CAS uses assembly’s evidence to do or make its decision. Evidence tell us the exact identity of the assembly, it’s originating zone, which code group it belongs to etc. each default code group will be having some permission set. We can change these setting either through configuration wizard present in the control panel or through declarative programming which uses attributes in .net to specify the security permissions it requires. So each time when a .net type is loaded, CLR performs a Code Access Security (CAS) check
CAS is applied to a code mainly by configuring security policy. By default there are 3 security policy levels
These are :
Enterprise Level – This is used for setting policy for an entire enterprise
Machine Level – For setting machine level policies
User Level – For setting policy at user level in a machine
Under each policy level there will be code groups which are then configured to grant some permission sets. For a Default configuration Both enterprise and user will be given full trust and Machine level will be having various code groups which will be configured for Local, intranet, internet, restricted and trusted zones. Later you can configure this according to your need.
Console commands like Caspol.exe can also be used to control these permissions. Use a command line argument (- ?) to get help on this tool