In the .NET Framework version 4, code access security (CAS) has undergone major changes, with the purpose of simplifying the security system.
In earlier versions of the .NET Framework, the rights of a managed application were determined by security policy rules, which were set computer-wide to establish runtime settings.
Starting with the .NET Framework 4:
Security policy is no longer in effect.
Permissions are still in use
Only the security policy system has been eliminated
Access rights for applications are determined by two factors:
Grant set established by the application domain
All partial-trust applications are classified as transparent.
Transparent applications do not have to be concerned with security.
Transparency was first used for Microsoft Silverlight and has now been extended to all hosted environments.
Desktop and local intranet applications are granted full trust
This is deep, I have a trusty Dietel Developer Series book on C#2010 for Programmers which is overdue from the Microsoft library, let’s see what Dietel says on this very important part of programming:
This book looks suspiciously like the College textbook without the homework problems, but if I look up Code Access Security or just the word Security in the index, nothing.
What about Security-transparent, critical or self critical code? In over 1100 pages of tiny print, no mention in the index and I simply don’t have time to review the whole book. Weird.
Watch for more on security and unit testing in the future!
Are you compiling this study guide into a complete document anywhere? It might be an easier read if it's not spread out among numerous blog posts. Excellent work by the way!
Bob, thank you for the compliment. I will pull together a compliation document when I complete my rambling preparation for the 70-511 exam is complete.