What is GAC?


There are two key concepts of CAS security policy- code groups and permissions. A code group contains assemblies in it in a manner that each .NET assembly is related to a particular code group and some permissions are granted to each code group. For example, using the default security policy, a control downloaded from a Web site belongs to the Zone, Internet code group, which adheres to the permissions defined by the named permission set. (Normally, the named permission set represents a very restrictive range of permissions.)

Assembly execution involves the following steps:
  1. Evidences are gathered about assembly.
  2. Depending on the gathered evidences, the assembly is assigned to a code group.
  3. Security rights are allocated to the assembly, depending on the code group.
  4. Assembly runs as per the rights assigned to it.


The CAS mechanism in .NET is used to control and configure the ability of managed code. Earlier, as this policy was applicable for only native applications, the security guarantee was limited. Therefore, developers used to look for alternating solutions, such as operating system-level solutions. This problem was solved in .NET Framework 4 by turning off the machine-wide security. The shared and hosted Web applications can now run more securely. The security policy in .NET Framework 4 has been simplified using the transparency model. This model allows you to run the Web applications without concerning about the CAS policies.
As a result of security policy changes in .NET Framework 4.0, you may encounter compilation warnings and runtime exceptions, if your try to use the obsolete CAS policy types and members either implicitly or explicitly. However, you can avoid the warnings and errors by using the <NetFx40_LegacySecurityPolicy> configuration element in the runtime settings schema to opt into the obsolete CAS policy behavior.


YOU can use the Code Access Security Tool (Caspol.exe) to turn security on and off.

To turn off security, type the following command at the command prompt:

caspol -security off

To turn on security, type the following command at the command prompt:

caspol -security on

In the .NET Framework 4.0, for using Caspol.exe, you first need to set the <LegacyCasPolicy> element to true.
Ebook Download
View all
Learn
View all