Introduction of Code Access Security in .Net Framework
Hi everyone in this article I’m explaining about Code
Accessing security in .net framework.
The common language runtime and the .net framework provide
many useful classes and services that enable developers to easily write secure
code and enable system administrator to customize the permissions granted to
code so that it can access protected resources.
Code access security is a feature that enable you to define
restrictions on code that would be executing in the manage environment. You can
use code access security to restrict access to your code, define policy levels,
code groups and grant to revoke permissions etc. you can also implement both
imperative and declarative security mode in your applications.
What is code access security?
Code access security is security features in .net that
provides restrictions on the code that is to be executed based on who the owner
of the code is, where it has been downloaded from, the evidences etc. The CLR
would allow your code to only perform operations that are permitted.
In the Microsoft .NET framework is Microsoft’s solutions to
prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the
assembly and use this to identify the code group that the assembly belongs to. A
code group contains a permission set (one or more permission). Code that
performs a privileged action will perform a code access demand which will cause
the CLR to walk up the call stack and examine the permission the permission set
granted to the assembly of each method in the call stack. The code groups and
permission sets are determined by the administrator of the machine who defines
the security policy.
You can use code access security to restrict what all your
code can do, restrict which code can invoke your code and also identify code.
Code access security imposes certain restrictions and policies based on which
access to protected resources and operations are governed.
Note that code access security is based on two key concepts,
namely, code groups and permissions. Each and every .NET assembly belongs to a
particular code group. Each code group in turn is granted a set of permission
that are specified in the permission set to which it is associated. You can use
the following command in the command line to see the code groups defined your
Code Access Security comprises of the following elements:
represent a resource that is protected, or, the ability to perform an operation
that is protected.
Permissions Sets: permission sets
comprise of a collection of permissions. The built-in permission sets provided
by the CLR include: nothing, Execution, internet, local internet.
Code Groups: code groups are
defined as logical grouping of code with a specified membership conditions.
Evidence: this can be
defined as information that is associated with an assembly. It denotes the
origin of code. The CLR examines the evidence associated with the code group.
Some typically types of evidence include: site, strong name, and publisher, URL
and zones. in essence, evidence is typically used to authenticate the code. The
various identity permissions that are used to authenticate code include.
Policies: policies are defined
as a configurable set of rules that determine the permissions to grant access
to a piece of code. Policies typically represent the user roles. There consist
of the following types: application domain policy, user policy, machine policy
and enterprise policy.
Using Declarative and Imperative Syntax:
You can define code access security in your code either
using declarative syntax using imperative syntax. While you use attributes to
define code access security declarative, the imperative syntax used runtime
Here is how you can implement code access security
public class Test
public void DoWork()
Here is how you can
implement Code Access Security using imperative syntax:
public class Test
public void DoWork()
FileIOPermission fileIOPermission =
check more post on security in .net here