In this chapter, you learned several techniques for securing WSS applications involving code access security (CAS), custom authentication, and authorization using securable objects. We first discussed the importance of using trust levels and CAS to run Web Part code in a more trustworthy fashion. At this point, you should be able to apply custom CAS settings to your Web Part code through solution packages so that it runs securely and reliably in least-trusted scenarios.

This chapter also discussed how authentication and authorization work within WSS sites. WSS tracks users at the site collection level with a user token that can be created by using either Windows authentication or forms authentication. This user token creates a WSS-specific ...