Chapter 18. Security
In this chapter, we discuss the two main components of .NET security:
Permissions
Cryptography
Permissions, in .NET, provide a layer of security independent of that imposed by the operating system. Their job is twofold:
- Sandboxing
Limiting the kinds of operations that untrusted or partially trusted .NET assemblies can perform
- Authorization
Limiting who can do what
The cryptography support in .NET allows you to store or exchange high-value secrets, prevent eavesdropping, detect message tampering, generate one-way hashes for storing passwords, and create digital signatures.
The types covered in this chapter are defined in the following namespaces:
System.Security; System.Security.Permissions; System.Security.Principal; System.Security.Cryptography;
In Chapter 13, we covered isolated storage, which serves another useful role in a secure environment.
Permissions
The Framework uses permissions for both sandboxing and authorization. A permission acts as a gate that conditionally prevents code from executing. Sandboxing uses code access permissions; authorization uses identity and role permissions.
Although both follow a similar model, they feel quite different to use. Part of the reason for this is that they typically put you on a different side of the fence: with code access security, you’re usually the untrusted party; with identity and role security, you’re usually the untrusting party. Code access security is most often forced upon you by the CLR (for the benefit of the end ...
Get C# 3.0 in a Nutshell, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.