Programming .NET Security by Adam Freeman, Allen Jones

The .NET runtime provides a simple role-based security mechanism that enables code to make security decisions based on the user that is running the code, and the roles to which the user belongs. .NET’s role-based security model is independent of any underlying authentication and authorization mechanism, and relies on two key abstractions that represent the user and their roles: identities and principals. An identity represents an authenticated user, and the principal is a container that holds both the identity and the set of roles to which the identity belongs. Principals are assigned to threads and provide the information necessary for the runtime to authorize and control the actions of the current user.

The System.Security.Principal namespace contains the interfaces that define the functionality of identities and principals, and includes two concrete role-based security implementations. The first implementation consists of the classes named with the prefix “Generic.” The generic role-based security implementation is simple and requires direct manipulation to configure identities and principals, but can be used in conjunction with any user authentication and authorization mechanism. The second implementation consists of the classes named with the prefix “Windows.” The Windows role-based security implementation integrates with the Windows user accounts mechanism and allows code to base security decisions on Windows user accounts, ...