Skip to main content


Home Code Access Security

Code Access Security

(also CAS)

Code Access Security definition

CAS is a crucial part of the .NET framework's security infrastructure. It prevents unauthorized access to resources and operations. CAS controls what the programs (code) can and cannot do on your computer.

See also: malicious code

How code access security works:

  • Identifying the code. When a program tries to run, CAS first identifies the code. It looks at where it came from and who created it. This information is like the code's ID.
  • Setting up rules. These rules decide what each piece of code can do on your computer. For example, code from a trusted source might have more freedom to do things than code from an untrusted source.
  • Asking for permission. When the code wants to do something that could affect your computer or your files, it asks CAS for permission.
  • Checking permissions. CAS checks the rules to see if this particular piece of code can do what it asks.
  • Periodic Checks: CAS doesn't just check permissions once. It keeps checking while the code runs.

Where is code access security used?

  • Enterprise Applications
  • Windows-based Applications
  • Web Applications
  • Software Development
  • Hosting Environments
  • Intranet and Internal Networks

History of code access security:

CAS was introduced with the first version of the .NET Framework in the early 2000s. Microsoft developed it to provide security for internet-connected software.

Initially, CAS was essential in protecting systems from harmful code from the internet.

Despite its benefits, CAS was complex and challenging to implement correctly.

With the introduction of .NET Core, Microsoft's newer framework did not include CAS.

In modern .NET technologies, like .NET 5 and .NET Core, there's less emphasis on CAS, with a focus on secure coding practices and platform-level security.