Chapter 9. Security

The .NET Framework offers two security mechanisms—code access security and role-based security. Both security mechanisms are built on top of the security provided by the underlying OS. Code access security keeps track of where the assemblies come from and what security permissions should be granted to them. Role-based security enables the code to make security decisions based on the role of the user executing the code.

In this chapter, we look at the concepts underlying code access security and role-based security. We also examine the classes and services provided by the .NET Framework to facilitate the use of these security mechanisms.

Security is also an important consideration for ASP.NET applications. ASP.NET applications need to authenticate clients and provide restricted access to any sensitive data, based on the client credentials. In addition, the ASP.NET applications may also have to act on behalf of the client in some cases to access OS secured resources such as NTFS files. In this chapter, we also examine various security features that ASP.NET provides to deal with authentication, authorization, and impersonation.