Other Security Features


That about sums up the major security features in .NET. There are a few other interesting security-related features that I won't discuss in detail, but they deserve at least a passing mention.

User Authentication and My.User

The Visual Basic My.User object includes several authentication features that can help you design security-enabled code. One useful member is the Name property, which supplies the name of the current authenticated user. The IsInRole method tells you whether or not the active user is included in, say, the Administrators security group.

For Windows Forms applications, the members of My.User will typically refer to the logged-in Windows user. However, you can use other authentication systems that meet your special development needs. Options include using the Internet-based Microsoft Passport system, other third-party authentication systems, or your own custom-designed user management system.

The SecureString Class

It's amazing that with all of these advanced tools, programmers still spend much of their time building and parsing string data. Fortunately, .NET includes a plethora of useful string manipulation tools. Unfortunately, they aren't very secure. You may recall that .NET strings are immutable; once created, they are never changed. Eventually, they will be destroyed by the garbage collection process. But until then, they sit around in memory, just waiting for some hacker-designed code to peruse. Internally, string data is stored as plain text, so if someone can get to the memory, they can copy the content for nefarious purposes.

SecureString to the rescue! The System.Security.SecureString class lets you store strings and get them back, but internally, the content of the string is encrypted. If anyone obtained the internal content of the class, it would look like gibberish.




Start-to-Finish Visual Basic 2005. Learn Visual Basic 2005 as You Design and Develop a Complete Application
Start-to-Finish Visual Basic 2005: Learn Visual Basic 2005 as You Design and Develop a Complete Application
ISBN: 0321398009
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Tim Patrick

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net