Chapter 12: Security in the .NET Framework

Overview

This chapter covers the basics of security and cryptography. It begins with a brief discussion of the .NET Framework’s security architecture, because this affects all the solutions you may choose to implement.

The .NET Framework provides you with additional tools and functionality with regard to security. You now have the System.Security.Permissions namespace, which enables you to control code access permissions along with role-based and identity permissions. Through your code, you can control access to objects programmatically, as well as receive information on the current permissions of objects. This security framework will assist you in determining whether you have permissions to run your code, instead of getting halfway through execution and having to deal with permission-based exceptions. This chapter covers the following:

• Concepts and definitions

• Permissions

• Roles

• Principals

• Code access permissions

• Role-based permissions

• Identity permissions

• Managing permissions

• Managing policies

• Cryptography

Cryptography is the cornerstone of the .NET Web Services security model, so the second half of this chapter discusses the basis of cryptography and how to implement it. Specifically, it covers the following:

• Hash algorithms

• SHA

• MD5

• Secret key encryption

• Public key cryptography standard

• Digital signatures

• Certification

• Secure Sockets Layer communications

Let’s begin by looking at some security concepts and definitions.