Chapter 12. Security

In traditional operating systems such as Windows or Unix, the security model is user-oriented. Processes execute under a certain security identityusually that of the launching userand the operating system grants access to resources or permission to perform certain operations based on that identity. Typically, either the user is omnipotent (an administrator or root account), or the user is restricted and can perform only a narrow set of operations. The user-oriented security model has a number of shortcomings. For one thing, even powerful users can make mistakes, such as installing harmful applications from dubious sources or simply launching email viruses. In general, all users are vulnerable to attacks, and only through experience do users learn how to prevent them. Even if no foul play is involved, users are often required to be involved in making runtime decisions about the nature of components, such as whether or not to trust content coming from a particular source. Furthermore, restricted users often don't get to work in an environment that is tailored to their needs and preferences, and the overall quality of their sessions suffers. New breeds of threats such as worms, luring attacks, and Trojan horses target such weaknesses and can wait for an administrator to log on before strikinglong after the initial security breach.

In today's component-oriented environment, there is a need for a component-oriented security model. A component-oriented operating system (such as the CLR) needs to examine not only what the user is allowed to do, but also what operations a given piece of code is allowed to do and what evidence that code provides to establish its identity and authenticity. This is exactly what the .NET security model is all about. .NET component-oriented security complements Windows user-based security, providing system administrators and developers granular control and flexibility without compromising overall security. This results in a productivity gain because, for the most part, you don't need to bother with programmatic security; it also improves the trustworthiness of applications built with .NET. This chapter describes the component- and user-oriented security facilities available to .NET developers.

.NET application frameworks such as ASP.NET and Web Services provide their own security infrastructures to authenticate and authorize callers. Such application-specific security is subjected to the security infrastructure described in this chapter.