Hacking the Code: ASP.NET Web Application Security

Appendix A: Understanding .NET Security

Introduction

Security in the .NET Framework and the Common Language Runtime (CLR) is much more robust than many ASP developers were accustomed to. However, these security improvements also mean new concepts for developers to understand. Sometimes these security concepts themselves can be a stumbling block to writing secure code. Once you understand the .NET Framework security concepts, you will find that that the framework actually simplifies ASP.NET security.

Some of the security improvements in the .NET Framework are:

  • Code Access Security (CAS)

  • Role-based security

  • Security policies

It is important to understand that you can no longer ignore security as a part of your design and implementation phase. It is a priority to safeguard your systems from malicious code, and you also want to protect your code or application from being misused by less trusted code. For example, let s say that you implement an assembly that holds functions that modify registry settings. Because these functions can be called by other unknown code, they can become tools for malicious code if you do not incorporate the .NET Framework security as part of your code.

To be able to use the .NET Security to your advantage, you need to understand the concepts behind the security. We discuss those concepts in the following sections.

Permissions

In the real world, permission refers to an authority giving you, or anyone else for that matter, the formal OK to perform a specified task that is normally restricted to a limited group of persons. Permission has...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.