11 out of 28 rated this helpful - Rate this topic

Security in the .NET Framework

.NET Framework 4.5

The common language runtime and the .NET Framework provide many useful classes and services that enable developers to easily write secure code and enable system administrators to customize the permissions granted to code so that it can access protected resources. In addition, the runtime and the .NET Framework provide useful classes and services that facilitate the use of cryptography and role-based security.

Important
Effective with the .NET Framework 4, there are major changes to the code access security system. Security policy is no longer applied to applications. All applications that can be run from the desktop are now executed as full-trust applications. This includes both applications on the computer and applications that can be run from a network share. Partially trusted applications must be run in a sandbox, which determines their grant set. The permission system continues to be used, but it is transcended by security transparency rules. For information about these changes, see Security Changes in the .NET Framework.

Important

Effective with the .NET Framework 4, there are major changes to the code access security system. Security policy is no longer applied to applications. All applications that can be run from the desktop are now executed as full-trust applications. This includes both applications on the computer and applications that can be run from a network share. Partially trusted applications must be run in a sandbox, which determines their grant set. The permission system continues to be used, but it is transcended by security transparency rules. For information about these changes, see Security Changes in the .NET Framework.

In This Section

Security Changes in the .NET Framework: Describes important changes to the .NET Framework security system.
Security How-to Topics: Lists links to How-to topics contained in this section.
Key Security Concepts: Provides an overview of common language runtime security features. This section is of interest to developers and system administrators.
Code Access Security: Describes how to interact with code access security in your code. This section is important to developers and can be of interest to system administrators.
Role-Based Security: Describes how to interact with role-based security in your code. This section is of interest to developers.
.NET Framework Cryptography Model: Provides an overview of cryptographic services provided by the .NET Framework. This section is of interest to developers.
Secure Coding Guidelines: Describes some of the best practices for creating reliable .NET Framework applications. This section is of interest to developers.
ACL Technology Overview: Describes the managed classes that enable you to programmatically create or modify discretionary access control lists (DACLs) and system access control lists (SACLs) for protected resources such as files and folders. This section is of interest to developers.
Windows Identity Foundation 4.5 Overview: Describes how you can implement claims-based identity in your applications.

Related Sections

Security Tools (.NET Framework): Describes command-line tools that help you perform security-related tasks, such as configuring security policy, managing certificates, and digitally signing files.
.NET Framework Development Guide: Provides a guide to all key technology areas and tasks for application development, including creating, configuring, debugging, securing, and deploying your application, and information about dynamic programming, interoperability, extensibility, memory management, and threading.

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)