The desktop .NET Framework has supported Code Access Security (CAS) for a long time but there have been plans to phase out this security model I believe.
Is CAS still fully working and supported as of .NET 4.5? Further, is it considered secure or is it merely supported as a compatibility measure?
I'm asking this to decide whether I can afford to load and sandbox untrusted code into a trusted .NET process using CAS.
Some parts of CAS have been eliminated. Starting from .NET 4.0, the machine-wide security policy that determines the trust level of an assembly based on where it came from or based on its identity has been eliminated. The rest of CAS is still supported. You can still create an AppDomain and grant it any set of permissions that you want and load the untrusted code in that AppDomain. For more information on what has changed in security since .NET 4.0 see Security Changes in the .NET Framework 4.
