Export (0) Print
Expand All

Design of the Security Application Block

The Security Application Block addresses the following areas:

  • Authorization
  • Security-related caching

The Security Application Block is designed to achieve the following goals:

  • Provide a simple and intuitive interface to the commonly required authorization functionality.
  • Encapsulate the logic used to perform authorization and security-related caching.
  • Present a standard provider model for authorization and security-related caching.
  • Ensure that the block is extensible.
  • Ensure that there is minimal or negligible performance impact compared to security code that access the .NET Framework classes directly to accomplish the same functionality.
  • Incorporate best practices for application security, as described in Improving Web Application Security: Threats and Countermeasures.

The Security Application Block is designed to externalize the implementation of the authorization and caching provider from a running application. This design lets you change implementations without changing the code of the application. The following schematic illustrates the interrelationship between the key classes in the Security Application Block.


© 2014 Microsoft