Code access security is a mechanism that controls the access code has to protected resources and operations. In NGWS, code access security performs the following functions:
Code access security can prevent less trusted code from using highly trusted code to perform actions it is not authorized to perform. In addition, code access security can help minimize the damage that can result from security vulnerabilities in your code.
One typical use for code access security is the scenario where a web application downloads a control to the client so that the user can input data. Security policy might, for example, associate the pre-defined Internet set of permissions with all code that is downloaded from the Internet. Therefore, the control is granted no more permissions than the ones associated with the Internet permission set. If security policy specifies that code is given special authority (more than Internet) when it is digitally signed by a trusted source, then the code will be granted the permissions that security policy applies to all code from that trusted source. The control is built using a class library, so that whenever the library accesses a protected resource or calls unmanaged code, it does a security demand causing the permissions of its callers to be checked for the appropriate permission grants. These security checks prevent the control from being able to do things on the client's computers that it isn't authorized to do.