none
How to turn CAS off in .NET 4? RRS feed

  • Question

  • I have single application server. I want to turn CAS off completely for that application or for the whole system I dont care about security issues - the box is running inside secured environment.

    Please tell how to switch off CAS.

    Would appreciate answers on the questions and not telling me stories about nasty viruses. Thank you in advance.

    Tuesday, June 22, 2010 10:46 PM

Answers

  •  

    2.0 dll loaded into 4.0 application will trigger side-by-side runtimes of CLR2.0 and 4.0, that command will disable CAS for both runtime, this document has more.

     

    Turning off code access security is a computer-wide operation that terminates security checks for all managed code and for all users on the computer. Although the –list option shows that security is turned off, nothing else clearly indicates for other users that security has been turned off. If side-by-side versions of the common language runtime are installed, this command turns off security for every version of the runtime installed on the computer.


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by maxima Monday, June 28, 2010 10:23 AM
    Thursday, June 24, 2010 10:50 AM

All replies

  •  

    Hi,

    Generally, in .NET4.0, we no need to take care about CAS because CAS policy is moved away, our applications are now security transparency. This article brings more.

     

    In the other hand, CAS is not dead in .NET 4.0, CLR still provides ability for us to face partial trust environment, see here for more details.

     

    so, .NET4.0 already "switch off CAS" by removing CAS policy.


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Wednesday, June 23, 2010 2:40 AM
  • Hi Eric, thanks for the info. I as many developers suck at security issues... so can you please explain this artefact I am monitoring:

    I have business critical low latency app using .NET4 and it uses 3d party API (not sure how it was compiled) which uses TCP socket a lot.

    I found that one particular method call on the API takes between 2 and 9ms to execute on the live server while <1ms on my test machine. So I started to monitor it and found that there are few CAS checks added to perf counter Total # of checks every time I call that particular method.

    I am not sure whether CAS contributes to the lag but I need to disable it anyway - to reduce latency. The server is inside secure environment so I dont mind reduced security for the app.

    May be API is .NET 2.0 and still uses CAS? does that mean I have to disable CAS using .NET 2.0 caspol? Please provide a detailed instruction -as I said I have very little knowledge on security matters.

    Wednesday, June 23, 2010 10:49 AM
  •  

    For .NET 2.0 runtime, you can use capsol.exe to disable CAS of current machine, Launch Visual Studio 2008 Command Prompt as administrator, and run command 'caspol -s off'.

     

    Does the Total Runtime Checks grows a lot when you monitor it on live server than on your local machine?


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, June 24, 2010 4:02 AM
  • Yes I monitor server primarily.. It adds about half-dozen of checks for one particular method to call (which I am trying to optimize). It is not much but I cant tolerate any latency which is not absolutely vital.

    I tried caspol -s off but to no avail so far.. will try again today.

    Does it affect any loaded .NET dlls, even if 2.0 dll loaded into 4.0 application code?

    Thursday, June 24, 2010 9:02 AM
  •  

    2.0 dll loaded into 4.0 application will trigger side-by-side runtimes of CLR2.0 and 4.0, that command will disable CAS for both runtime, this document has more.

     

    Turning off code access security is a computer-wide operation that terminates security checks for all managed code and for all users on the computer. Although the –list option shows that security is turned off, nothing else clearly indicates for other users that security has been turned off. If side-by-side versions of the common language runtime are installed, this command turns off security for every version of the runtime installed on the computer.


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by maxima Monday, June 28, 2010 10:23 AM
    Thursday, June 24, 2010 10:50 AM