.NET SECURITY

.NET Security Overview

Common Language Runtime (CLR) and .NET Framework provide many useful classes and services to write secure code.
These classes and services also enable system administrators to customize the access to protected resource.

.NET Framework Security

.NET Framework Provide two types of security mechanisms.
1. Code Access Security (CAS)
2. Role Based Security (RBS)

Code Access Security

CAS is a security system that allows developers and administrators to control application authorization in the same way as they authorize users.
We can restrict the access of many important resources of the system such as followings:

File System
System Registry
Printers
Event Logs
Internet Access

CAS system check partially trusted assemblies each time they try to access protected resource.
Some assemblies are exempt from CAS checks and they are called fully trusted assemblies. These assemblies can access any system resource that the user has permission to access.
Unmanaged applications are also exempt from CAS checks and developers need to manage them with operating system or Role based security.

Authentication

Authentication is the process of discovering and verifying the identity of a user by

examining the user’s credentials and validating those credentials against some authority.

The Credentials normally used are User ID and Password.

Authorization

Authorization is the process of determining whether a user is allowed to perform a requested action.

Authorization occurs after authentication.

Authorization uses information about user identity and roles to determine what resources the user can access.