Is “Code Access Security” of any real world use?

Question

Warning:

Newer versions of .Net and .Net core has have removed and/or changed “Code Access Security” (CAS) since this question was asked.

Original Questio

Answer 1

Technically, it's very useful as it allows a very fine grained permission specification. This is both good for you (as theoretically it makes exploiting security vulnerabilities a lot harder - even if an attacker gains full control over your app, he is still locked in the CAS Sandbox) and for your customer (as they can see exactly what your application can do and run their own security audit).

In practical use, it's mostly meaningless. I think it's too complex, too little supported by the available dev tools and most users don't care anyway.

There are exceptions of course (Governments and customers who really know .net/CAS) and I would love to say that CAS is absolutely useful and mandatory, but the reality speaks a clear language.