In this chapter, you learned about the security features available on the .NET platform. We covered the following topics:
An introduction to security concepts
Security features provided by the CLR and .NET Framework, including the security-related namespaces and authentication mechanisms available in .NET
Security features provided at the operating system level
The three types of permissions (code access, identity, and role-based) and how to work with common permissions
Common named permission sets and how to work with permission sets
The three code security models provided by .NET: CLR role-based security, .NET code access security, and .NET Enterprise Services role-based security
Details about CLR role-based security, such as its use of Identity and Principal objects in determining whether the user running the application is a member of the specified role, ways to check role membership, and use of Windows groups as roles
Details about code access security—for example, that it grants permissions based on evidence provided by the code assembly and the code’s host, and the contents of security policies, which include code groups and permission lists
Details about .NET Enterprise Services role-based security
Cryptography, including when to use explicitly-coded encryption instead of SSL, and the steps required to implement symmetric encryption of an input plaintext string