.NET Security Model

Previous page
Table of content
Next page

The .NET security model is layered on top of the operating system's security model, and it can also interact with the security features of various server applications, such as SQL Server and Internet Information Services (IIS). Therefore, the security characteristics of a .NET application result from several factors, including how .NET security is configured, how the application components are programmed, as well as various security features that may be configured in Windows, [6] the network, [7] and other applications.

[6] Throughout this chapter, the underlying operating system is assumed to be Windows 2000 or Windows XP.

[7] For example, you can restrict access to your system from other IP addresses using IPSec (Internet Protocol Security).

Figure 7-1 shows how the .NET security model works on top of the Windows security subsystem. An administrator sets up user accounts and manages security policy on Windows using various Microsoft Management Console (MMC) snap-ins. An administrator is also responsible for managing .NET security configuration. Subsequently, when a user logs onto the operating system and then runs a .NET-managed application, the CLR authenticates the user and authorizes the actions of the program, and then passes those operations on to the security monitor of the operating system.

Figure 7-1. The .NET security model.

graphics/07fig01.gif

As an example of how .NET security can interact with the operating system, consider the fact that code always runs under some user identity. When you log on, you provide your username along with your password as proof that you are who you claim to be. Once your identity has been established, as a general rule, every action that you undertake when running any program is performed under your user identity. The result is that if an administrator has established an ACL (Access Control List) that denies you the right to read or write on a particular file, you will be unable to do so.

As we go through examples of securing objects in various ways throughout this chapter, it is important to recognize that regardless of what permissions may have been established using .NET security permissions, such a file may still be protected at the operating system level, which falls outside of the jurisdiction of the .NET platform.


Previous page
Table of content
Next page
.NET Security and Cryptography
.NET Security and Cryptography
ISBN: 013100851X
EAN: 2147483647
Year: 2003
Pages: 126
Authors: Peter Thorsteinson, G. Gnana Arun Ganesh
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Documenting Software Architectures: Views and Beyond
Data Structures and Algorithms in Java
GO! with Microsoft Office 2003 Brief (2nd Edition)
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy