What is CAS in .NET?

Code Access Security (CAS) - CAS is the part of the .NET security model that determines whether or not code is allowed to run, and what resources it can use when it is running. For example, it is CAS that will prevent a .NET web applet from formatting your hard disk.

The CAS security policy revolves around two key concepts - code groups and permissions. Each .NET assembly is a member of a particular code group, and each code group is granted the permissions specified in a named permission set. For example, using the default security policy, a control downloaded from a web site belongs to the 'Zone - Internet' code group, which adheres to the permissions defined by the 'Internet' named permission set. (Naturally the 'Internet' named permission set represents a very restrictive range of permissions.) To view codegroups on our system, use the following command on .NET command interpretor... caspol -lg Note the hierarchy of code groups - the top of the hierarchy is the most general ('All code'), which is then sub-divided into several groups, each of which in turn can be sub-divided. Also note that (somewhat counter-intuitively) a sub-group can be associated with a more permissive permission set than its parent. If we want to trust a particular website giving it full rights to our system...Use caspol. For example, suppose we trust code from www.mydomain.com and we want it have full access to our system, but we want to keep the default restrictions for all other internet sites. To achieve this, we would add a new code group as a sub-group of the 'Zone - Internet' group,

like this: caspol -ag 1.3 -site www.mydomain.com FullTrust To change the permission, we use the -cg attribute.To turn off caspol, use caspol -s off