Chapter 9. Administering Code-Access Security

The final aspect of code-access security (CAS) comprises the tools provided with the .NET Framework SDK that allow you to configure and test the security system. This chapter is not a comprehensive administrative reference for the configuration of .NET Framework security; instead we focus on the information and tools you as a programmer will need during the testing and debugging of your programs. These tools are relevant no matter what type of code you develop, but are particularly useful when developing systems that rely on or manipulate the CAS features we have discussed in the previous four chapters. If you require a more general discussion of these tools and .NET security administration, we refer you to the .NET Framework SDK documentation.

First, we outline the default security policy implemented by the .NET Framework. If you work in a corporate environment, it is likely that a central IT or security group will define a standard security policy. However, outside such environments many average users are unable or reluctant to change the default security policy. It is important that you understand the security restrictions enforced by the most common environment in which your code is likely to run. You can then either program around these restrictions or communicate any special security requirements to the users of your code.

We look at three tools provided with the .NET Framework SDK and show you how to use them in the configuration and testing of security policy:

Permissions View tool

Allows you to view an assembly's declarative security statements

The .NET Framework Configuration tool

Provides a graphical interface through which to configure aspects of the .NET Framework

The Code-Access Security Policy tool

Provides a command-line interface through which to configure the .NET Framework security system