Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What Replaces Code Access Security in .net

Tags:

c#

.net

.net-4.0

With the demise of Code Access Security, how do we restrict access to a DLL in .Net framework 4.0?

Specifically, we have a project with a UI layer and a business layer. The UI layer tells the business layer who the user is.

What we are trying to stop is any dll other than the UI layer calling the business layer and saying "Hi I am Joe".

like image 503
Shiraz Bhaiji Avatar asked Aug 23 '10 11:08

Shiraz Bhaiji


People also ask

What is code access security in net?

Code Access Security (CAS), in the Microsoft . NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the code group that the assembly belongs to.

What is the difference between code access security and evidence?

CAS provides evidence-based security built on a layer above the security provided by the Windows operating system. While Windows is based on the permissions of the user, CAS is based on the evidence for the assembly.


1 Answers

Somewhat a partial answer, but you can use the lagacy CAS in .Net 4. Quote from http://www.infoq.com/news/2009/11/CAS-Replaced:

With .NET 4.0, global CAS policies will disabled by default. System administrators are encouraged to use more effective means such as Windows Software Restriction Policies instead. If CAS is actually needed, it can be enabled on a per application basis in the app.config file setting the runtime/NetFx40_LegacySecurityPolicyenabled flag to true.

like image 89
Mikael Svenson Avatar answered Sep 27 '22 00:09

Mikael Svenson