Role-Based Security in .NET

Most people have at least an intuitive understanding of users, groups, and passwords. MTS and COM+ have provided an additional security system based on roles. The best place to start a more detailed look at .NET security is with user identities and roles. First, we will look at this from the point of view of a Windows application and then from the point of view of an ASP.NET application.

Principals and Identities

Each thread has associated with it a CLR principal. That principal contains an identity that represents the current user ID that is running that thread. The static property Thread.CurrentPrincipal will return the current principal associated with the current thread.

Principal objects implement the IPrincipal ...

Get Application Development Using Visual Basic® and .NET now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.