The .NET Framework includes a comprehensive set of security tools, including both low-level classes for managing security and an overall framework for applying these tools to particular applications. The tools for managing security include code access security and role-based security. Code-access security allows you to control what code can execute on a particular computer, as well as what that code can do. Role-based security allows you to control the actions that particular users can take.
In this chapter, you'll learn about many aspects of .NET security. You'll start with the mechanics of code access security, and then role-based security will be discussed. The latter includes both authentication (determining who is trying to run code) and authorization (determining what this user can do). Finally, you'll discover some guidelines on applying these tools to Web services, remoting applications, and Enterprise Services components .