To protect computer systems from malicious code and to provide a way to allow mobile code to run safely, the .NET Framework provides a security mechanism called Code Access Security (CAS). While CAS is a .NET security feature, it applies to all .NET managed code such as ASP.NET Web applications. While CAS applies to all managed code, you may need to specifically code with it in mind when:

You are designing browser-hosted controls
You are hosting third-party applications
You are hosting assemblies from different vendors on a shared server
You want to prevent certain native functions, such as file write APIs, to be available to certain assemblies

CAS allows code to be trusted to varying degrees, as determined by security policy, depending on where the code comes from and on other aspects of the code's identity, such as its strong assembly name. CAS reduces the likelihood of your code being misused by other malicious code. It allows you to specifically set the operations your code should be allowed to perform as well as the operations your code should never be allowed to perform. Specifically, CAS supports a permission support mechanism by which code can explicitly request particular permissions and explicitly refuse others that it knows it never needs.