In this chapter, we discuss the two main components of .NET security:
Permissions, in .NET, provide a layer of security independent of that imposed by the operating system. Their job is twofold:
Limiting the kinds of operations that untrusted or partially trusted .NET assemblies can perform
Limiting who can do what
The cryptography support in .NET allows you to store or exchange high-value secrets, prevent eavesdropping, detect message tampering, generate one-way hashes for storing passwords, and create digital signatures.
The types covered in this chapter are defined in the following namespaces:
System.Security; System.Security.Permissions; System.Security.Principal; System.Security.Cryptography;
In Chapter 13, we covered isolated storage, which serves another useful role in a secure environment.
The Framework uses permissions for both sandboxing and authorization. A permission acts as a gate that conditionally prevents code from executing. Sandboxing uses code access permissions; authorization uses identity and role permissions.
Although both follow a similar model, they feel quite different to use. Part of the reason for this is that they typically put you on a different side of the fence: with code access security, you’re usually the untrusted party; with identity and role security, you’re usually the untrusting party. Code access security is most often forced upon you by the CLR (for the benefit of the end ...