- CAS - declarative - compiler performs security checks prior to running code.
- CAS - imperative - code itself performs checks and controls what happens.
- SecurityAction.Demand, CodeAccessPermission.Demand() - checks an assm's caller for permissions.
- SecurityMnager.IsGranted() - checks whether an assm itself has particular CAS perms.
Techniques for Limiting Permissions
- use CAS assm decl to restrict perms granted to assm as a whole.
- Then control perms on a more granular lvl by restricting perms within mthd decl + using imperative stmts.
- EXAM HINT: use RequestRefuse(==Deny) and RequestOptional(==PermitOnly) for assm decl, and Deny and PermitOnly for mthds.
- Exception handling - revert to PermitOnly (say for logging) and then revert.
- Assert() - on a perm, it means that any code calling the mthd on which Assert is invoked is vouched for - it does not need said perm itself.
