The CAS framework is a mechanism developed to protect systems from dangerous APIs that are invoked by untrusted code. It simply allows two pieces of code to communicate in a manner that can't be compromised.
To know what untrusted code is, we will first define what trusted code is. Trusted code is defined as code from the AOT running on the Application Object Server (AOS), meaning the code must be written by a trusted developer. This is because the developer privileges and permissions are the highest level of permission over the entire application. In other words, if you execute the code outside the AOS on a client, there is the possibility that it was altered on the client side before execution, thus rendering the code untrusted. The following figure demonstrates this mechanism:
Tip
For more information on CAS, visit Microsoft MSDN: http://msdn.microsoft.com/en-us/library/ff648663.aspx.
The main purpose of CAS is securing the tunnel between an API and its consumer...