I am in the process of studying for the 70-536 .NET Framework - Application Development Foundation Exam, as I have been programming .net for many years, this should not be hard!
However I am having to learn about “Code Access Security” (CAS), As I have never had a need to use or configure it, I was wondering if anyone else has found a real life usage for it?
Please provide examples of when you have used CAS and it has been part of the solution rather then the problem.
(So far everything else has had some relationship to task I have had to do in my years of .NET programming)
Related questions:
- Why to use CAS (Code Access Security)? - This has very few real world examples apart from how Microsoft uses it.
- Anyone really using Code Access Security to protect their assemblies and/or methods?
- What is Code Access Security in .NET - Defines CAS well, but does not give real examples.
- .NET Code Access Security: Useful or just overcomplicated?
Results so far.
CAS is useful when you are hosting 3rd party code. E.g. a web hosting company can use it to stop their customer's Asp.net code doing damage to the servers. (Office also make use of it when .NET is used as a replacement for VBA)
The only detailed example of it being used outside of a Microsoft application so far are:
A recent project I did had something similar: allow the user to upload a library, and test it for performance ("who makes the best algorithm"). Needless to say, we needed CAS heavily there.
CAS seems to be useful to get JITDC certification, that is like by the US department of defence, however I don’t know if CAS was of any real value, or if it was just box ticking.
(If you need to bypass a host that uses CAS and you have admin rights on them machine, you can just put your assemblies in the GAC.)
Looking forward, CAS is a bit less complex in .net 4.
At least it looks like the new Microsoft exams will not have a “foundation” exam that includes CAS. I don’t know if it will make it into the new Winforms/WPF exams.