Introduction to Security in .NET

When working with Security , it is important to understand these 2 terms.

  • Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
  • Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .

Security in .NET can be achieved by

1. Code access security

CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.

Code access securitty in .NET allows different segments of code to be trusted at different levels.

Eg : FileIOPermissions

PrintingPermission

RegistryPermission

2. Role based security

Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .

Both Code access security and Role based security are based on the Permissions .

Both the above can be implemented via

1. Declarative

Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .

It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .

2. Imperative

It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .

The programmer is responsible for identifying when and how to apply security restrictions.

I will try to elaborate the above with the samples in the coming posts .

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Pin It

One thought on “Introduction to Security in .NET

  1. Pingback: ginktage.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>