.NET Code Access Security: Useful or just overcomplicated?

I've had to deal with CAS but it wasn't too difficult since I only had to deploy it on a dozen workstations or so. You can also push out the required settings via Group Policy.

But to answer your question, no, I don't think it ever helped.

Look on the bright side though, starting with .NET 3.5 you can run apps across a network share without CAS.

Here, here! I've shared many of the same frustrations. And of course, the over-complication and horrid documentation basically encourage developers to bypass it or use overly broad rules. Security will always be a tough nut for anyone but CAS is really difficult to do right.

The .NET team them self have comed to the same conclusion the assembly access security is being reworked for .NET#4. Take a look at this blog for more info: .NET Security blog