Chapter 21. Security


  • Authentication and authorization

  • Cryptography

  • Access control to resources

  • Code access security

Security has several key elements that you need to consider in making your applications secure. One is the user of the application. Is it really the user, or someone posing as the user, who is accessing the application? How can this user be trusted? As you will see in this chapter, the user first needs to be authenticated, and then authorization occurs to verify if the user is allowed to use the requested resources.

What about data that is stored or sent across the network? Is it possible that someone accesses this data, for example, by using a network sniffer? Encryption of data is important here. Some technologies, such as Windows Communication Foundation (WCF) provide encryption capabilities by simple configuration, so you can see what's done behind the scenes.

Yet another aspect is the application itself. What if the application is hosted by a web provider? How is the application restricted from doing harm to the server?

This chapter explores the features available in .NET to help you manage security, and shows you how .NET protects you from malicious code, how to administer security policies, and how to access the security subsystem programmatically.


Two fundamental pillars of security are authentication and authorization. Authentication is the process of identifying the user, and authorization occurs afterward to ...

Get Professional C# 4 and .NET 4 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.