Security

Despite the precedent I set earlier in this book, I’m going to discuss security toward the beginning of this chapter, for several reasons:

  • Security is what you will encounter most often from a management perspective.

  • The .NET Security model is probably the most radical shift from tradition among all elements of the Framework.

  • Most other elements of the .NET Framework depend on security.

  • It is just too darn important.

Code access security is an entirely new concept introduced by the .NET Framework. Traditional security models rely solely on the identification of the user and in turn apply the appropriate permissions. .NET supplements this model with another model running in parallel, the code access security model. In code access security, the running code, not the user, is identified using “evidence” of its origin, and permissions are applied depending on that evidence.

This is very useful in many scenarios, but perhaps the most evident example is the case of spyware and viruses. In a code access security model, you can limit the functionality available to an application. This can prevent an Internet-based application from modifying the registry, accessing the network, accessing certain files, or performing virtually any action you choose to define.

As I mentioned earlier, code is identified based on evidence. Table 9-3 lists different types of evidence that can be exposed.

Table 9-3. Types of evidence

Evidence type

Description

Example(s) of condition

Zone

The zone ...

Get Learning Windows Server 2003 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.