Security has several key aspects to consider. One is the user of the application. Is it really the user, or someone posing as the user, who is accessing the application? How can this user be trusted? As you will see in this chapter, the user first needs to be authenticated, and then authorization occurs to verify if the user is allowed to use the requested resources.
What about data that is stored or sent across the network? Is it possible that someone accesses this data, for example, by using a network sniffer? Encryption of data is important here.
Yet another aspect is the application itself. How can you trust the application? What is the origin or evidence from the application? This is extremely important, for example, in a Web hosting scenario. A Web hosting provider does not allow its customers to access all resources from the system. Depending on the evidence of the assembly, different permissions for the application apply.
This chapter explores the features available in .NET to help you manage security, including how .NET protects you from malicious code, how to administer security policies, and how to access the security subsystem programmatically. The topics of this chapter are:
- Authentication and authorization
- Access control to resources
- Code access security
- Managing security policies
Authentication and Authorization
Authentication is the process of identifying the user, and authorization occurs afterward to verify if the identified user ...