Article: Code Access Security: When Role-based Security Isn’t Enough
Role-based security works pretty well in most situations but as Sharepoint developers learned long ago it doesn’t work for everything. Now that .NET supports Web parts, even more developers will find they need to get a basic understanding of Microsoft’s Code Access Security.
Ask any typical .NET developer about Code Access Security (CAS) and you’ve got the chance of hearing “Huh?” as the response. Most developers haven’t run into CAS at all—let alone in a way that would cause them to develop a deep understanding of it.
Ask your typical SharePoint developer about CAS and they’re likely to begin to shudder uncontrollably. Why is that? Well, SharePoint developers have been dealing with CAS since the day that SharePoint was released. Unlike ASP.NET, which makes the assumption of full trust—effectively neutralizing any impact that CAS will have on a standard .NET application—SharePoint starts with a minimal trust, which means most code will need to have a CAS policy applied to it in order to work.