In this chapter, you learned about some of the security features that you can apply to server-side and distributed applications.
The .NET Framework also includes two complete security systems configurable by administrators. Code access security controls the access of code to sensitive resources. Code can determine exactly which resources it requires or would like, and administrators can determine exactly which resources to make available. The Common Language Runtime checks to see whether the requested resources are available before it enables your code to run.
Role-based security allows you to make decisions in your code based on the user who is currently logged on. You can check for a particular username or for membership in a built-in or custom Windows group, and make decisions accordingly .
Security in ASP.NET revolves around authentication and authorization. You can choose from several authentication providers, including Windows, forms, and Passport authentication. After you've authenticated a user, you can authorize her access to resources.
Windows services, Web services, Remoting, and Enterprise Services each share in the overall .NET security framework, but they each have their own particular security issues. With Windows services, you need to consider carefully the account under which the service will run. With Web services, you must decide how much authentication you need and configure IIS to provide that authentication. With a Remoting server, you must balance the security and performance needs of your application in choosing a host process. With a serviced component, you may choose to use COM+ roles to manage all of your security.