Chapter 22

Security

WHAT’S IN THIS CHAPTER?

• Authentication and authorization
• Cryptography
• Access control to resources
• Code access security

WROX.COM CODE DOWNLOADS FOR THIS CHAPTER

The wrox.com code downloads for this chapter are found at http://www.wrox.com/remtitle.cgi?isbn=1118314425 on the Download Code tab. The code for this chapter is divided into the following major examples:

• Authentication Samples
  • Windows Principal
  • Role Based Security
  • Application Services
• Encryption Samples
  • Signature
  • Secure Transfer
• File Access Control
• Code Access Security
  • Permissions

INTRODUCTION

Security has several key elements that you need to consider in order to make your applications secure. The primary one, of course, is the user of the application. Is the user actually the person authorized to access the application, or someone posing as the user? How can this user be trusted? As you will see in this chapter, ensuring the security of an application in regard of the user is a two-part process: First, users need to be authenticated, and then they need to be authorized to verify that they are allowed to use the requested resources.

What about data that is stored or sent across the network? Is it possible for someone to access this data, for example, by using a network sniffer? Encryption of data is important in this regard. Some technologies, such as Windows Communication Foundation (WCF) provide encryption capabilities by simple configuration, so you can see what’s done behind the scenes. ...