Introduction to Security in .NET

by Ginktage | Wednesday, Feb 3, 2010 | 330 views

When working with Security , it is important to understand these 2 terms.

  • Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
  • Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .

Security in .NET can be achieved by

1. Code access security

CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.

Code access securitty in .NET allows different segments of code to be trusted at different levels.

Eg : FileIOPermissions

PrintingPermission

RegistryPermission

2. Role based security

Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .

Both Code access security and Role based security are based on the Permissions .

Both the above can be implemented via

1. Declarative

Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .

It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .

2. Imperative

It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .

The programmer is responsible for identifying when and how to apply security restrictions.

I will try to elaborate the above with the samples in the coming posts .

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Like it? Share it!

1 Comment so far. Feel free to join this conversation.

    Leave A Response