.NET Security and Cryptography

Authentication and Authorization

Before we can get anywhere in this chapter or the next, we must first come to grips with the questions of authentication and authorization. The central issue in both cases is that security must be able to ensure that only authenticated entities are permitted to carry out authorized actions. This issue therefore is resolved into two distinct questions:

Authentication: Who are you?
Authorization: Are you permitted?

Who are you? ^[3] can refer to either the identity of the user currently executing the code or the identity of the assemblies^[4] that contain the code being executed. In fact, this distinction is the key difference between user-based security and CAS. In the case of user-based security, the question of ...

Get .NET Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

.NET Security and Cryptography by Peter Thorsteinson, G. Gnana Arun Ganesh

Authentication and Authorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly