When working with Security in .NET , it is important to understand these 2 terms.
- Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
- Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .
Security in .NET can be achieved by
1. Code access security
CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.
Code access securitty in .NET allows different segments of code to be trusted at different levels.
Eg : FileIOPermissions
PrintingPermission
RegistryPermission
2. Role based security
Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .
Both Code access security and Role based security are based on the Permissions .
Both the above can be implemented via
1. Declarative
Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .
It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .
2. Imperative
It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .
The programmer is responsible for identifying when and how to apply security restrictions.
I will try to elaborate the above with the samples in the coming posts .