Security Application Block


Security Application Block

patterns & practices Developer Center

Enterprise Library

patterns & practices Developer Center

Microsoft Corporation

May 2007


This page provides an overview of the Enterprise Library Security Application Block. An application block is reusable and extensible source code-based guidance that simplifies development of common security functionality in .NET Framework applications.


Introduction to the Security Application Block
Design of the Security Application Block
Getting Started
Feedback and Support
Related Titles

Introduction to the Security Application Block

The Microsoft Enterprise Library Security Application Block helps developers implement common authorization-related functionality in their applications. Applications can use the Security Application Block to support authorization and to cache a user's authorization and authentication data. Together with the Microsoft .NET Framework 2.0 features, developers can easily implement common security-related functionality. The Security Application Block has the following features:

  • It reduces the requirement to write boilerplate code to perform standard tasks.
  • It helps maintain consistent security practices, both within an application and across the enterprise.
  • It eases the learning curve for developers by using a consistent architectural model across the various areas of functionality provided.
  • It provides implementations that you can use to solve common application security problems
  • It is extensible; it supports custom implementations of security providers.

Common Scenarios

Developers frequently write applications that must authorize users using one or more security providers such as Microsoft Active Directory directory service, Authorization Manager, Active Directory Application Mode (ADAM), and custom authorization providers. These applications may also need to cache authentication or authorization data for the duration of a logon session.

The Security Application Block simplifies these tasks by handling them in a consistent manner, abstracting the application code from the specific security providers. You can even change underlying providers through configuration changes without changing the underlying application code.

The Security Application Block provides code that will help you with the following scenarios:

  • Authorization
  • Caching security-related credentials

Example Application Code

The following code shows how to determine if a user is authorized to perform a task.

IPrincipal principal = new GenericPrincipal(new GenericIdentity("Username"), new string[]{"Manager"}); 
IAuthorizationProvider ruleProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider"); 
// Determine whether user is authorized for the rule defined as "Print Document". 
bool authorized = ruleProvider.Authorize(principal, "Print Document"); 

[Visual Basic]
Dim principal As IPrincipal = New GenericPrincipal(New GenericIdentity("Username"), New String() {"Manager"}) 
Dim ruleProvider As IAuthorizationProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider") 
' Determine whether user is authorized for the rule defined as "Print Document". 
Dim authorized As Boolean = ruleProvider.Authorize(principal, "Print Document") 

Design of the Security Application Block

The application block is designed to achieve the following goals:

  • Provide a simple and intuitive interface to the commonly required authorization functionality.
  • Encapsulate the logic used to perform authorization and security-related caching.
  • Present a standard provider model for authorization and security-related caching.
  • Ensure that the application block is extensible.
  • Ensure that there is minimal or negligible performance impact compared to manually written security code that accomplishes the same functionality.
  • Incorporate best practices for application security, as described in Improving Web Application Security: Threats and Countermeasures

Design Highlights

The Security Application Block is designed to externalize the implementation of the authorization and caching provider from a running application. This design lets you change implementations without changing the code of the application. Figure 1 illustrates the interrelationship between the key classes in the Security Application Block.


Figure 1. Design of the Security Application Block

Getting Started

The Security Application Block has been developed as a result of analyzing common enterprise development challenges and successful solutions to these challenges. However, because each application is unique, you will not find this application block suitable for every application. To evaluate this application block and determine its applicability to your projects, Microsoft suggests you dedicate at least half of a day to explore the application block. The following is a suggested evaluation approach:

  1. Download Enterprise Library.
  2. Install Enterprise Library and compile all application blocks and tools.
  3. Read the "Introduction" and "Scenarios and Goals" sections of the documentation.
  4. Compile and run the QuickStart samples, and read through the related "QuickStart Walkthroughs" and "Key Scenarios" sections of the documentation.
  5. If the application block looks like a good fit for your application, try implementing a simple use case in your application or in a throw-away prototype application using the application block.


Enterprise Library, like many patterns & practices deliverables, is associated with a community site. On this community site, you can post questions, provide feedback, or connect with other users for sharing ideas. Community members can also help Microsoft plan and test future deliverables, and download additional content such as extensions and training material.

Feedback and Support

Questions? Comments? Suggestions? To provide feedback about this application block, or to get help with any problems, please visit the Enterprise Library Community site. The community site is the preferred feedback and support channel because it allows you to share your ideas, questions, and solutions with the entire community.

Enterprise Library is a guidance offering, designed to be reused, customized, and extended. It is not a Microsoft product. Code-based guidance is shipped "as is" and without warranties. Customers can obtain support through Microsoft Support Services for a fee, but the code is considered user-written by Microsoft support staff. For more information about our support policy, see the Enterprise Library home page.

Related Titles

Start | Previous | Next

patterns & practices Developer Center