The .NET runtime enforces role-based security using techniques and syntax similar to those we described in Chapter 7 for code-access security. In your applications, you protect functionality by making role-based security demands that specify the identity or role that the thread's principal must contain. If the thread's principal does not contain the demanded identity and role, then the demand causes an exception.
System.Security.Principal namespace includes
IPrincipal interfaces to represent identities and
principals. By using interfaces to represent identities and
principals, .NET provides flexibility, which means that it is
relatively easy to create concrete role-based security
implementations to support many different authentication and
authorization mechanisms. The .NET class library
contains four concrete RBS
implementations that use the
Provides a role-based authentication mechanism for use in ASP.NET
applications. Forms authentication only provides an implementation of
IIdentity; we discuss Forms authentication in
Provides a generic role-based security implementation that is independent of any specific authentication and authorization mechanism. See Section 10.2.5 for details.
Provides a role-based authentication mechanism that relies on the Microsoft Passport .NET web-based service to authenticate users. ...