Code Access Security

Summary

In this chapter, we touched upon some of the more important security topics that SDS developers will face. Binding and the security context is probably the biggest challenge that a developer will encounter. A failure to understand the security context of SDS code is the leading cause of seemingly "random" or "hard-to-diagnose" errors. If we had to recommend one area where we should focus our attention, it is to understand where and in what context our code will be executing.

While writing or reading security descriptors is not as common a task as might be envisioned, it is extremely helpful to understand the basics of how these mechanisms work and are manipulated in SDS. It is also important to understand the differences between versions 1.x and 2.0 of the .NET Framework in this space, as they are definitely not the same.

Finally, a basic understanding of CAS as it relates to SDS will ensure that our code can be deployed across environments. Using .NET, we have some exciting options for deploying our code where it may be partially trusted. Increasingly, a solid understanding of how CAS will affect our deployment options is becoming necessary. While .NET version 1.x made CAS in directory services programming nearly unusable, version 2.0 has made great strides toward providing an easy and consistent model that we can actually use.