5.2 Introducing Role-Based Security

Previous page
Table of content
Next page

The .NET Framework provides a generic role-based security mechanism to represent the identity and roles of the user on whose behalf code is running. As illustrated in Figure 5-1, you can use .NET's role-based security mechanism to integrate with an existing user account system, such as that provided by Windows or Microsoft's Passport .NET authentication mechanism. However, it is just as easy to integrate with other custom user account mechanisms.

Figure 5-1. Role-based security
figs/pdns_0501.gif

Regardless of the underlying source of user information, .NET's role-based security interfaces provide a standard mechanism through which you can make runtime security decisions based on the identity and roles of a user. For example, you can make decisions, such as:

  • Ensure that only users who are members of the "Administrators" or "Managers" roles can execute a protected class member

  • Ensure that only the user "Peter" can load a class that inherits from a protected class

.NET's abstraction of the role-based security interfaces from the underlying authentication and authorization mechanisms make it relatively easy to change from one mechanism to another should the need arise. We provide a detailed coverage of .NET's role-based security mechanisms in Chapter 10.


Previous page
Table of content
Next page
Programming. NET Security
Programming .Net Security
ISBN: 0596004427
EAN: 2147483647
Year: 2005
Pages: 346
Authors: Adam Freeman, Allen Jones
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Certified Ethical Hacker Exam Prep
Metrics and Models in Software Quality Engineering (2nd Edition)
Adobe After Effects 7.0 Studio Techniques
GO! with Microsoft Office 2003 Brief (2nd Edition)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy