Share via

Security and Public Read-only Array Fields


Code Access Security (CAS) and Partially Trusted Code

The .NET Framework provides a mechanism for the enforcement of varying levels of trust on different code running in the same application called Code Access Security (CAS).

CAS is not supported in .NET Core, .NET 5, or later versions. CAS is not supported by versions of C# later than 7.0.

CAS in .NET Framework should not be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects. CAS and Security-Transparent Code are not supported as a security boundary with partially trusted code, especially code of unknown origin. We advise against loading and executing code of unknown origins without putting alternative security measures in place. .NET Framework will not issue security patches for any elevation-of-privilege exploits that might be discovered against the CAS sandbox.

This policy applies to all versions of .NET Framework, but does not apply to the .NET Framework included in Silverlight.

Never use read-only public array fields from managed libraries to define the boundary behavior or security of your applications because read-only public array fields can be modified.


Some .NET classes include read-only public fields that contain platform-specific boundary parameters. For example, the InvalidPathChars field is an array that describes the characters that are not allowed in a file path string. Many similar fields are present throughout .NET.

The values of public read-only fields like InvalidPathChars can be modified by your code or code that shares your code’s application domain. You should not use read-only public array fields like this to define the boundary behavior of your applications. If you do, malicious code can alter the boundary definitions and use your code in unexpected ways.

In version 2.0 and later of the .NET Framework, you should use methods that return a new array instead of using public array fields. For example, instead of using the InvalidPathChars field, you should use the GetInvalidPathChars method.

Note that the .NET Framework types do not use the public fields to define boundary types internally. Instead, the .NET Framework uses separate private fields. Changing the values of these public fields does not alter the behavior of .NET Framework types.

See also