O'Reilly logo

Programming .NET Security by Allen Jones, Adam Freeman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Programming Role-Based Security

The .NET runtime enforces role-based security using techniques and syntax similar to those we described in Chapter 7 for code-access security. In your applications, you protect functionality by making role-based security demands that specify the identity or role that the thread's principal must contain. If the thread's principal does not contain the demanded identity and role, then the demand causes an exception.

Introducing the IIdentity and IPrincipal Interfaces

The System.Security.Principal namespace includes the IIdentity and IPrincipal interfaces to represent identities and principals. By using interfaces to represent identities and principals, .NET provides flexibility, which means that it is relatively easy to create concrete role-based security implementations to support many different authentication and authorization mechanisms. The .NET class library contains four concrete RBS implementations that use the IIdentity and IPrincipal interfaces:

Forms

Provides a role-based authentication mechanism for use in ASP.NET applications. Forms authentication only provides an implementation of IIdentity; we discuss Forms authentication in Chapter 18.

Generic

Provides a generic role-based security implementation that is independent of any specific authentication and authorization mechanism. See Section 10.2.5 for details.

Passport

Provides a role-based authentication mechanism that relies on the Microsoft Passport .NET web-based service to authenticate users. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required