Chapter 6. The security model and elevated trust
This chapter covers
The .NET desktop application code security model is centered on the concept of code-access security (CAS). This model, although extremely powerful, was found to be difficult to configure and maintain on end-user workstations using tools like CASPOL (Code Access Security Policy editor), and sometimes difficult to use in production code. It was also difficult for users to understand exactly what rights they’ve granted to specific applications. Finally, it had no provision for easy runtime or application install-time permissions granting to system resources like the webcam.
For Silverlight, the team has implemented a simpler but more restrictive security model, appropriate for web-delivered applications. The new model has two main parts: the transparency model and user initiation and consent.
Code transparency helps ensure that application code is well behaved and can’t compromise the machine. Specifically, it ensures that access to the file system and to different APIs is heavily controlled by Silverlight itself. User initiation and consent ensures that the application cannot do things on the user’s behalf without the user either causing it to happen (initiation) or approving it (consent).