Code Access Security and Policy in Microsoft's .NET

.NET is Microsoft's new platform, oriented towards Internet-based applications and Web services. Because of its orientation towards programs loaded and run from the Internet, it was designed with security in mind. At runtime, the.NET framework can determine what permissions to allow to a block code depending on evidence, which includes the location of the code (local disk, intranet, internet, etc.) and its publisher. This allows the runtime system to give trusted code full access, and allowing code from an untrustworthy source to execute, while preventing it from performing operations which could cause damage. The system administrator can assign code to different code groups, and control the permissions allowed to each group, by setting the .NET framework security policy. This document gives an overview of .NET security; explains how evidence-based security works; and gives information and suggestions for setting the security policy.