web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / CAS - Code Access Secu...
Microsoft Dynamics AX (Archived)

CAS - Code Access Security... thread to understand it

(0) ShareShare
ReportReport
Posted on by Community Member
Hello Community, i think it would be a good idea to discuss the CAS feature of dynamics ax deeper. As I understand we have a stack trace which like the following: A: myReadFileMethod(); calls B: CommaIo calls C: WinApi' openFile And Microsoft calles a demand in the winapi method (or on the first method on the stack) do say "Hey, if you call this code you have to ask first?".... Then if I do not "ask" using an assert in the myReadFileMethod i will get an error. So I have to write an assert to tell the System "Hey, i need to access the fileio" and the system would then check (from documentation) a) is the calling code saved in the aot (wondering how to check:))? b) is the calling code on the stack trace? c) is the calling code running on the server? As i read the assert method in the .net framework does work a litte bit different. It does stop the check of the stack trace? This is confusing? I would appreciate some discussion or more information on that. Regards, Andi

*This post is locked for comments

I have the same question (0)
  • Denis Patrakov Profile Picture
    Denis Patrakov on at
    CAS is discussed in detail in Writing Secure X++ Code. Briefly, when you call an assert() on an instance of CodeAccessPermission descendant, AX kernel places a "security cookie" on the call stack. When the execution returns from the scope of a method where an assert() has been called the kernel removes a corresponding "security cookie" from the call stack.
    When you call a "dangerous API" it demands you to have a permission to call it. Then the kernel runs down the call stack and looks for a corresponding "security cookie" placed on the same tier where the "dangerous API" has been called. For now CAS is only enforced on the server tier so you can say that a corresponding assert() must be called on server.
    This all is managed at runtime - not via metadata in the AOT. Note that via runBuf() you can run a dynamically constructed code that is not saved anywhere in the AOT; you can also call a "dangerous API" from another application via Business Connector and that application's code is not saved in the AOT either.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Priya_K Profile Picture

Priya_K 4

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#3
Ali Zaidi Profile Picture

Ali Zaidi 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans