SharePoint Administrator's and Developer's Guide to Code Access Security

Understand Microsoft .NET Framework code access security (CAS) and how to work with it in custom SharePoint solutions. Explore configuration options, get best practices for managing CAS in SharePoint environments, and walk through a complex CAS scenario.


  • Introduction to Code Access Security and SharePoint
  • What Is Identity Security?
  • What Is Code Access Security?
  • Link Demands and Allowing Partially Trusted Callers
  • Understanding the Components of CAS in ASP.NET
  • Why CAS Is Important to SharePoint Administrators
  • Why CAS Is Important to SharePoint Developers
  • Working with CAS in SharePoint
  • Best Practices for Managing CAS in SharePoint
  • Real-World SharePoint and CAS Walkthrough

Code access security (CAS) was introduced in the first version of the Microsoft .NET Framework. However, many developers using the .NET Framework have not needed to address the details of how CAS worked in most custom applications and so could simply ignore CAS. The story is different for SharePoint developers. Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 make significant use of CAS for protection from malicious or dangerous code. All SharePoint developers should have a working knowledge of CAS so that they can identify and resolve security issues. All SharePoint administrators should have a working knowledge of CAS so that they can secure and manage their SharePoint servers and understand the implications of changing a Web application’s trust level for third-party components.

This article provides a brief introduction to CAS, and explains why CAS is important to both SharePoint administrators and developers. It also explains how SharePoint uses CAS, describes the different options available to developers and administrators to manage CAS, and walks through the process of identifying and modifying CAS for a sample application.

Andrew Connell
Developer & Chief Course Artisan, Voitanos LLC. | Microsoft MVP
Written by Andrew Connell

Andrew Connell is a web & cloud developer with a focus on Microsoft Azure & Microsoft 365. He’s received Microsoft’s MVP award every year since 2005 and has helped thousands of developers through the various courses he’s authored & taught. Andrew’s the founder of Voitanos and is dedicated to helping you be the best Microsoft 365 web & cloud developer. He lives with his wife & two kids in Florida.