembly's code can do nothing beyond that permission set.

Evidence is used to classify certain assembly into certain code group, and permission set is given on a code group granularity.

There're several types of evidence can be collected by the CLR at runtime.

It is easy to determine evidence such as Application Directory, GAC, Hash, Strong Name.

But how to determine evidence such as Publisher, Site, Zone, URL? Where are these evidence data stored? Are they part of the assembly's metadata? I don't think that evidence like Zone or Site should be part of the metadata.

Many thanks.

+2  A: 

The following page does the best that I can find of explaining how this information is obtained

The summary is that much of this information is not on the assembly itself but provided by the hosting environment of the CLR. Examples of hosts include

  • The Browser
  • ASP.Net
  • Shell Host (normal applications)

These host themselves provide the information about Site, Zone, etc ... to the CLR for a given assembly.

JaredPar  2010-10-04 08:11:24
Wasn't CAS kinda removed/obsoleted in .NET 4.0 because almost nobody was using it ?
Petar Repac  2010-10-04 09:11:18
@Peter: CAS is still quite alive in .NET 4.0. However, the CLR itself no longer imposes CAS policy. Instead, CAS policy is imposed solely by hosts such as ASP.NET and IE. For details, see http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx.
Nicole Calinoiu  2010-10-04 12:03:32
@Nicole: +1 for answer. Tnx
Petar Repac  2010-10-04 19:00:26

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?