Security has several key aspects to consider. One is the user of the application. Is it really the user, or someone posing as the user, who is accessing the application? How can this user be trusted? As you will see in this chapter, the user first needs to be authenticated, and then authorization occurs to verify if the user is allowed to use the requested resources.
What about data that is stored or sent across the network? Is it possible that.someone accesses this data, for example, by using a-network sniffer? Encryption of data is important here.
Yet another aspect is the application itself. How can you trust the application? What is the origin or evidence from the application? This is extremely important, for example, in a Web hosting scenario. A Web hosting provider does not allow its customers to access all resources from the system. Dependlhg on the evidence of the assembly, different permissions for the application apply. This chapter explores the features available in .NET to help you manage security, including how .NET protects you from malicious code, how to administer security policies, and how to access the . security subsystem programmatically. The topics of this chapter are:
¤ Authentication and autQ.qrization
¤ Acc.e,ss control to resources
¤ Managing security policies