Problem solve Get help with specific problems with your technologies, process and projects.

Code-access cecurity

Developer Tip: Code-access cecurity

Code-Access Security

By now, unless you've been living under a rock in Mongolia, or you haven't come to our site for developer tips, you've probably heard about a new programming language, called C# (pronounced: C Sharp). C# is a simple, object oriented language attempting to combine the ease of Visual Basic with the power of C++.

Whether Microsoft can garner crucial developer interest for its new language remains to be seen, but if you're curious about C#, keep reading for a free way to learn more.

The first book we know of on this subject is by Christoph Wille. It's Presenting C# (published by Sams Publishing). Chapters 10 through 12 are currently published online on InfromIT. Every other week, InfromIT will publish three additional chapters of the book. You can whet your appetite with the excerpt below that delves into some of the security provisions of the new language.


Today, code can come to a user's desk not only via a setup application executed from a company's network server, but also from the Internet via a Web page or an email. Recent experiences have shown that this can be quite dangerous. So how can this threat be answered with .NET?

The .NET solution is code-access security. It controls access to protected resources and operations. Code is trusted to varying degrees, depending on its identity and where it comes from. The amount of code that must be fully trusted is reduced to a minimum.

The following are the most notable functions of code access security:

  • Administrators can define security policies that assign certain permissions to defined groups of code.
  • Code can demand that a caller must have specific permissions.
  • Code execution is restricted by the runtime. Checks are performed that verify the granted permissions of a caller match the required permissions for the operations.
  • Code can request the permissions it requires to run and the permissions that would be useful, as well as explicitly state which permissions it must never have.
  • Permissions are defined that represent certain rights to access various system resources.
  • Code-access security grants permissions when a component is loaded. This granting is based on the requests by the code, as well as the permitted operations defined by the security policy.

From reading this list, you can see that less-trusted code will be prevented from calling highly trusted code because permissions of the less-trusted code are enforced. You will especially like that for Internet scenarios.

The two important points of code-access security are verification of the type safety of managed code, and the permissions that are requested by the code. The minimum requirement for you to benefit from code- access security is to generate type-safe code.

To read chapters 10 through 12 of Presenting C# online, click over to Registration is required on InfromIT, but it's free. Those chapters will only be available through October 1, so click over soon if you are interested.

Read the transcript of our recent chat with MS C# expert Tony Goodhew.

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.