Code Access Security

There are three kinds of permissions, each with a specific purpose:

  1. Code access permissions, which represent access to a protected resource or the ability to perform a protected operation.
  2. Identity permissions, which indicate that code has credentials that support a particular kind of identity.
  3. Role-based security permissions, which provide a mechanism for discovering whether a user (or the agent acting on the user’s behalf) has a particular identity or is a member of a specified role.

PrincipalPermission is the only role-based security permission.

Applications that receive less than full trust by the runtime code access security system are not allowed to call shared managed libraries unless the library writer specifically allows them to through the use of the AllowPartiallyTrustedCallersAttribute Class.

AllowPartiallyTrustedCallersAttribute is only effective when applied by a strong-named assembly at the assembly level.

By default code executing from “Local Intranet” and “Internet” zone is partially trusted!

There is no programmatic way for partially trusted code to call a library that does not have the AllowPartiallyTrustedCallersAttribute attribute.

To view the list of fully trusted assemblies, use the following command:
caspol -listfulltrus

If u want to turn it off, u should be the administrator. By using this command u can turn it off.
caspol -s off

Reset security settings:
caspol -reset

XML files for storing configuration:


Leave a Reply

Your email address will not be published.