.NET Security and Cryptography
Chapter Seven. .NET User -Based Security
In its simplest form, the purpose of security is to prevent people and programs from doing things that an administrator or a programmer is not willing to allow. In this chapter we look at the first of two major aspects of .NET security programming, known as user-based security. [1] In the past, security has always focused on managing user permissions that allow you to restrict actions based on the identity of the current user. Thus, traditionally, you have been able to control how specific users can access certain resources, such as files, registry entries, and so forth. If you have already worked with security- related programming in Windows or UNIX, you are probably familiar with this traditional concept of user-based security. [1] User-based security is also often referred to as role-based security. Before discussing .NET security programming, we study the big picture of how the security model works on the .NET platform. Then we drill down on most of the classes in the .NET Framework that are related to user-based security. After that, we look at several programming examples that demonstrate how to use these classes in various ways. Finally, we consider a few general rules of thumb that you should keep in mind whenever you are involved in security programming. In Chapter 8 we look at the very different and new concept in security programming known as Code Access Security (CAS). [2] In contrast to user-based security, CAS allows you to restrict actions based on the identity of the executing code rather than on the identity of the user who runs that code. [2] CAS is also known as evidence-based security. |