WHAT'S IN THIS CHAPTER?
Defining application security requirements for modern applications
Considering security needs for a particular application
Using enhanced security features in an application
Creating and employing a security policy
Avoiding overwhelming users with security
NT security was developed at a time of low threat. The Internet didn't even exist yet, except as an experiment. Many users didn't have a connection to the LAN, much less anything more dangerous. It's small wonder, then, that NT security really hasn't kept pace with modern threats. Yes, it's an important place to start (and many applications don't even utilize NT security as fully as they should), but you really need more to protect users, applications, and data from today's external threats.
The .NET Framework comes with a number of enhanced security features you can employ to make your application safer. These features restrict user access to resources, application functionality, and data as needed, but they do so in a different way than pure NT security does. For the most part, these features make it possible to create flexible security that considers a user's current role or place of work. A user can have more rights when acting as a manager, rather than as a standard user. In addition, the user will have more rights when working in the office than when working at the local coffee shop. The following sections describe these security features in more ...