The .NET Framework introduces a new layer of security, called Code Access Security. This layer lives on top of the OS security, and lets you control what a given assembly can and can’t do, just like the OS lets you define the rights of a user or group.
Before we dive into the details, there’s something (which may seem obvious at first, but is a particularly good thing to remember on the exam): whatever permissions you grant to a code, it will never have more rights than the user who runs it (just recall ASP.NET and IIS).
In the previous post, I wrote about permissions. The first important layer of CAS is the control of them. There are default permission sets, defining what an assembly can do. They are as follows:
|FullTrust||Exempts an assembly from CAS checks.|
|SkipVerification||Enables an assembly to bypass permission checks.|
|Execution||Enables an assembly to solely run.|
|Nothing||No permissions granted. Not even enough to run the given assembly.|
|LocalIntranet||The main restriction is that the assembly is not allowed to tamper with the file system, only through file dialogs.|
|Internet||A restrictive permission set, but safe.|
|Everything||Grants all permissions, but still checks the assembly.|