Why to use CAS (Code Access Security)?

Question

I have been a part of so many web applications but have never used CAS, perhaps have also never felt the need to use the same.

When is the need to use CAS? Do people actually use it in their applications?

Answer 1

CAS is really only useful (so to speak) in desktop applications, where you want to restrict what an application run from over the network (for example) is able to do on the local machine. I've found that fooling with CAS is asking for a big, pointless headache, even in this circumstance. The default configuration is generally the most sensible.

This type of model is obviously much less useful for a web application, since you implicitly trust all of the code in the application.

Answer 2

I've never seen it used.

It exists solely so that you can say the maximum level of security your code should run in. It's more of a lawsuit protection mechanism than anything else in the sense that you can claim that your code could not possibly of been authorized to execute a certain function.

Personally, I believe it's a waste of time as it offers no real protections to the underlying operating system.

Here some more information about it from microsoft: http://msdn.microsoft.com/en-us/library/930b76w0(VS.71).aspx

Answer 3

The only place I have ever encountered CAS is in Sharepoint where it is used to limit what a custom assembly in the BIN directory can have access to (e.g., the sharepoint object model). Many people think CAS is too complex and not worth the trouble, so they end up throwing the assembly in the GAC. But if you do that, then you better scrutinize the code for any security risks.

Answer 4

I ran across it once, when learning WPF. It was used in this Sudoku tutorial to load plugins from other users. A special application domain was created for the plugin with few access rights and communication was performed with .NET remoting. The tutorial provides some good insight into secure plugin loading.

Answer 5

VSTO is a useful technology that lets you run managed code written in a .NET language from Office documents, instead of using VBA. It requires using caspol in 2 ways on client machines:

• Permission Office to run DLLs from the location where the DLLs are deployed.

• Permission Office to run DLLs from the location where the Office document was opened.

I've found caspol to be a nightmare, and I think that, like Makefiles, only 1 caspol script has ever been written from scratch.

Answer 6

I guess I have to be the lone voice in the wilderness, and disagree with the other responders here.
As I elaborated in my answer to a similar question a few months ago, there are specific scenarios where CAS is the way to go. Of course, this only applies if you're very security-conscious and dealing with a sensitive system, AND taking into account that this simply provides an additional layer of defense, you're probably not gonna get to the place where you need this till you fix all the other serious issues in your application.
Again, CAS gives you the capability to limit what your APPLICATION can do, not just your users, and in a very granular way.

Answer 7

An example of CAS is in WPF hosted-in-browser apps (.xbap's).

The problem there is how to protect clients from managed code running in an appdomain hosted by the browser.

To do that, WPF (more exactly, PresentationHost.exe) creates an appdomain that has restricted permissions. The code that runs within its boundaries, runs with a limited set of permissions (e.g. no File IO, no Registry access, only safe printing, etc).

Another point of view to consider when thinking about CAS usefulness is put on the shoes on someone writing a library that will be installed in client machines. How do you protect client machines and their networks from partially trusted code running in the browser e.g. as part of a WPF application calling into those libraries? CAS helps completes the puzzle here, making appropriate demands so partially trusted code only has access to safely exposed functionality.