Introduction

Security is already an increasing concern for businesses. The .NET Framework is designed to allow for distributed applications across the Internet. This concept introduces a slew of security risks. Microsoft realizes these risks and has introduced new security functionality that is incorporated in the .NET Framework. This chapter is not meant to completely cover implementing security but rather to show you the functionality that is available and how to use it.

Some of the security concepts are the same as before. You will still authenticate users prior to allowing them on the system. You will continue to use permissions and rights for user access to specific objects on the system and authentication of users are always required. This type of security is fine for systems that are physically disconnected from the Internet. With connections to the Internet, one of the concerns is for mobile code. Mobile code is code that can be executed and can come from sources outside your network. This could come from e-mail attachments, from code embedded in documents, or from code that you download from Web sites. As many of you have seen, sometimes this code can be malicious. One important mechanism that is introduced with .NET can help with this type of problem is code access security (CAS), which prevents mobile code from accessing sensitive resources by allowing permissions to be granted to code, or code demanding certain permissions from the caller of the code. This means that a group of code cannot...