Summary

In this chapter, we've covered how assemblies are matched to code groups, and how those code groups are assigned permissions by the security policy at the user , enterprise, and machine level, and we've seen how we can use tools to manage this policy. We've also seen how, for an assembly to execute, it must have the relevant permissions at the three policy levels, as well as the correct role-based permissions and the relevant Windows account permissions. We've also looked at the options available to us in distributing code using strong names and digital certificates.

Clearly, there are more security checks in place with .NET than we have seen before on Windows, and much of the security comes "for free" as we do not need to do much to make use of it at the basic level. However, when we do want to extend it we are provided with the classes and frameworks to do that.

Security is an ongoing challenge, and although Microsoft has not solved all the problems, the managed security environment provided by .NET is a significant step forwards as it provides a framework within which code is challenged before it executes. It's no coincidence that these developments are occurring at a time when Microsoft is moving towards distributing its products over the web, as a secure distribution method for that is essential.