Introduction to Security in .NET

When working with Security in .NET , it is important to understand these 2 terms.

  • Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password .
  • Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .

Security in .NET can be achieved by

1. Code access security

CAS would determine whether the code has the ability to access the resource / file and whet actions code can take.

Code access securitty in .NET allows different segments of code to be trusted at different levels.

Eg : FileIOPermissions

PrintingPermission

RegistryPermission

2. Role based security

Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .

Both Code access security and Role based security are based on the Permissions .

Both the above can be implemented via

1. Declarative

Here , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes .

It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .

2. Imperative

It allows to dynamically shape the demands.We could have our own logic with the permission checks . The permissions are placed directly in the code .

The programmer is responsible for identifying when and how to apply security restrictions.

I will try to elaborate the above with the samples in the coming posts .

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Hey, wait!Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.