Click here to Skip to main content
12,547,616 members (44,460 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


1 bookmarked

What is CAS, Evidence, Permission Set & Code Groups?

, 5 Jun 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
What is CAS, evidence, permission set & code groups?

CAS-Code Access Security is a security model which grants or denies permissions to your Assemblies depending on Evidences (like from where the code comes from. Does the code come from the internet or has it comes from a valid publisher or other source.)

How CAS Works

Before executing any assembly, CAS collects the  Evidence Values (publisher, source of assembly, does it have strong name) about that assembly and depending on the Evidence values, it start assigning permissions to the assembly via Permission set (Permission Set is the collection of permission).

Code Groups - Code Groups are a collection of permission that are allocated to an Assembly as per the Evidence values.

We can apply CAS on any assembly using “caspol”. To run this, go to your Visual Studio Command Prompt and run “caspol”. But because it is very difficult to work through “caspol”, we will use .NET Framework 2.0 configuration tool for CAS.

To see what kind of permissions an assembly has - right click on runtime security policy from the left hand side tree and select Evaluate Assembly…

To create a permission, set-right click on Permission Sets and add new permission set and add permissions as per you.

To change to Code Group-right, click on a particular code group and change the permission set as per your requirements.

Problems with CAS:

  1. Appling CAS is not an easy task
  2. Deployment of code requires CAS Setup again
  3. CAS doesn’t work on unmanaged code


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Akash Ashok Jain
Software Developer (Senior)
India India
I am "Akash Jain" working in IT Industry from last 6 years. From the beginning of my career I worked with C# for both windows and web application. In my short career I worked for 2 Major ERP Applications, e-commerce applications, CMS based applications and also few static websites.

I am a MCP for web application for ASP.NET 4.0. I have also done PMP training as project management is one of my interest area.

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.161018.1 | Last Updated 6 Jun 2014
Article Copyright 2014 by Akash Ashok Jain
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid