Introduction to Security in .NET

When working with Security in .NET , it is important to understand these 2 terms.

  • Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
  • Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .

Security in .NET can be achieved by

1. Code access security

CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.

Code access securitty in .NET allows different segments of code to be trusted at different levels.

Eg : FileIOPermissions

PrintingPermission

RegistryPermission

2. Role based security

Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .

Both Code access security and Role based security are based on the Permissions .

Both the above can be implemented via

1. Declarative

Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .

It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .

2. Imperative

It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .

The programmer is responsible for identifying when and how to apply security restrictions.

I will try to elaborate the above with the samples in the coming posts .

Leave A Reply

Your email address will not be published. Required fields are marked *

You May Also Like

In this post, you’ll learn about the error message “FileOpenAccessDenied – You do not have permissions to open this file...
  • .NET
  • December 3, 2024
You might have had a situation where your code once worked fine in ASP.NET application but now throws the below...
  • .NET
  • December 3, 2024
C# uses the flower bracket “{” and “}” to identify the block or scope of the function or program ....
  • .NET
  • December 3, 2024