WCF missing CAS

My experiments with WCF, during summer time, seem to be confirmed by Christian Weyer ones. As Christian states WCF (aka Indigo) is apparently affected by a lack of support for Code Access Security. If you run your code in a Fully Trusted environment it works great, otherwise it simply doesn't work!

Ok, ok. I know that we're working with an early beta and I'm sure (I guess!) that they (Microsoft) will support CAS before the RTM ... but I think that's not a good message, to the community of developers, that Microsoft development lifecycle of a big and great product like WCF makes security and sandoboxing at least in the second half of its development. I think that every product manager and every developer should take care of security from the beginning of the project.


No Comments