Chapter 21. Security
In this chapter, we discuss the two main components of .NET security:
Identity and role security (authorization)
Identity and role security lets you write applications that limit who can do what.
The cryptography APIs are for storing/exchanging high-value data, preventing eavesdropping, detecting message tampering, generating one-way hashes for storing passwords, and creating digital signatures.
We also discuss how to deal with operating system security, and the legacy Code Access Security (CAS), which limits the operations that your code can perform.
The types covered in this chapter are defined in the following namespaces:
System.Security; System.Security.Permissions; System.Security.Principal; System.Security.Cryptography;
Code Access Security
Code Access Security (CAS) allows the CLR to create a locked-down or sandboxed environment that prevents code from performing certain kinds of operations (such as reading operating system files, performing reflection, or creating a user interface). The sandboxed environment created by CAS is referred to as a partial trust environment, whereas the normal unrestricted environment is referred to as full trust.
CAS was considered strategic in the early days of .NET, as it enabled the following:
Running C# ActiveX controls inside a web browser (like Java applets)
Lowering the cost of shared web hosting by allowing multiple websites to run inside the same .NET process
Deploying permission-restricted ...