Chapter 21. Security

In this chapter, we discuss the two main components of .NET security:

  • Identity and role security (authorization)

  • Cryptography

Identity and role security lets you write applications that limit who can do what.

The cryptography APIs are for storing/exchanging high-value data, preventing eavesdropping, detecting message tampering, generating one-way hashes for storing passwords, and creating digital signatures.

We also discuss how to deal with operating system security, and the legacy Code Access Security (CAS), which limits the operations that your code can perform.

The types covered in this chapter are defined in the following namespaces:

System.Security;
System.Security.Permissions;
System.Security.Principal;
System.Security.Cryptography;

Code Access Security

Code Access Security (CAS) allows the CLR to create a locked-down or sandboxed environment that prevents code from performing certain kinds of operations (such as reading operating system files, performing reflection, or creating a user interface). The sandboxed environment created by CAS is referred to as a partial trust environment, whereas the normal unrestricted environment is referred to as full trust.

CAS was considered strategic in the early days of .NET, as it enabled the following:

  • Running C# ActiveX controls inside a web browser (like Java applets)

  • Lowering the cost of shared web hosting by allowing multiple websites to run inside the same .NET process

  • Deploying permission-restricted ...

Get C# 7.0 in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.