Introduction to Security in .NET

When working with Security , it is important to understand these 2 terms.

  • Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
  • Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .

Security in .NET can be achieved by

1. Code access security

CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.

Code access securitty in .NET allows different segments of code to be trusted at different levels.

Eg : FileIOPermissions



2. Role based security

Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .

Both Code access security and Role based security are based on the Permissions .

Both the above can be implemented via

1. Declarative

Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .

It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .

2. Imperative

It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .

The programmer is responsible for identifying when and how to apply security restrictions.

I will try to elaborate the above with the samples in the coming posts .

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

No Responses

  1. March 26, 2010 Reply

Leave a Reply


Interesting BlogPosts to read

How to remove duplicates from integer array in C# ?
Below is a sample code snippet demonstrating the usage of the extension methods to get the distinct ...
Different Ways to get the computer name in c#
There are different ways in which the developers can get the computer name in their .NET application...
Visual Studio Tech Tour at BDotNet, Bangalore
Bangalore .NET User Group (BDotnet) and Microsoft is hosting "Visual Studio Tech Tour" on Saturday, ...